Download own statically compiled bash, run it on top. You’d …

Tuesday, 19th March 2024

Comment on How to make sure your Linux system users won’t hide or delete their .bash_history / Securing .bash_history file – Protect Linux system users shell history by Rob Fortune.

Download own statically compiled bash, run it on top. You’d need to poll /proc/[0-9]+/exe say once every 10 seconds to stop this one and I wouldn’t have to use horrible csh 🙂

Also, you say chattr +a allows deletion, I don’t know what kernel you are running but under OpenSUSE’s version of 2.6.34.7 it doesn’t allow deletion and if it does in mainline (which I find a bit hard to believe) then you could easily patch it not to.

Thanks for the other commands though, not being a sysadmin anymore they’re not really relevant and I would only rely on process accounting to account for process activity, none-the-less, interesting read.

Rob Fortune Also Commented

How to make sure your Linux system users won’t hide or delete their .bash_history / Securing .bash_history file – Protect Linux system users shell history
Do you have python or perl installed? A quick REPL loop that executes system calls and you have a very lame bash with no history 🙂


How to make sure your Linux system users won’t hide or delete their .bash_history / Securing .bash_history file – Protect Linux system users shell history
You could of course patch bash to not have these options, but you were correct in saying “it won’t a 100% guaranttee that a good cracker won’t be able to come up with a way to get around the imposed .bash_history security measures.”

I’m far from a good cracker 🙂 I bet there are other ways around it too.


How to make sure your Linux system users won’t hide or delete their .bash_history / Securing .bash_history file – Protect Linux system users shell history
rob@bob:~/tmp/foo> exec env -i bash –noprofile –norc
bash-4.1$ unset HISTFILE


Share this on:

Comments are closed.