Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/idrinth/1984
A small tool to remotely track bash histories
https://github.com/idrinth/1984
bash-history blue-team linux-app logging monitoring remote restful root surveillance
Last synced: 4 months ago
JSON representation
A small tool to remotely track bash histories
- Host: GitHub
- URL: https://github.com/idrinth/1984
- Owner: Idrinth
- License: mit
- Created: 2023-02-07T07:20:01.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2023-02-12T23:45:00.000Z (about 2 years ago)
- Last Synced: 2024-10-05T07:41:54.829Z (4 months ago)
- Topics: bash-history, blue-team, linux-app, logging, monitoring, remote, restful, root, surveillance
- Language: PHP
- Homepage:
- Size: 116 KB
- Stars: 4
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# 1984 [](https://github.com/Idrinth/1984/actions/workflows/lint-all.yml)[](https://github.com/Idrinth/1984/actions/workflows/psr-12.yml) [](https://github.com/Idrinth/1984/actions/workflows/unittest.yml) [](https://github.com/Idrinth/1984/actions/workflows/phan.yml)[](https://github.com/Idrinth/1984/actions/workflows/lint-old.yml)
## A small tool to remotely track bash histories
This tool is merely a small project of mine to aggregate my own bash histories. It is obviously not intended for surveillance of other users. If you plan to use it like that make sure, that the bash history is written immediately (`history -a`) and the program runs with root rights.
The name is a reference to George Orwell's book Nineteen Eighty-Four, since this is a surveillance tool if used on other users than yourself. Consider this a warning of what may be possible.
## Requirements
### Source-Server
- php >= 5.3
- ext-curl (optional)
- ext-pcntl (optional)
- openssl
- root access
### Target-Server
- webserver
- php >= 7.1
- write access to database
- ext-pdo
- mariadb/mysql/sqlite depending on database choice
### Generator-System
- php >= 7.4
- openssl
- composer
### Development-System
- php >= 7.4
- ext-curl
- ext-ast
- openssl
- composer
## bin/remote-logger.php
Run this script to generate files to be deployed.
```sh
php bin/remote-logger.php source-server-ip targer-server-host-or-ip communication-protocol sdatabase-dns enable-log-deduplication enable-bashrc-modification
```
- source-server-ip: for example `1.2.3.4`
- target-server-host-or-ip: for example `1.1.2.3` or `idrinth.de`, can take multiple comma-separated entries
- communication-protocol: http by default, could be any curl can use in theory
- database-dns: optional, defaults to `sqlite:/tmp/remote_bash_log.sqlite`
- enable-log-deduplication: defaults to `false`, set to `true` to remove duplicate entries from the logs in one package
- enable-bashrc-modification: defaults to `false`, set to `true` to try to set `history -a` as `PROMPT_COMMAND`-export or add it to an existing one.
### dist/home/*.kill
Contains the export statement to permanently disable this specific instance of the script. Do NOT lose this file, since disabling is hard to do otherwise.
### dist/source/*.sh
This is the script to be started on the server to monitor. It will try to install the required packages itself as well.
### dist/source/*.php
This is the script actually monitoring the server. It works best with `ext-curl` and `ext-pcntl` around.
### dist/target/*.php
This is the api, that validates the write requests and saves them to the given database. Host this file in the webroot of the desired IP or domain-
## Help & Support
If you want direct support options, feel free to drop by on [Discord](https://discord.gg/xHSF8CGPTh).
## Disclaimer
1984 was created for educational purposes, use only on computers or networks you have explicit permission to do so. The contributors are not responsible for any illegal or malicious acts performed with this project.