| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 06 Feb 2011 11:34:16 -0200 From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo@...nelhacking.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: encrypt the bash history > > Nice tip, but this solution doesn't work for me. I don't wanna avoid > logging commands nor delete the bash history nor hide the commands. I > wanna "encrypt" the file. I don't wanna miss commands which I executed. > > Another solution may be copy and move the history file from the server > to the client, saving the bash_history on client side. But ... this will > not work if I connect using client as putty. Why not use the GPG solution but instead of leaving your key open, you require a password (encrypted key)? This way, if root does a su - user it will need the 'password' to open your key to decrypt the file. Integrating that with PAM seems very easy so when you type the password to login, the same password is used to call the GPG and open your key... If the root changes the password and then logs with this new password, it will not work in your encrypted key. Best Regards, Rodrigo (BSDaemon). > > > thanks for the asnwer, > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists