Cannot install shellclear

Hi all, :wave:

Today I stumbled over a tool called shellclear. It is featured on Shellclear - History automatisch auf sensible Inhalte untersuchen | ITrig
(in German though).

Here´s a rough translation of what it´s about:

The small tool shellclear automates checking the shell history for sensitive content such as passwords or access tokens.

Shells such as Bash, Zsh, PowerShell and Fish are supported. The tool uses a pattern file, which can be expanded as required.

When the shell is started, the contents of the history are automatically checked for passwords and tokens using this YAML pattern file.

If there is sensitive content, it will be listed and can be deleted.
Testing is currently done for AWS Access Keys, Github Tokens, Gitlab Tokens, Slack, Cloudflare, Twitter, Facebook and many more.

This is how it should be installed:

curl -sS https://raw.githubusercontent.com/rusty-ferris-club/shellclear/main/install/install.sh | bash

(BTW: shellclear can be found here: GitHub - rusty-ferris-club/shellclear at 13f7ccf5a102cd10f2e03f6fa1e898cc8782e7e8 )

However the installation procedure fails on in Debian vm :slightly_frowning_face: :

curl -sS https://raw.githubusercontent.com/rusty-ferris-club/shellclear/main/install/install.sh | bash
[1/4] Get latest shellclear version
[2/4] Download https://github.com/rusty-ferris-club/shellclear/releases/download/v0.4.6/shellclear-v0.4.6-x86_64-linux.tar.xz to /home/rosika2/Downloads/shellclear
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  884k  100  884k    0     0   613k      0  0:00:01  0:00:01 --:--:-- 2261k
[3/4] Install shellclear to the /usr/local/bin
shellclear-v0.4.6-x86_64-linux/shellclear
mv: reguläre Datei '/usr/local/bin/shellclear' kann nicht angelegt werden: Keine Berechtigung

The last line is:

mv: reguläre Datei ‘/usr/local/bin/shellclear’ cannot be created, no rights

I get the same message when prepending the command with sudo. :thinking:

I´m a bit lost here and cannot find other suitable installation instructions on the github page. Or perhaps I´m too dumb to find them. :blush:

Does anybody know shellclear and if so, how did you get it installed :question:

Thanks a lot for your help.

Many greetings
Rosika :slightly_smiling_face:

1 Like

Hi Rosika,
That is strange
A few things to try

  • does /usr/local/bin exist and what are its permissions
  • download install.sh without piping it to bash. Have a look at what it tries to do. Is it a bash script?
  • if install.sh looks ok, run it locally wlth sh -ex install.sh /usr/local/bin/shellclear you should get some extra output
  • do you really need install.sh? can you just download the binary and mv it to where you want

In general it is not a good idea to run install scripts without looking at them first

Regards
Neville

1 Like

I think you’ll have better luck with “sudo -i” - then run the script… Because the “sudo curl |” isn’t getting piped with sudo or escalated privileges…

But - I hate running stuff off the intertubes like that - it’s odd that some product ostensibly a security tool, would recommend a highly insecure method…

You also might have better luck with maybe something more like this (maybe?) :

curl -sS https://raw.githubusercontent.com/rusty-ferris-club/shellclear/main/install/install.sh | sudo bash

I might take a look at this - but I think I’ll just download it instead of running the installer over the intertubes…


Just tried on my Ubuntu 22.04 machine - I downloaded the install.sh and scanned it and it seemed safe to me - so I chmod’d it to execute then ran it with sudo :

╭─x@titan ~/tmp  
╰─➤  sudo ./install.sh 
[1/4] Get latest shellclear version
./install.sh: 41: [[: not found
[2/4] Download https://github.com/rusty-ferris-club/shellclear/releases/download/v0.4.6/shellclear-v0.4.6-x86_64-linux.tar.xz to /root/Downloads/shellclear
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  884k  100  884k    0     0   240k      0  0:00:03  0:00:03 --:--:--  490k
[3/4] Install shellclear to the /usr/local/bin
shellclear-v0.4.6-x86_64-linux/shellclear
[4/4] Set environment variables
shellclear was installed successfully to /root/Downloads/shellclear/shellclear
Run 'shellclear --help' to get started
╭─x@titan ~/tmp  
╰─➤  shellclear --help
shellclear 0.4.6
Secure shell commands

USAGE:
    shellclear [OPTIONS] [SUBCOMMAND]

OPTIONS:
        --config-dir <CFG_DIR_PATH>    Set configuration directory path
    -h, --help                         Print help information
        --init-shell                   Show sensitive findings summary for MOTD
        --log <LEVEL>                  Set logging level [default: INFO] [possible values: OFF,
                                       TRACE, DEBUG, INFO, WARN, ERROR]
        --no-banner                    Don't show the banner
    -V, --version                      Print version information

SUBCOMMANDS:
    clear     Clear the findings from shell history
    config    Create custom configuration
    find      Find sensitive commands
    help      Print this message or the help of the given subcommand(s)
    stash     Stash history fil

Maybe this explains better ? :

2 Likes

That is almost certainly the problem
and
your illustration at the end
sudo a | b
a | sudo b
says it all.

