Apache and suexec issue that wont let me run my python script

[Chris Angelico]

On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας <nikos.gr33k at gmail.com> wrote:
> Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
>> In fact, I didn't even bother fiddling with syslog. All I did was
>> .bash_history. Of course, I wasn't worried about you getting my IP
>> addresses (one of them is public anyway, and the other isn't mine any
>> longer than I'm using it), and nothing I did there was sufficiently
>> serious to be worth hiding, but I just did the history so I could
>> point out how easy this is.
>
> So, by executing .bash_history commands issued are cleared. okey.
> What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog can the latter show me what commands have been executed, files opened, commands given, services started-stopped etc?

Poke around in /var/log - I didn't tamper with anything there, so you
may well find log entries. But I don't know for sure what I did and
what I didn't do.

>> and nothing I did there was sufficiently serious to be worth hiding.
>
> Actually i believ you, because if you had malice in mind you could 'rm -rf /' or deface frontpages which you didnt do.
>
> But is there a way for me to see what commands have been issued? syslog perhaps as ia sk above?
> Since you didn't hurm the system why the need of wipe clean bash's history?

There won't be a full list of all commands, but you may find some
hints. And why wipe it? Just to show how easily it could be done.
Imagine if I'd:

1) Created a new user, with a home directory of /etc
2) Made a setuid root binary that gives me a shell
3) Removed all logfile traces of having done so

I could then *retain full access* even after you change the root
password. And you would not know what I'd done, if I do the logfile
wipes correctly. You might see some hint (eg that logs were rotated
prematurely), but it'd be extremely hard to figure out what I did.

ChrisA