Add support for logging in the shell #91327 by Kevin Landreth.

Package-Manager: portage-2.0.51.21
author: Mike Frysinger <vapier@gentoo.org> 2005-05-04 05:28:44 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2005-05-04 05:28:44 +0000
commit: 26e513f4f7e611962bfbb67769f1d7f82bd17d33 (patch)
tree: 3be24567e9696803bb83417c6a465631377ed710 /app-shells
parent: add ~ia64 (diff)
download: historical-26e513f4f7e611962bfbb67769f1d7f82bd17d33.tar.gz
historical-26e513f4f7e611962bfbb67769f1d7f82bd17d33.tar.bz2
historical-26e513f4f7e611962bfbb67769f1d7f82bd17d33.zip
4 files changed, 109 insertions, 5 deletions
diff --git a/app-shells/bash/ChangeLog b/app-shells/bash/ChangeLog
index c4b917392a66..95c8d8ce700f 100644
--- a/app-shells/bash/ChangeLog
+++ b/app-shells/bash/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for app-shells/bash
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/ChangeLog,v 1.63 2005/04/30 07:00:26 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/ChangeLog,v 1.64 2005/05/04 05:28:44 vapier Exp $
+
+  04 May 2005; Mike Frysinger <vapier@gentoo.org>
+  +files/bash-3.0-bash-logger.patch, bash-3.0-r11.ebuild:
+  Add support for logging in the shell #91327 by Kevin Landreth.
 
   30 Apr 2005; Mike Frysinger <vapier@gentoo.org>
   +files/bash-3.0-trap-fg-signals.patch, bash-3.0-r11.ebuild:
diff --git a/app-shells/bash/Manifest b/app-shells/bash/Manifest
index 6033e2d764e3..c5b774246985 100644
--- a/app-shells/bash/Manifest
+++ b/app-shells/bash/Manifest
@@ -1,11 +1,11 @@
-MD5 33e12920d38ff1a6bb1ebec5f1b7bf89 ChangeLog 13536
+MD5 3c897ed75a929b7dee7b6fbb2ff633a1 ChangeLog 13710
 MD5 1c3d1b503b35b4719b1435d83b12a73e bash-2.05b-r11.ebuild 3742
 MD5 a4df32e089db48d7c99fd6be36368475 bash-2.05b-r9.ebuild 3516
 MD5 7f7feb247c305544c899366672599232 bash-3.0-r7.ebuild 4060
 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
 MD5 ded385d3c69da943b2f408c18b4c6c21 bash-3.0-r8.ebuild 3949
 MD5 761160a21f9a69be631b044d0be387e5 bash-3.0-r9.ebuild 4267
-MD5 0b79b103efa80da9e41c91b93637c9ef bash-3.0-r11.ebuild 4767
+MD5 18c3f431afa54bf45d223dcdfb7e0d73 bash-3.0-r11.ebuild 5083
 MD5 edf95b873162f4548435c379e4998b4e files/bash-2.05b-empty-herestring.patch 836
 MD5 90ba92c981c1d26e45d88ecd23a1fbf5 files/bash-2.05b-multibyte-locale.patch 1897
 MD5 3b905c7c9341c9009bd68f14c047815e files/bash-2.05b-rbash.patch 804
@@ -40,3 +40,4 @@ MD5 13a88fae79fed8f76999ec8fdca2f085 files/digest-bash-3.0-r9 976
 MD5 b3df3a162a43845cf9f107de9ea6ac27 files/dot-bashrc 1306
 MD5 0387efe97e963a932d870b8f61c5b864 files/dot-bash_logout 240
 MD5 b86b65863c2ae21b59d8201c2a3a9e91 files/bash-3.0-trap-fg-signals.patch 641
+MD5 b802ce25d76787d8c9b4484ca66b17be files/bash-3.0-bash-logger.patch 2197
diff --git a/app-shells/bash/bash-3.0-r11.ebuild b/app-shells/bash/bash-3.0-r11.ebuild
index 9f2fae21f7db..9559716a7dcd 100644
--- a/app-shells/bash/bash-3.0-r11.ebuild
+++ b/app-shells/bash/bash-3.0-r11.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/bash-3.0-r11.ebuild,v 1.5 2005/05/03 02:53:27 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-shells/bash/bash-3.0-r11.ebuild,v 1.6 2005/05/04 05:28:44 vapier Exp $
 
 inherit eutils flag-o-matic toolchain-funcs
 
@@ -24,7 +24,7 @@ SRC_URI="mirror://gnu/bash/${P}.tar.gz
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="nls build"
+IUSE="nls build bashlogger"
 
