Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #11332
| Path | csiph.com!xmission!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | aixtools <aixtools@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: Feature Request re: syslog and bashhist |
| Date | Wed, 12 Aug 2015 20:48:58 +0200 |
| Lines | 51 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.8218.1439405347.904.bug-bash@gnu.org> (permalink) |
| References | <55C78FC8.1050609@gmail.com> <55C9073C.3030203@case.edu> <mailman.8184.1439375524.904.bug-bash@gnu.org> <mqfd1l$flc$1@dont-email.me> <55CB47FA.2000104@case.edu> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8; format=flowed |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1439405347 19403 208.118.235.17 (12 Aug 2015 18:49:07 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bug-bash@gnu.org |
| To | chet.ramey@case.edu |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=aGZsIt0SyATS1mKchUCCp44G7HlW6ubVEpz6GxOlF/4=; b=E3jyrUuG4Sq8SaNsHGketvWj/LHGM6DbO85roXvQYJuUyqTjfiN4L8BWV9h/skYPOk Jsfl2PJkaDp7XcYWevQe9CH2l//iVy8PWQihRbue27wMTR/CLM0Upr7DjoY2O9BHqoox kPSaE6jVje5Bbo48aErui8eXV8OQ8EyDC+keahxIRA2GkojwpUtU5FReJArj8p5hD/7W FdsHHZCNKoRqvaFqoUkTL6XofAKXDbMqYsBelZ/JOHSEQn6RKCFY/E6IMM/teblLYXKB +96dMWwFKqP4owj8Zlx5Kfi7WzWxK2BT61N/zniaEALSulnoTPb1ZqzSVEj5uEhQMTpt Os0A== |
| X-Received | by 10.180.207.242 with SMTP id lz18mr47390989wic.66.1439405340473; Wed, 12 Aug 2015 11:49:00 -0700 (PDT) |
| User-Agent | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 |
| In-Reply-To | <55CB47FA.2000104@case.edu> |
| X-detected-operating-system | by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). |
| X-Received-From | 2a00:1450:400c:c05::22b |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:11332 |
Show key headers only | View raw
On 2015-08-12 3:19 PM, Chet Ramey wrote: > On 8/12/15 8:09 AM, Aharon Robbins wrote: >> In article<mailman.8184.1439375524.904.bug-bash@gnu.org>, >> aixtools<aixtools@gmail.com> wrote: >>> In short, having it included in ./configure simply give it much more >>> visibility - and perhaps adoption. >> Personally, I think that having bash send executed commands to syslog >> is an invasion of privacy; I'm surprised such a feature is even there >> at all... > And this is why it's not easy to turn on. It's there for that small > set of system administrators who need it to satisfy some external > auditing requirement (in some cases legally required) -- that's why it's > available in the first place. > I guess my customer set all fall into this category. And it is not fail safe - anyone willing, or able to use another shell can execute a program such as vi, and then use a shell escape to start a different shell that is not logging. Which is why auditing is used, which is involuntary from an application perspective. So, referring back to John's addition, this would be useful for case #2. Where it could be useful for case #3 - would be if bash had (or maybe has) an option to display the configure arguments (which generally does not include -D flags), such as perl -V, or httpd -V. Basically, if you have nothing to hide - it should not matter. More likely, it is a mechanism that can prove your innocence should there ever be any doubt about what you did, or did not do. Even in Germany - which has the reputation for most "protective" privacy laws. To meet PCI compliance and others (I think even government in some sectors) - all commands are stored in order to perform an audit in the case of a suspected security breach. In any case, I understand that it is a sensitive topic - not one that I will be deciding. I guess it might be worth a discussion to be able to see from a command-line option to know, one way or the other if the feature is (potentially) active. In short - Chet - as if I had a choice :p @ me - I bow to your wisdom!
Back to gnu.bash.bug | Previous | Next — Previous in thread | Find similar
Re: Feature Request re: syslog and bashhist aixtools <aixtools@gmail.com> - 2015-08-12 12:31 +0200
Re: Feature Request re: syslog and bashhist arnold@skeeve.com (Aharon Robbins) - 2015-08-12 12:09 +0000
Re: Feature Request re: syslog and bashhist Greg Wooledge <wooledg@eeg.ccf.org> - 2015-08-12 09:06 -0400
Re: Feature Request re: syslog and bashhist Chet Ramey <chet.ramey@case.edu> - 2015-08-12 09:19 -0400
Re: Feature Request re: syslog and bashhist aixtools <aixtools@gmail.com> - 2015-08-12 20:48 +0200
csiph-web