>Is there an easy way to tee the $HISTFILE to more than one location?
I believe that BASH history is only updated when
the session ends rather than continuously during the
session, so any session in which somebody messes with
history logging will likely not be recorded.
That being said, it might be possible (just thinking
out loud here) to make your history file a named
pipe (ie. FIFO). Then maybe some watcher-process
could stare at it and copy any updates to the "safe"
destination of your choice, preferably on another
machine. If the bad guys delete the pipe this
approach could fails, though, unless you also have
that watcher-process silently put things back the
way you want them if it notices that the attributes
of the history file have changed.
> Also, if there's a perl/networking guru, I'm looking to re-write
> the trojan to look like it's working, but instead be logging the
> intruder's actions, IP, etc. It's a simple backdoor (only about 2.5
> pages printed), so I might even be able to figure it out myself...
Post a copy of the original here, please - it sounds interesting.
Regards,
----------------------------------------
Michael O'Donnell [EMAIL PROTECTED]
----------------------------------------
###########################################
# This transmission has not been approved #
# by the Office of Homeland Security. #
###########################################
*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************
