From 26e513f4f7e611962bfbb67769f1d7f82bd17d33 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Wed, 4 May 2005 05:28:44 +0000 Subject: Add support for logging in the shell #91327 by Kevin Landreth. Package-Manager: portage-2.0.51.21 --- app-shells/bash/ChangeLog | 6 +- app-shells/bash/Manifest | 5 +- app-shells/bash/bash-3.0-r11.ebuild | 13 +++- app-shells/bash/files/bash-3.0-bash-logger.patch | 90 ++++++++++++++++++++++++ 4 files changed, 109 insertions(+), 5 deletions(-) create mode 100644 app-shells/bash/files/bash-3.0-bash-logger.patch (limited to 'app-shells') diff --git a/app-shells/bash/ChangeLog b/app-shells/bash/ChangeLog index c4b917392a66..95c8d8ce700f 100644 --- a/app-shells/bash/ChangeLog +++ b/app-shells/bash/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for app-shells/bash # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/ChangeLog,v 1.63 2005/04/30 07:00:26 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/ChangeLog,v 1.64 2005/05/04 05:28:44 vapier Exp $ + + 04 May 2005; Mike Frysinger + +files/bash-3.0-bash-logger.patch, bash-3.0-r11.ebuild: + Add support for logging in the shell #91327 by Kevin Landreth. 30 Apr 2005; Mike Frysinger +files/bash-3.0-trap-fg-signals.patch, bash-3.0-r11.ebuild: diff --git a/app-shells/bash/Manifest b/app-shells/bash/Manifest index 6033e2d764e3..c5b774246985 100644 --- a/app-shells/bash/Manifest +++ b/app-shells/bash/Manifest @@ -1,11 +1,11 @@ -MD5 33e12920d38ff1a6bb1ebec5f1b7bf89 ChangeLog 13536 +MD5 3c897ed75a929b7dee7b6fbb2ff633a1 ChangeLog 13710 MD5 1c3d1b503b35b4719b1435d83b12a73e bash-2.05b-r11.ebuild 3742 MD5 a4df32e089db48d7c99fd6be36368475 bash-2.05b-r9.ebuild 3516 MD5 7f7feb247c305544c899366672599232 bash-3.0-r7.ebuild 4060 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 MD5 ded385d3c69da943b2f408c18b4c6c21 bash-3.0-r8.ebuild 3949 MD5 761160a21f9a69be631b044d0be387e5 bash-3.0-r9.ebuild 4267 -MD5 0b79b103efa80da9e41c91b93637c9ef bash-3.0-r11.ebuild 4767 +MD5 18c3f431afa54bf45d223dcdfb7e0d73 bash-3.0-r11.ebuild 5083 MD5 edf95b873162f4548435c379e4998b4e files/bash-2.05b-empty-herestring.patch 836 MD5 90ba92c981c1d26e45d88ecd23a1fbf5 files/bash-2.05b-multibyte-locale.patch 1897 MD5 3b905c7c9341c9009bd68f14c047815e files/bash-2.05b-rbash.patch 804 @@ -40,3 +40,4 @@ MD5 13a88fae79fed8f76999ec8fdca2f085 files/digest-bash-3.0-r9 976 MD5 b3df3a162a43845cf9f107de9ea6ac27 files/dot-bashrc 1306 MD5 0387efe97e963a932d870b8f61c5b864 files/dot-bash_logout 240 MD5 b86b65863c2ae21b59d8201c2a3a9e91 files/bash-3.0-trap-fg-signals.patch 641 +MD5 b802ce25d76787d8c9b4484ca66b17be files/bash-3.0-bash-logger.patch 2197 diff --git a/app-shells/bash/bash-3.0-r11.ebuild b/app-shells/bash/bash-3.0-r11.ebuild index 9f2fae21f7db..9559716a7dcd 100644 --- a/app-shells/bash/bash-3.0-r11.ebuild +++ b/app-shells/bash/bash-3.0-r11.