Path: csiph.com!xmission!news.glorb.com!usenet.stanford.edu!not-for-mail From: Ondrej Oprala Newsgroups: gnu.bash.bug Subject: Re: Feature Request re: syslog and bashhist Date: Thu, 3 Sep 2015 08:43:11 +0200 Lines: 187 Approved: bug-bash@gnu.org Message-ID: References: <55C78FC8.1050609@gmail.com> <55C9073C.3030203@case.edu> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------000100020805010605060802" X-Trace: usenet.stanford.edu 1441262604 2649 208.118.235.17 (3 Sep 2015 06:43:24 GMT) X-Complaints-To: action@cs.stanford.edu To: chet.ramey@case.edu, aixtools , bug-bash@gnu.org Envelope-to: bug-bash@gnu.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 In-Reply-To: <55C9073C.3030203@case.edu> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.bash.bug:11474 This is a multi-part message in MIME format. --------------000100020805010605060802 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 10.08.2015 22:19, Chet Ramey wrote: > On 8/9/15 1:37 PM, aixtools wrote: >> Hi, >> >> Via google I came across the define named >> >> config-top.h:/* #define SYSLOG_HISTORY */ >> >> Changing it (manually) to >> config-top.h:#define SYSLOG_HISTORY >> >> Adds syslog statements such as: >> Aug 9 16:52:55 x064 user:info syslog: HISTORY: PID=262242 UID=0 ls -ltr >> >> Request #1 >> Add a ./configure variable, e.g., --with-syslog_history > I will think about this, but I am inclined not to do it. It's easy enough > to enable for those few user who want to do so. > >> Request #2 >> >> At the request of a bash user on AIX I made the following change to make >> the syslog output "standardized" to AIX format for many applications so >> that the output looks like this: >> >> Aug 9 17:30:12 x064 user:info syslog: bash[454682]: UID=0: ls -ltr > The better way to do this is to use openlog(). I will add the necessary > pieces to call openlog with the shell name as the identifier and LOG_PID > as the default value for the log options. > > Chet We have recently had a customer request for this, and Steve Grubb corrected the original patch for auditing. IIRC, aureport-2.4.2 should be able to handle the USER_TTY events now. With his permission, I'm attaching the new patch. Thanks Ondrej --------------000100020805010605060802 Content-Type: text/x-patch; name="bash-4.3-audit2.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="bash-4.3-audit2.patch" diff -urp bash-4.3.orig/lib/readline/readline.c bash-4.3/lib/readline/readline.c --- bash-4.3.orig/lib/readline/readline.c 2015-04-08 12:06:23.079210184 -0400 +++ bash-4.3/lib/readline/readline.c 2015-04-08 14:20:13.254638488 -0400 @@ -57,6 +57,7 @@ extern int errno; #if defined (HAVE_DECL_AUDIT_USER_TTY) # include +# include # include # include #endif @@ -340,38 +341,31 @@ rl_set_prompt (prompt) static void audit_tty (char *string) { + struct audit_message req; struct sockaddr_nl addr; - struct msghdr msg; - struct nlmsghdr nlm; - struct iovec iov[2]; size_t size; int fd; size = strlen (string) + 1; - fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT); + fd = socket (PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); if (fd < 0) return; - nlm.nlmsg_len = NLMSG_LENGTH (size); - nlm.nlmsg_type = AUDIT_USER_TTY; - nlm.nlmsg_flags = NLM_F_REQUEST; - nlm.nlmsg_seq = 0; - nlm.nlmsg_pid = 0; - iov[0].iov_base = &nlm; - iov[0].iov_len = sizeof (nlm); - iov[1].iov_base = string; - iov[1].iov_len = size; + if (NLMSG_SPACE(size) > MAX_AUDIT_MESSAGE_LENGTH) + return; + + memset(&req, 0, sizeof(req)); + req.nlh.nlmsg_len = NLMSG_SPACE(size); + req.nlh.nlmsg_type = AUDIT_USER_TTY; + req.nlh.nlmsg_flags = NLM_F_REQUEST; + req.nlh.nlmsg_seq = 0; + if (size && string) + memcpy(NLMSG_DATA(&req.nlh), string, size); + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - addr.nl_pad = 0; addr.nl_pid = 0; addr.nl_groups = 0; - msg.msg_name = &addr; - msg.msg_namelen = sizeof (addr); - msg.msg_iov = iov; - msg.msg_iovlen = 2; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - (void)sendmsg (fd, &msg, 0); + + sendto(fd, &req, req.nlh.nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); close (fd); } #endif @@ -426,9 +420,9 @@ readline (prompt) RL_SETSTATE (RL_STATE_CALLBACK); #endif -#if HAVE_DECL_AUDIT_TTY && defined (ENABLE_TTY_AUDIT_SUPPORT) +#if HAVE_DECL_AUDIT_USER_TTY && defined (ENABLE_TTY_AUDIT_SUPPORT) if (value) - _rl_audit_tty (value); + audit_tty (value); #endif return (value); diff -urp bash-4.3.orig/lib/readline/util.c bash-4.3/lib/readline/util.c --- bash-4.3.orig/lib/readline/util.c 2013-09-02 13:36:12.000000000 -0400 +++ bash-4.3/lib/readline/util.c 2015-04-08 14:18:21.165632509 -0400 @@ -539,53 +539,3 @@ _rl_settracefp (fp) } #endif - -#if HAVE_DECL_AUDIT_USER_TTY && defined (ENABLE_TTY_AUDIT_SUPPORT) -#include -#include -#include - -/* Report STRING to the audit system. */ -void -_rl_audit_tty (string) - char *string; -{ - struct sockaddr_nl addr; - struct msghdr msg; - struct nlmsghdr nlm; - struct iovec iov[2]; - size_t size; - int fd; - - fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT); - if (fd < 0) - return; - size = strlen (string) + 1; - - nlm.nlmsg_len = NLMSG_LENGTH (size); - nlm.nlmsg_type = AUDIT_USER_TTY; - nlm.nlmsg_flags = NLM_F_REQUEST; - nlm.nlmsg_seq = 0; - nlm.nlmsg_pid = 0; - - iov[0].iov_base = &nlm; - iov[0].iov_len = sizeof (nlm); - iov[1].iov_base = string; - iov[1].iov_len = size; - - addr.nl_family = AF_NETLINK; - addr.nl_pid = 0; - addr.nl_groups = 0; - - msg.msg_name = &addr; - msg.msg_namelen = sizeof (addr); - msg.msg_iov = iov; - msg.msg_iovlen = 2; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - - (void)sendmsg (fd, &msg, 0); - close (fd); -} -#endif --------------000100020805010605060802--