 # we link statically with ncurses
 DEPEND=">=sys-libs/ncurses-5.2-r2"
@@ -57,6 +57,15 @@ src_unpack() {
 	epatch "${FILESDIR}"/${P}-read-builtin-pipe.patch
 	# Don't barf on handled signals in scripts
 	epatch "${FILESDIR}"/${P}-trap-fg-signals.patch
+	# Log bash commands to syslog #91327
+	if use bashlogger ; then
+		echo
+		ewarn "The logging patch should ONLY be used in restricted (i.e. honeypot) envs."
+		ewarn "This will log ALL output you enter into the shell, you have been warned."
+		ebeep
+		epause
+		epatch "${FILESDIR}"/${P}-bash-logger.patch
+	fi
 
 	# Enable SSH_SOURCE_BASHRC (#24762)
 	echo '#define SSH_SOURCE_BASHRC' >> config-top.h
diff --git a/app-shells/bash/files/bash-3.0-bash-logger.patch b/app-shells/bash/files/bash-3.0-bash-logger.patch
new file mode 100644
index 000000000000..faa825191699
--- /dev/null
+++ b/app-shells/bash/files/bash-3.0-bash-logger.patch
@@ -0,0 +1,90 @@
+Add support for logging bash commands via syslog().
+Useful for deploying in honeypot environments.
+
+http://bugs.gentoo.org/show_bug.cgi?id=91327
+http://www.nardware.co.uk/Security/html/bashlogger.htm
+
+--- bashhist.c
++++ bashhist.c
+@@ -698,7 +698,7 @@
+      char *line;
+ {
+   hist_last_line_added = 1;
+-  add_history (line);
++  add_history (line, 1);
+   history_lines_this_session++;
+ }
+ 
+--- lib/readline/histexpand.c
++++ lib/readline/histexpand.c
+@@ -1220,9 +1220,7 @@
+ 
+   if (only_printing)
+     {
+-#if 0
+-      add_history (result);
+-#endif
++      add_history (result, 1);
+       return (2);
+     }
+ 
+--- lib/readline/histfile.c
++++ lib/readline/histfile.c
+@@ -262,7 +262,7 @@
+ 	  {
+ 	    if (HIST_TIMESTAMP_START(line_start) == 0)
+ 	      {
+-		add_history (line_start);
++		add_history (line_start,0);
+ 		if (last_ts)
+ 		  {
+ 		    add_history_time (last_ts);
+--- lib/readline/history.c
++++ lib/readline/history.c
+@@ -31,6 +31,8 @@
+ 
+ #include <stdio.h>
+ 
++#include <syslog.h>
++
+ #if defined (HAVE_STDLIB_H)
+ #  include <stdlib.h>
+ #else
+@@ -246,10 +250,24 @@
+ /* Place STRING at the end of the history list.  The data field
+    is  set to NULL. */
+ void
+-add_history (string)
+-     const char *string;
++add_history (string, logme)
++     const char *string;
++     int logme; /* 0 means no sending history to syslog */
+ {
+   HIST_ENTRY *temp;
++  if (logme) {
++    if (strlen(string)<600) {
++      syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s",
++        getpid(), getuid(), string);
++    }
++    else {
++      char trunc[600];
++      strncpy(trunc,string,sizeof(trunc));
++      trunc[sizeof(trunc)-1]='\0';
++      syslog(LOG_LOCAL5, LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
++          getpid(), getuid(), trunc);
++    }
++  }
+ 
+   if (history_stifled && (history_length == history_max_entries))
+     {
+--- lib/readline/history.h
++++ lib/readline/history.h
+@@ -80,7 +80,7 @@
+ 
+ /* Place STRING at the end of the history list.
+    The associated data field (if any) is set to NULL. */
+-extern void add_history PARAMS((const char *));
++extern void add_history PARAMS((const char *, int ));
+ 
+ /* Change the timestamp associated with the most recent history entry to
+    STRING. */
author	Mike Frysinger <vapier@gentoo.org>	2005-05-04 05:28:44 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2005-05-04 05:28:44 +0000
commit	26e513f4f7e611962bfbb67769f1d7f82bd17d33 (patch)
tree	3be24567e9696803bb83417c6a465631377ed710 /app-shells
parent	add ~ia64 (diff)
download	historical-26e513f4f7e611962bfbb67769f1d7f82bd17d33.tar.gz historical-26e513f4f7e611962bfbb67769f1d7f82bd17d33.tar.bz2 historical-26e513f4f7e611962bfbb67769f1d7f82bd17d33.zip