Using su instead of sudo should avoid this issue,

1 Like

Hi again, :wave:

thanks so much @nevj and @daniel.m.tripp for your kind help. :heart:

@nevj:

Yes, it exists with the following permissions:
drwxr-xr-x - root root 30 Okt 14:05 bin

Right. I did that.

I wish I knew. I folowed the instructions and I guess it has to be installed.
However I did get it installed in the end and it´s located here:

which shellclear
/usr/local/bin/shellclear

Right you are of course. Therefore I used my Debian vm for experimental purposes and did a snapshot before trying anything… just in case… :wink:

Thanks so much for your help, Neville.

@daniel.m.tripp:

Yes, you´re perfectly right of course.
Wouldn´t have done it on my main system before being absolutely sure…

Thanks so much, Dan, for trying that out for me :+1: .

So I did the same.

shellclear --help

however fails. :slightly_frowning_face:
Debian seems to be lacking a certain GLIBC version:

shellclear --help
shellclear: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.29' not found (required by shellclear)

Now I´m not sure what package I need to install for that error to vanish… :thinking:

Thanks for the explanation:

and your illustration.

Many greetings to both of you, and thanks again.
Rosika :slightly_smiling_face:

BTW:

ldd --version 
ldd (Debian GLIBC 2.28-10+deb10u1) 2.28

So Debian is glibc2.28, and shellclear wants glibc2.29
I dont think you will find glibc2.29 in the Debian11 repo . Debian11 is fixed on glibc2.28 because that is the version that works with all its packages. So you probably cant install 2.29 as a package install.

However you can find glibc2.29 on some Debian site as a .deb file. So you can download it and install it with dpkg -i.
Then the trouble starts. One can have 2 versions of a library present, and, if you look in /usr/lib you will see lots of cases. There is usually a versionless link ( eg glibc.so) which points to one version, usually the latest version. In this case you want the versionless pointer to point to glibc2.28. I dont know what dpkg will do with the pointer , but if it changes it there may be trouble.

Another option is to install it from the .deb file into /usr/local/lib. That would keep it away from all the standard Debian libraries. That may be a safer way to go.

Whatever you decide to do, just be careful, and be prepared to unwind it.

Regards
Neville

PS Rosika I just noticed… My Debian11 has in /usr/lib/x86_64-linux-gnu

-rw-r--r-- 1 root root 283 Oct 15 06:35 libc.so
lrwxrwxrwx 1 root root  12 Oct 15 06:35 libc.so.6 -> libc-2.31.so
-rwxr-xr-x 1 root root  1905632 Oct 15 06:35 libc-2.31.so

So I am way ahead of your 2.28 ?
Why is that?
Is your Debian not Debian11?
And why is it called libc rather than glibc?.. got it see man 7 glibc
Lots of questions

1 Like

That is the version of ldd.
Why is it showing GLIBC?

I get

nevj@trinity:~$ ldd --version
ldd (Debian GLIBC 2.31-13+deb11u5) 2.31

So it agrees with my version of libc.so in /usr/lib/x86_64-linux-gnu

1 Like

Hi Neville, :wave:

thanks so much for your reply.

No idea why.
I looked around on the internet yesterday searching for something like “GLIBC_2.29’ not found” and came across the page Error: ./libm.so.6 : version 'GLIBC_2.29' not found / Applications & Desktop Environments / Arch Linux Forums from the archlinux forums.

Here the user in post #1 used the ldd --version command to get the glibc version.
So I did the same… :blush:
It worked for me … and as I see: for you as well. :smiley:

Yes, that´s the way it seems to be.

Right. I believe so, too.

Thanks for the explanation, Neville.

You splendidly described how things work library-wise. That´s great. :+1: Thanks so much.

