Timeline for Sending bash history to syslog
Current License: CC BY-SA 4.0
17 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 9 at 8:30 | answer | added | El Scotto | timeline score: 0 | |
| Mar 9, 2019 at 9:07 | history | edited | Rui F Ribeiro | CC BY-SA 4.0 |
deleted 26 characters in body
|
| Jul 20, 2018 at 4:46 | history | edited | αғsнιη | CC BY-SA 4.0 |
edited title
|
| Jul 19, 2018 at 23:29 | comment | added | Graham Nicholls | Let us continue this discussion in chat. | |
| Jul 19, 2018 at 23:23 | comment | added | Rui F Ribeiro | /var/tmp, and usually you have dash or even busybox besides bash... or perl...or ipython/python...or jump through a subshell on vi or use mc. There are a lot of ways to evade those kind of logging for an inquisitive and creative user. I am not saying it is not useful, it is | |
| Jul 19, 2018 at 23:11 | comment | added | Graham Nicholls | Yes you do, if home is mounted with -noexec, where are you going to create your binary? Is gcc installed - probably not, for precisely this reason? Users will usually be able to subvert these checks, but let's not make it easy. If they copy /bin/bash somewhere, which is mounted to allow executables, then that at least will be logged. | |
| Jul 19, 2018 at 22:55 | comment | added | Rui F Ribeiro | You do not need special privileges to copy/install/compile an alternate shell. | |
| Jul 19, 2018 at 22:53 | comment | added | Graham Nicholls | Assuming that another shell is installed and available. | |
| Jul 19, 2018 at 11:48 | history | tweeted | twitter.com/StackUnix/status/1019911884898820097 | ||
| Jul 19, 2018 at 5:28 | comment | added | Rui F Ribeiro | The no frills way to subvert both is using another shell- | |
| Jul 19, 2018 at 4:38 | comment | added | Graham Nicholls | Except that having read that page, I explicitly want to avoid the use of auditd and the bash hackery suggested there. Nothing wrong with hackery in general, but I'd like something a little harder to subvert. | |
| Jul 19, 2018 at 4:32 | comment | added | Rui F Ribeiro | see also unix.stackexchange.com/questions/422897/… | |
| Jul 19, 2018 at 1:00 | vote | accept | Graham Nicholls | ||
| Jul 18, 2018 at 23:41 | history | edited | Jeff Schaller♦ |
edited tags
|
|
| Jul 18, 2018 at 23:32 | answer | added | slm♦ | timeline score: 12 | |
| Jul 18, 2018 at 23:08 | history | edited | slm♦ | CC BY-SA 4.0 |
deleted 2 characters in body
|
| Jul 18, 2018 at 23:06 | history | asked | Graham Nicholls | CC BY-SA 4.0 |