[plug] Community H at X0Rs

[Lee Sanders]

> Ok, who sent .bash_history --> /dev/null??

If you wished to prevent such a thing then you should hack bash such that
it syslogs as well.
The code below should do this...

In the bash-2.03 package of RH6.2 this mod will add history logging.
It is done in the lib/readline/history.c file, concerned with recording
commands rather than reading keystrokes, but the effect is almost the
same.  One thing this doesn't record is when someone repeats the last
command because that does not generate a new history record.

Just 2 things need to be added: an include of the syslog.h file
and a syslog(3) call with the new history entry.  I've split the
syslog(3) section into 2 to cater for long and short lines separately
because some syslog()s are/have been buggy.

     1	/* History.c -- standalone history library */
     2	
     3	/* Copyright (C) 1989, 1992 Free Software Foundation, Inc.

    32	#include <stdio.h>
+   33 #include <syslog.h>


   217	/* Place STRING at the end of the history list.  The data field 
   218	   is  set to NULL. */
   219	void
   220  add_history (string)
   221	     char *string;
   222	{
   223	  HIST_ENTRY *temp;
   224	
+  225	  if (strlen(string)<60) {
+  226        syslog(LOG_INFO, "BASH2 HISTORY: PID=%d %s", getpid(), string);
+  227	  } else {
+  228	      char trunc[60];
+  229	
+  230        strncpy(trunc,string,sizeof(trunc));
+  231        trunc[sizeof(trunc)-1]='\0';
+  232	       syslog(LOG_INFO, "BASH2 HISTORY: PID=%d %s(++TRUNC)",
+  233	                        getpid(), trunc);
+  234	  }
   235	
   236	  if (history_stifled && (history_length == max_input_history))
   237	      {
   238	      register int i;