-
Notifications
You must be signed in to change notification settings - Fork 2
/
doc.go
152 lines (98 loc) · 4.78 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
/*
Command bashistdb stores and retrieves bash history into/from a sqlite3
database. It provides advanced functionality such as saving remotely,
keeping history from many users, restoring, quering etc.
bashistdb
=========
Introduction
-----------
Bashistdb stands for Bash History Database.
Bashistdb stores bash history into a sqlite database.
It can either be run as standalone, or it can be run in server-client mode,
where many clients can store their history into a single database over the
network. In this mode, communications are compressed and encrypted.
Bashistdb stores for each history line the time it was run, the user that run it
and the hostname. Currently it isn't meant to be secure against users. This means
that any user may be able to see commands that other users run, or store commands
under different user and hostnames. This is by design. One person may have many
accounts in one or more machines.
It is work in progress. Some features are missing but it has a strong
foundation upon which new features can be build.
Running
-------
### Pre-requisites ###
Install sqlite3 on your machine and go get bashistdb:
$ go get github.com/andmarios/bashistdb
If you are on a hardened machine, you may need instead:
$ go get -u -ldflags '-extldflags=-fno-PIC' github.com/andmarios/bashistdb
Bashistdb needs your history to be timestamped in order to work. It understands
the RFC3339 time format.
If you want to also import your current history, you need to add unique
timestamps to it. Bashistdb can perform these steps for you in one step:
$ bashistdb -init
That's it. Logout and login (or source your bashrc) for the changes to take
effect.
#### Initializing manually ####
If you don't like the automatic setup above, you can perform the steps
needed manually.
In order to set up your bash to log and report RFC3339 timestamps, run:
$ export HISTTIMEFORMAT="%FT%T%z "
$ echo 'HISTTIMEFORMAT="%FT%T%z "' >> ~/.bash_rc
$ export PROMPT_COMMAND="${PROMPT_COMMAND}; (history 1 | bashistdb 2>/dev/null &)"
$ echo 'export PROMPT_COMMAND="${PROMPT_COMMAND}; (history 1 | bashistdb 2>/dev/null &)"' >> ~/.bashrc
Add distinct timestamps to your current bash_history:
$ go get github.com/andmarios/bashistdb/tools/addTimestamp2Hist
$ addTimestamp2Hist -since 24 -write
This will create timestamps for your current commands that span equally accross
the 24 last months.
### Local mode ###
In local mode your history is stored on your computer.
Import your current history. You can import it as many times as you want. It is
very fast and only new lines will be added.
$ history | bashistdb
Check some stats:
$ bashistdb -v 1
Perform a query:
$ bashistdb <SEARCH TERM>
Restore your history file, percent sign (%) acts as wildcard for the query:
$ bashistdb -format restore % > ~/.bash_history
### Server - Client mode ###
Start your server¹:
$ bashistdb -server -key <PASSPHRASE>
From your client machine run bashistdb in client mode:
$ history | bashistdb -remote <SERVER> -key <PASSPHRASE>
You may use a configuration file or environment variables to setup bashistdb.
Environment variables:
$ export BASHISTDB_REMOTE=<SERVER>
$ export BASHISTDB_KEY=<PASSPHRASE>
$ bashistdb -verbose 1
Configuration file (~/.bashistdb.conf) is better. You can create it and update
it with bashistdb:
$ bashistdb -r <SERVER> -k <PASSPHRASE> -p <PORT> -save
Update a variable in the configuration:
$ bashistdb -k <NEW PASSPHRASE> -save
Messages are encrypted using NaCl secret-key authenticated encryption and
scrypt key derivation. Check <https://github.com/andmarios/crypto/nacl/saltsecret>
if you are interested for a higher lever wrapper for golang's crypto/nacl/secretbox.
1: Currently bashistdb listens to all network interfaces (0.0.0.0). It
may get a listen address configuration option in the future.
### Knobs ###
Run `bashistdb -h` to get a glimpse of available options. They are easy to understand.
Currently the most useful command not covered until here is `-g`. G stands for global
and makes your query to search for commands from all users at any host.
License
-------
Copyright (c) 2015, Marios Andreopoulos.
This file is part of bashistdb.
Bashistdb is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Bashistdb is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with bashistdb. If not, see <http://www.gnu.org/licenses/>.
*/
package main