Wednesday, April 24, 2013

bash patch ubuntu 12

i'm listening to washed out as i do this. nice.
root@happybox:~# apt-cache policy bash
bash:
  Installed: 4.2-2ubuntu2
  Candidate: 4.2-2ubuntu2
  Version table:
 *** 4.2-2ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

root@happybox:~# apt-get source bash

Reading package lists... Done
Building dependency tree       
Reading state information... Done
NOTICE: 'bash' packaging is maintained in the 'Bzr' version control system at:
http://bazaar.launchpad.net/~doko/+junk/pkg-bash-debian
Please use:
bzr branch http://bazaar.launchpad.net/~doko/+junk/pkg-bash-debian
to retrieve the latest (possibly unreleased) updates to the package.
Skipping already downloaded file 'bash_4.2-2ubuntu2.dsc'
Skipping already downloaded file 'bash_4.2.orig.tar.gz'
Skipping already downloaded file 'bash_4.2-2ubuntu2.diff.gz'
Need to get 0 B of source archives.
gpgv: Signature made Tue 03 Apr 2012 11:46:28 AM EDT using DSA key ID 0F932C9C
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./bash_4.2-2ubuntu2.dsc
dpkg-source: info: extracting bash in bash-4.2
dpkg-source: info: unpacking bash_4.2.orig.tar.gz
dpkg-source: info: applying bash_4.2-2ubuntu2.diff.gz
root@happybox:~# cd /usr/local/src/
root@happybox:/usr/local/src# ls
root@happybox:/usr/local/src# cd

root@happybox:~# ls
bash-4.2  bash_4.2-2ubuntu2.diff.gz  bash_4.2-2ubuntu2.dsc  bash_4.2.orig.tar.gz

root@happybox:~# cd bash-4.2/

root@happybox:/usr/local/src/bash-4.2# ls
bash-4.2.tar.xz  debian

root@happybox:/usr/local/src/bash-4.2# tar xf bash-4.2.tar.xz 

root@happybox:/usr/local/src/bash-4.2# cd bash-4.2

in the source directory look for:

config-top.h

grep for #define SYSLOG_HISTORY . Uncomment it.


/* Define if you want each line saved to the history list in bashhist.c:
bash_add_history() to be sent to syslog(). */
/* #define SYSLOG_HISTORY */
#if defined (SYSLOG_HISTORY)
#  define SYSLOG_FACILITY LOG_USER
#  define SYSLOG_LEVEL LOG_INFO
#endif


#define SYSLOG_HISTORY

then...


a nice diff

diff -uNr ./bashhist.c ../bash-4.2-patched/bashhist.c
--- ./bashhist.c        2010-08-14 04:09:08.000000000 +0300
+++ ../bash-4.2-patched/bashhist.c      2013-01-18 00:00:00.000000000 +0500
@@ -40,6 +40,8 @@
 
 #if defined (SYSLOG_HISTORY)
 #  include 
+#  include 
+#  include 
 #endif
 
 #include "shell.h"
@@ -707,16 +709,34 @@
      const char *line;
 {
   char trunc[SYSLOG_MAXLEN];
+  struct passwd *pwd;
+
+/* has the user has run sudo. use orig name
+ *    will be in SUDO_USER variable. */
+  const char *sudo_user = getenv("SUDO_USER");
+    if (sudo_user == NULL) { /* No he's not running sudo. Let's find out
+                                who he is */
+        if ((pwd = getpwuid(getuid())) != NULL)
+                sudo_user = pwd->pw_name;
+        else /* We couldn't find his username by asking passwd. We'll have
+                to trust LOGNAME */
+                sudo_user = getenv("LOGNAME");
+    }
 
   if (strlen(line) < SYSLOG_MAXLEN)
-    syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", getpid(), current_user.uid, line);
+    syslog (SYSLOG_FACILITY|SYSLOG_LEVEL,
+        "HISTORY: PID=%d user %s as %s(%d) run: %s",
+        getpid(), sudo_user, current_user.user_name, current_user.uid, line);
   else
     {
       strncpy (trunc, line, SYSLOG_MAXLEN);
       trunc[SYSLOG_MAXLEN - 1] = '\0';
-      syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d UID=%d %s", getpid(), current_user.uid, trunc);
+      syslog (SYSLOG_FACILITY|SYSLOG_LEVEL,
+        "HISTORY (TRUNCATED): PID=%d user %s as %s(%d) run: %s",
+        getpid(), sudo_user, current_user.user_name, current_user.uid, trunc);
     }
 }

 #endif
      
 /* Add a line to the history list.
diff -uNr ./config-top.h ../bash-4.2-patched/config-top.h
--- ./config-top.h      2009-12-22 22:29:39.000000000 +0200
+++ ../bash-4.2-patched/config-top.h    2012-02-15 15:40:06.000000000 +0200
@@ -101,9 +101,9 @@
 
 /* Define if you want each line saved to the history list in bashhist.c:
    bash_add_history() to be sent to syslog(). */
-/* #define SYSLOG_HISTORY */
+#define SYSLOG_HISTORY
 #if defined (SYSLOG_HISTORY)
-#  define SYSLOG_FACILITY LOG_USER
+#  define SYSLOG_FACILITY LOG_LOCAL5
 #  define SYSLOG_LEVEL LOG_INFO
 #endif


root@happybox:/usr/local/src/bash-4.2/bash-4.2# ./configure —-prefix=/usr/local/bash41 ; make ; make install

Done.

in /etc/rsyslog:

/etc/rsyslog.d/50-default.conf

add:
auth,authpriv.*;local5.*;*.*        @syslogserver

root@happybox:~# cd /bin
root@happybox:~# cp bash bash.orig ; rm bash ; cp /usr/local/bash41/bin/bash .
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)