I took a look at /usr/lib to compare it to your results:

  • in Debian 10:
-rw-r--r--  1 root root   298 Mär 15  2022 libc.so
lrwxrwxrwx  1 root root    12 Mär 15  2022 libc.so.6 -> libc-2.28.so
-rwxr-xr-x  1 root root  1,8M Mär 15  2022 libc-2.28.so
  • in Lubuntu 20.04.5 however:
-rw-r--r--  1 root root   298 Apr  7  2022 libc.so
lrwxrwxrwx  1 root root    12 Apr  7  2022 libc.so.6 -> libc-2.31.so
-rwxr-xr-x  1 root root  2,0M Apr  7  2022 libc-2.31.so

That´s how it is in your Debian 11 install.

No, in fact it´s Debian 10 ( which - I guess - would explain the differences):

lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 10 (buster)
Release:	10
Codename:	buster

Hmm, that I don´t know :thinking: .
However the command man 7 glibc does work in Debian 10.

The man-pages begin with

libc - overview of standard C libraries on Linux

Well, I think it´s best not to mess around with my system (although it´s a vm). In the end it might not be worth it.

However I learned a lot from you, Neville. Your excursus into libraries taught me a lot.
Thanks so much for that, Neville. :heart:

Many greetings from Rosika :slightly_smiling_face:

Hi Rosika,
I think that is wise.
Wait till you upgrade Debian10 to Debian11. That will fix it… Or use shellclear in Lubuntu, it is up to date.

You started me looking into libraries and versions. I might try and do a post on that. There is lots I dont understand.

Regards
Neville

1 Like

@nevj
What is the purpose of “shellclear”?

1 Like

Hi Neville, :wave:

Yes, you´r right. That´s certainly wisest.

BTW:
There´s something about shellclear I don´t understand completetly. But I haven´t put much thought into it till now. So I have to do a bit more research. :notebook_with_decorative_cover:

It´s about its docker functionality (exaple docker image (#53) · rusty-ferris-club/shellclear@ac55de4 · GitHub ).

from the shellclear-main.zip I downloaded:
PATH: shellclear-main/example/docker/README.md

# Docker Example

If you would like to see how shellclear works as a command line and shell plugin, you can run this docker image by running the following command

docker build -t shellclear .
docker run -it shellclear bash

After exec to the container you can:

  1. See shellclear findings when open the shell
  2. See sensitive data
  3. Delete sensitive data
  4. See more features in README file

The dockerfile looks like this:

 bat Dockerfile 
───────┬───────────────────────────────────────────────────────────────────────────────────────
       │ File: Dockerfile
───────┼───────────────────────────────────────────────────────────────────────────────────────
   1   │ FROM ubuntu:22.10
   2   │ 
   3   │ RUN apt update && apt install curl xz-utils -y
   4   │ 
   5   │ RUN curl -sS https://raw.githubusercontent.com/rusty-ferris-club/shellclear/main/insta
       │ ll/install.sh | sh
   6   │ 
   7   │ RUN ln -sf /bin/bash /bin/sh
   8   │ 
   9   │ RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=~/.bash_history" \
  10   │     && echo "$SNIPPET" >> "/root/.bashrc"
  11   │ 
  12   │ RUN echo 'GITHUB_TOKEN=catch-me' > /root/.bash_history
  13   │ 
  14   │ RUN echo 'eval $(shellclear --init-shell)' >> ~/.bashrc

Many greetings
Rosika :slightly_smiling_face:

Hi Daniel, :wave:

in my post #1 I tried to describe what shellclear does by citing the source here and providing a rough translation.

So please see post #1.

Many greetings from Rosika :slightly_smiling_face:

1 Like

@Rosika
OK, I would have to use Google translate to read that.
Does “shellclear” just clear the bash line history?

Hi Daniel, :wave:

… therefore I provided a rough translation in post #1. That one is in English.

If I understand it corectly it doesn´t clear the contents per se but looks for sensitive content.
It can list them and you can delete them…

Perhaps take a look at GitHub - rusty-ferris-club/shellclear: Secure shell history commands by finding sensitive data.
Here Rusty Ferris describes what it´s all about. I guess he can do that much better than I can . :blush:

Many greetings
Rosika :slightly_smiling_face:

1 Like

@Rosika
OK, I understand that. With Arch I just type “history” and use “history -cw” to clear.
I guess one could just highlight and copy and paste the commands to a notepad file,
before clearing. I do that anyway.

2 Likes

Hi Rosika,
The dockerfile seems to download and install shellclear into a docker image, then run shellclear on some demonstration history file, which has been appended to .bash_history in the container

Neat way to do a demo

Regards
Neville

1 Like

Thanks a lot, Neville, for clearing up things. :+1:

I guess that´s the part I didn´t quite get. So it´s a demonstration after all.

Yes, I agree. For doing a demo that´s quite an interesting approach.

Thanks and many greetings
Rosika :slightly_smiling_face:

1 Like