Dear BusyBox maintainers, Iâm submitting this patch to propose a small but valuable feature for the ash shell: the ability to log executed commands to a remote server, inspired by traditional TACACS+[1] command accounting. This functionality is especially useful in environments where BusyBox is deployed in networking appliances, routers, and embedded Linux systems, scenarios where auditing shell activity is critical, but full-featured shells like bash are not an option.
Today, similar functionality is easily implemented in bash using the PROMPT_COMMAND environment variable, but ash lacks an equivalent mechanism. This patch introduces a simple and efficient alternative: it sends the last executed command to a TCP server, if the user sets three environment variables: SESSIONID_, LOG_RHOST, and LOG_RPORT. This approach is lightweight, non-intrusive, and off by default unless configured explicitly by the user or system integrator. One limitation worth noting: while TACACS typically encrypts command logs, this patch currently sends logs in cleartext over TCP. In my use case, a controlled home lab environment, this was acceptable, and I opted to keep the initial implementation simple. That said, I would be happy to extend the feature to support encrypted transmission (e.g., via SSL/TLS or stunnel integration) if thereâs interest from the community. didnât want to overreach in the first submission, but Iâm open to building on it. During development, I encountered an internal limitation: getenv() cannot retrieve variables defined within the current shell session. To overcome this, the patch uses a technique inspired by the math library in BusyBox: a function pointer is injected from ash.c to libbb, allowing safe access to shell-managed environment variables without breaking module boundaries. This approach keeps the code modular while enabling libbb to query ash-specific state. This feature was motivated by real-world needs I encountered while replacing network appliances with embedded Linux setups. Iâve detailed the rationale and technical path in a pair of blog posts[2][3], which might help clarify the use case and implementation choices. I believe this patch could benefit other users maintaining secure or auditable systems on BusyBox, and Iâd be happy to refine it further based on your feedback. Thank you for your time and consideration. [1] https://en.wikipedia.org/wiki/TACACS [2] https://carminatialessandro.blogspot.com/2025/06/logging-shell-commands-in-busybox-yes.html [3] https://carminatialessandro.blogspot.com/2023/05/never-lose-command-again-how-to.html Alessandro Carminati (1): ash: add support for logging executed commands to a remote server include/libbb.h | 7 +++ libbb/Config.src | 10 ++++ libbb/Kbuild.src | 1 + libbb/lineedit.c | 3 ++ libbb/loggers_utils.c | 117 ++++++++++++++++++++++++++++++++++++++++++ shell/ash.c | 3 ++ 6 files changed, 141 insertions(+) create mode 100644 libbb/loggers_utils.c -- 2.34.1
_______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
