#!/usr/dt/bin/dtksh # cloak.ksh: conceal command line passwords/parameters # # To use cloak.ksh, # 1. Load this script onto the target system and chmod it 755, # 2. Set softlinks in your path from the name of the vulnerable program with # a ".cloak" extension to this script (i.e. cd /usr/local/bin; # ln -s cloak.ksh sqlplus.cloak;) # 3. Set an alias from the vulnerable utility to the soft link (i.e. # alias sqlplus=sqlplus.cloak [ksh syntax] or alias sqlplus sqlplus.cloak # [csh syntax]). These aliases can be set system-wide in /etc/profile or # /etc/csh.login. # # After these steps, all future logins that call "sqlplus user/password" should # display "sqlplus -------..." rather than the password when other users run # "ps -ef" or "ps aux" - note that the cloak will not take place if sqlplus # is invoked with the full path (i.e. $ORACLE_HOME/sqlplus user/password). # # This script requires new features in ksh93 - some portions work in bash. progname=$(basename "$0" .cloak) # could have space in the pathname # Explicit list of programs to cloak case $progname in smbclient) runprog=/opt/samba/bin/smbclient ;; sqlplus) runprog=$ORACLE_HOME/bin/sqlplus ;; exp) runprog=$ORACLE_HOME/bin/exp ;; expst) runprog=$ORACLE_HOME/bin/expst ;; imp) runprog=$ORACLE_HOME/bin/imp ;; impst) runprog=$ORACLE_HOME/bin/impst ;; sqlldr) runprog=$ORACLE_HOME/bin/sqlldr ;; tkprof) runprog=$ORACLE_HOME/bin/tkprof ;; *) print "cloak: unknown program $progname"; exit ;; esac # Complain about bad-form sqlplus passwords (ignore smbclient and any others) if [[ $progname = 'sqlplus' ]] then for i in $* do case $i in +([!\/])\/*) print "YOU ARE REVEALING A PASSWORD! -> $i" #echo $(id) $(date) $ORACLE_SID $ORACLE_HOME \ #"$i" | tee -a /some/log \ #| mailx -s "open password!" security@acme.com ;; esac done fi # From D Beusee's hide.c: # This program works by padding 3000 '-' chars in argv[0]. This fools all known # ps's. This will reduce the argument capacity of your program by 3000 chars. # There is some performance penalty for using this program. cloak=$(printf "$progname %.3000c" -) exec -a "$cloak" $runprog "$@"