Add support for logging bash commands via syslog(). Useful for deploying in honeypot environments. http://bugs.gentoo.org/91327 http://www.nardware.co.uk/Security/html/bashlogger.htm --- bashhist.c +++ bashhist.c @@ -705,7 +705,7 @@ { hist_last_line_added = 1; hist_last_line_pushed = 0; - add_history (line); + add_history (line, 1); history_lines_this_session++; } --- lib/readline/histexpand.c +++ lib/readline/histexpand.c @@ -1222,9 +1222,7 @@ if (only_printing) { -#if 0 - add_history (result); -#endif + add_history (result, 1); return (2); } --- lib/readline/histfile.c +++ lib/readline/histfile.c @@ -262,7 +262,7 @@ { if (HIST_TIMESTAMP_START(line_start) == 0) { - add_history (line_start); + add_history (line_start, 0); if (last_ts) { add_history_time (last_ts); --- lib/readline/history.c +++ lib/readline/history.c @@ -31,6 +31,8 @@ #include +#include + #if defined (HAVE_STDLIB_H) # include #else @@ -246,10 +250,23 @@ /* Place STRING at the end of the history list. The data field is set to NULL. */ void -add_history (string) - const char *string; +add_history (string, logme) + const char *string; + int logme; /* 0 means no sending history to syslog */ { HIST_ENTRY *temp; + if (logme) { + char trunc[600]; /* arbitrary max size of 600 bytes */ + if (strlen(string) < sizeof(trunc)) { + syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s", + getpid(), getuid(), string); + } else { + memcpy(trunc, string, sizeof(trunc)); + trunc[sizeof(trunc) - 1] = '\0'; + syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)", + getpid(), getuid(), trunc); + } + } if (history_stifled && (history_length == history_max_entries)) { --- lib/readline/history.h +++ lib/readline/history.h @@ -80,7 +80,7 @@ /* Place STRING at the end of the history list. The associated data field (if any) is set to NULL. */ -extern void add_history PARAMS((const char *)); +extern void add_history PARAMS((const char *, int )); /* Change the timestamp associated with the most recent history entry to STRING. */