shell history: whitelist self

addresses #24
mandiant · Mar 25, 2020 · d13ddb4 · d13ddb4
1 parent f07cb6b
commit d13ddb4
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/scanners/shell-history.sh b/scanners/shell-history.sh
@@ -56,6 +56,9 @@ shell_history_paths[0]="/var/log/bash.log";
 shell_history_paths[1]="/var/log/notice.log";
 shell_history_paths[2]="/var/log/sh.log";
 
+# addresses issue 24
+readonly whitelist="declare -a notrobin_paths;";
+
 scan_shell_history() {
     for path in "${shell_history_paths[@]}"; do
         if  ! compgen -G "$root_directory/$path*" >/dev/null; then
@@ -66,7 +69,7 @@ scan_shell_history() {
         local found=false;
         for re in "${shell_history_blacklist[@]}"; do
             # /dev/null to ensure at least one of these files exists so zgrep doesn't fail
-            local entries=$(zgrep -F "$re" "$root_directory/$path"* /dev/null);
+            local entries=$(zgrep -F "$re" "$root_directory/$path"* /dev/null | grep -v "$whitelist");
             if [ -n "$entries" ]; then
                 found=true;
                 report_match "blacklisted content '$re'";