diff --git a/histprotect/README.md b/histprotect/README.md index 1ee41d5..1fe9960 100644 --- a/histprotect/README.md +++ b/histprotect/README.md @@ -5,11 +5,15 @@ This script will automatically take the required steps necessary to lock down .b Features: -* Mark .bash_history as append-only -* Make sure that the HISTFILE variable is read-only. -* Check to see if the user is echoing fake history to the file. -* Prevent .bash_history from being read by other users. +* Mark .bash_history as append-only✓ +* Make sure that the HISTFILE variable is read-only.✓ +* Check to see if the user is echoing fake history to the file.✓ +* Prevent .bash_history from being read by other users.✓ * Intelligent auto protect mode. * Plus more! -Coming soon \ No newline at end of file +Coming soon + +============== +Some improvements & the create made by Marshall Academy Cyber in an effort to provide to upstream projects in a FOSS movement +Contact us via statesmencybersecurity.org if needed diff --git a/histprotect/histprotect.sh b/histprotect/histprotect.sh new file mode 100644 index 0000000..e83eccf --- /dev/null +++ b/histprotect/histprotect.sh @@ -0,0 +1,44 @@ +#/bin/bash +echo HistProtect at le service! +echo Straight up stolen from StackOverflow, then improved +# http://superuser.com/questions/308882/secured-bash-history-usage +echo MOST of this is tested +echo But it gets the job done so why would I rewrite it +echo Making append-only +echo Protecting any other users on the system +for i in $(find / -type f \( -name .bash_history -o -name .bashrc \)); do +if [ -f $i ] ; then chmod 600 $i; chattr +a $i ; fi + +done +if [ -f /root/.bash_history ] ; then chattr +a /root/.bash_history ; fi +if [ -f /root/.bash_profile ] ; then chattr +a /root/.bash_profile ; fi +if [ -f /root/.bash_login ] ; then chattr +a /root/.bash_login ; fi +if [ -f /root/.profile ] ; then chattr +a /root/.profile ; fi +if [ -f /root/.bash_logout ] ; then chattr +a /root/.bash_logout ; fi +if [ -f /root/.bashrc ] ; then chattr +a /root/.bashrc ; fi +echo Hardening environment variables +shopt -s histappend + echo "readonly PROMPT_COMMAND=\"history -a\"" >> /root/.bashrc +echo readonly HISTFILE >> /root/.bashrc +echo readonly HISTFILESIZE >> /root/.bashrc +echo readonly HISTSIZE >> /root/.bashrc +echo readonly HISTCMD >> /root/.bashrc +echo readonly HISTCONTROL >> /root/.bashrc +echo readonly HISTIGNORE >> /root/.bashrc +chmod 750 csh +chmod 750 tcsh +chmod 750 ksh + + +for i in $(find / -name .bashrc); do + echo "readonly PROMPT_COMMAND=\"history -a\"" >> $i +echo readonly HISTFILE >> $i +echo readonly HISTFILESIZE >> $i +echo readonly HISTSIZE >> $i +echo readonly HISTCMD >> $i +echo readonly HISTCONTROL >> $i +echo readonly HISTIGNORE >> $i +done + +echo "for i in \$(find / -type f \( -name .bash_history \)); do cat $i | grep \"history -c\" ; done >> /dev/null" >> /root/.bashrc +if [ $? -eq 1 ] ; then echo History clear detected; fi