Add support for logging bash commands via syslog(). Useful for deploying in honeypot environments. http://bugs.gentoo.org/show_bug.cgi?id=91327 http://www.nardware.co.uk/Security/html/bashlogger.htm --- bashhist.c +++ bashhist.c @@ -705,7 +705,7 @@ { hist_last_line_added = 1; hist_last_line_pushed = 0; - add_history (line); + add_history (line, 1); history_lines_this_session++; } --- lib/readline/histexpand.c +++ lib/readline/histexpand.c @@ -1222,9 +1222,7 @@ if (only_printing) { -#if 0 - add_history (result); -#endif + add_history (result, 1); return (2); } --- lib/readline/histfile.c +++ lib/readline/histfile.c @@ -262,7 +262,7 @@ { if (HIST_TIMESTAMP_START(line_start) == 0) { - add_history (line_start); + add_history (line_start,0); if (last_ts) { add_history_time (last_ts); --- lib/readline/history.c +++ lib/readline/history.c @@ -31,6 +31,8 @@ #include +#include + #if defined (HAVE_STDLIB_H) # include #else @@ -246,10 +250,24 @@ /* Place STRING at the end of the history list. The data field is set to NULL. */ void -add_history (string) - const char *string; +add_history (string, logme) + const char *string; + int logme; /* 0 means no sending history to syslog */ { HIST_ENTRY *temp; + if (logme) { + if (strlen(string)<600) { + syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s", + getpid(), getuid(), string); + } + else { + char trunc[600]; + strncpy(trunc,string,sizeof(trunc)); + trunc[sizeof(trunc)-1]='\0'; + syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)", + getpid(), getuid(), trunc); + } + } if (history_stifled && (history_length == history_max_entries)) { --- lib/readline/history.h +++ lib/readline/history.h @@ -80,7 +80,7 @@ /* Place STRING at the end of the history list. The associated data field (if any) is set to NULL. */ -extern void add_history PARAMS((const char *)); +extern void add_history PARAMS((const char *, int )); /* Change the timestamp associated with the most recent history entry to STRING. */