[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] encrypt the bash history



>
> Nice tip, but this solution doesn't work for me. I don't wanna avoid
> logging commands nor delete the bash history nor hide the commands. I
> wanna "encrypt" the file. I don't wanna miss commands which I executed.
>
> Another solution may be copy and move the history file from the server
> to the client, saving the bash_history on client side. But ... this will
> not work if I connect using client as putty.

Why not use the GPG solution but instead of leaving your key open, you
require a password (encrypted key)?  This way, if root does a su - user
it will need the 'password' to open your key to decrypt the file.

Integrating that with PAM seems very easy so when you type the password
to login, the same password is used to call the GPG and open your
key...  If the root changes the password and then logs with this new
password, it will not work in your encrypted key.


Best Regards,


Rodrigo (BSDaemon).

>
>
> thanks for the asnwer,
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/