[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] encrypt the bash history



Pretty much what the others said with the addition that if you can't trust
root, you simply cannot trust *any* command on that machine, including gpg,
since root can compromise them in many ways, too. Best bet is to download it
every session and clear it -- but be warned that even any method used to
clear it can have a trap that secretly backs it up, however unlikely.

Bottom line -- either trust root or don't use the machine. Those are your
options if you feel paranoid enough that you don't want root always watching
you.

It's worth pointing out, by the way, that there are ways of watching your
program executions without using your bash history, like auditd for example.
In fact, I was able to write a script to parse auditd logs out to do just
that in a really easy-to-read way -- "user (running as user2) ran
/usr/bin/ssh with args: ssh user@host ..."
On Feb 6, 2011 6:18 AM, "Emanuel dos Reis Rodrigues" <
emanueldosreis@xxxxxxxxx> wrote:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/