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/bash-3.0-r11.ebuild,v 1.5 2005/05/03 02:53:27 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/bash-3.0-r11.ebuild,v 1.6 2005/05/04 05:28:44 vapier Exp $ inherit eutils flag-o-matic toolchain-funcs @@ -24,7 +24,7 @@ SRC_URI="mirror://gnu/bash/${P}.tar.gz LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="nls build" +IUSE="nls build bashlogger" # we link statically with ncurses DEPEND=">=sys-libs/ncurses-5.2-r2" @@ -57,6 +57,15 @@ src_unpack() { epatch "${FILESDIR}"/${P}-read-builtin-pipe.patch # Don't barf on handled signals in scripts epatch "${FILESDIR}"/${P}-trap-fg-signals.patch + # Log bash commands to syslog #91327 + if use bashlogger ; then + echo + ewarn "The logging patch should ONLY be used in restricted (i.e. honeypot) envs." + ewarn "This will log ALL output you enter into the shell, you have been warned." + ebeep + epause + epatch "${FILESDIR}"/${P}-bash-logger.patch + fi # Enable SSH_SOURCE_BASHRC (#24762) echo '#define SSH_SOURCE_BASHRC' >> config-top.h diff --git a/app-shells/bash/files/bash-3.0-bash-logger.patch b/app-shells/bash/files/bash-3.0-bash-logger.patch new file mode 100644 index 000000000000..faa825191699 --- /dev/null +++ b/app-shells/bash/files/bash-3.0-bash-logger.patch @@ -0,0 +1,90 @@ +Add support for logging bash commands via syslog(). +Useful for deploying in honeypot environments. + +http://bugs.gentoo.org/show_bug.cgi?id=91327 +http://www.nardware.co.uk/Security/html/bashlogger.htm + +--- bashhist.c ++++ bashhist.c +@@ -698,7 +698,7 @@ + char *line; + { + hist_last_line_added = 1; +- add_history (line); ++ add_history (line, 1); + history_lines_this_session++; + } + +--- lib/readline/histexpand.c ++++ lib/readline/histexpand.c +@@ -1220,9 +1220,7 @@ + + if (only_printing) + { +-#if 0 +- add_history (result); +-#endif ++ add_history (result, 1); + return (2); + } + +--- lib/readline/histfile.c ++++ lib/readline/histfile.c +@@ -262,7 +262,7 @@ + { + if (HIST_TIMESTAMP_START(line_start) == 0) + { +- add_history (line_start); ++ add_history (line_start,0); + if (last_ts) + { + add_history_time (last_ts); +--- lib/readline/history.c ++++ lib/readline/history.c +@@ -31,6 +31,8 @@ + + #include + ++#include ++ + #if defined (HAVE_STDLIB_H) + # include + #else +@@ -246,10 +250,24 @@ + /* Place STRING at the end of the history list. The data field + is set to NULL. */ + void +-add_history (string) +- const char *string; ++add_history (string, logme) ++ const char *string; ++ int logme; /* 0 means no sending history to syslog */ + { + HIST_ENTRY *temp; ++ if (logme) { ++ if (strlen(string)<600) { ++ syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s", ++ getpid(), getuid(), string); ++ } ++ else { ++ char trunc[600]; ++ strncpy(trunc,string,sizeof(trunc)); ++ trunc[sizeof(trunc)-1]='\0'; ++ syslog(LOG_LOCAL5, LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)", ++ getpid(), getuid(), trunc); ++ } ++ } + + if (history_stifled && (history_length == history_max_entries)) + { +--- lib/readline/history.h ++++ lib/readline/history.h +@@ -80,7 +80,7 @@ + + /* Place STRING at the end of the history list. + The associated data field (if any) is set to NULL. */ +-extern void add_history PARAMS((const char *)); ++extern void add_history PARAMS((const char *, int )); + + /* Change the timestamp associated with the most recent history entry to + STRING. */ -- cgit v1.2.3-65-gdbad