Re: bash_history
From: Michael Gale (michael.gale_at_bluesuperman.com)
Date: 04/09/05
- Previous message: Mark Lewis: "RE: IPSec vs. IPSec/L2TP"
- In reply to: Alejandro Flores: "bash_history"
- Next in thread: Daniel Cid: "Re: bash_history"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 08 Apr 2005 19:48:34 -0600 To: Alejandro Flores <alejandro.flores@triforsec.com.br>, security-basics@securityfocus.com
Hello,
You could change the permissions on the "export" command so only root
can run it.
Michael.
Alejandro Flores wrote:
> Hey there,
>
> I was googling about a way to protect the bash_history file from user
> removal or UNSET the HISTFILE variable and all I found was papers about
> disabling this file for security reasons. Weird! Why it's recommended to
> disable this file, when it contains the history of typed commands from
> all users? Ok, ok, you can tell me that users may have typed passwords
> in a bash session to gain access to a mysql database for example.
> But, if you need to do some forensics in your compromised server, this
> file is the first place to know what the 'malicious dude' did to gain
> root privileges, the server where he downloaded his craps, etc...
> I started 'chown'ing the .bash_profile and .bashrc files to root, and
> removed the 'wx' from group and others. The user has only read
> permission.
> But I can't prevent him from changing the HISTFILE variable. Like:
> export HISTFILE=/dev/null
> With this command, all my steps from now aren't recorded.
>
> Ideas?
>
> Regards,
> Alejandro Flores
>
>
> ---------------------------------------------------------------------------
> Earn your MS in Information Security ONLINE
> Organizations worldwide are in need of highly qualified information security
> professionals. Norwich University is fulfilling this demand with its MS in
> Information Security offered online. Recognized by the NSA as an
> academically excellent program, NU offers you the opportunity to earn your
> degree without disrupting your home or work life.
>
> http://www.msia.norwich.edu/secfocus_en
> ----------------------------------------------------------------------------
>
---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.
http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
- Previous message: Mark Lewis: "RE: IPSec vs. IPSec/L2TP"
- In reply to: Alejandro Flores: "bash_history"
- Next in thread: Daniel Cid: "Re: bash_history"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
