lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Feb 2011 06:44:47 +0000
From: "Cal Leeming [Simplicity Media Ltd]"
	<cal.leeming@...plicitymedialtd.co.uk>
To: "Zach C." <fxchip@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: encrypt the bash history

This may/may not be relevant to your interests.

Me and a friend once stumbled across a lovely sys admin many years ago, that
patched bash to force it to log remotely (no I don't have the source).

Long story short, it got the desired effect that the sys admin was wanting
lol.

On Sun, Feb 6, 2011 at 9:17 PM, Zach C. <fxchip@...il.com> wrote:

> Pretty much what the others said with the addition that if you can't trust
> root, you simply cannot trust *any* command on that machine, including gpg,
> since root can compromise them in many ways, too. Best bet is to download it
> every session and clear it -- but be warned that even any method used to
> clear it can have a trap that secretly backs it up, however unlikely.
>
> Bottom line -- either trust root or don't use the machine. Those are your
> options if you feel paranoid enough that you don't want root always watching
> you.
>
> It's worth pointing out, by the way, that there are ways of watching your
> program executions without using your bash history, like auditd for example.
> In fact, I was able to write a script to parse auditd logs out to do just
> that in a really easy-to-read way -- "user (running as user2) ran
> /usr/bin/ssh with args: ssh user@...t ..."
> On Feb 6, 2011 6:18 AM, "Emanuel dos Reis Rodrigues" <
> emanueldosreis@...il.com> wrote:
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists