This feels like solving a good problem at the wrong layer? If you need auditing of everything being run on a box, I'd feel much better with something like https://github.com/squash/sudosh2 or https://github.com/a2o/snoopy ... though I grant that is on some ways that is a heavier solution.
acarminati•7mo ago
Thank you for your comment! It’s always great to hear different perspectives... keeps the conversation interesting.
Even though I framed the article around auditing (a noble goal, and one that makes security folks nod approvingly), the real reason behind this setup is a bit more... humble.
In my daily work, I jump between a lot of different machines. I often find myself crafting commands that I know I’ll need again, but inevitably forget. For a while, I relied on the good old shell history... Until I hit all its usual quirks. You know the drill: history lengths are always either too short or way too long, sessions end abruptly and wipe your precious commands, and each machine needs its own little tweaks just to behave the way you want.
So I came up with a solution: a centralized history receiver, which I wrote about in an earlier post (linked in this one). It worked great... until BusyBox entered the scene. With its stripped-down shell, my previous approach no longer worked.
This article is about how I adapted my setup to work in BusyBox environments. Yes, it could be used for auditing (and that’s how I “sold” it in the post), but my real goal was more about convenience and sanity-saving than full-blown security.
So yep, you’re totally right that there are heavier-duty tools like sudosh2 and snoopy if someone needs serious audit trails. But sometimes you just want your commands to stick around long enough to reuse them without opening a dozen terminal tabs trying to remember where you ran what!
Does that make more sense now?
tyingq•7mo ago
You can get around the ash lack of COMMAND_PROMPT with PS1 and a runtime evaluated expression.
$ docker run -it busybox sh -i
# PS1="\$(date) "
Sat Jul 5 09:21:53 UTC 2025 # waits a few and press <enter>
Sat Jul 5 09:21:56 UTC 2025 # again
Sat Jul 5 09:21:58 UTC 2025
yjftsjthsd-h•7mo ago
acarminati•7mo ago
Even though I framed the article around auditing (a noble goal, and one that makes security folks nod approvingly), the real reason behind this setup is a bit more... humble.
In my daily work, I jump between a lot of different machines. I often find myself crafting commands that I know I’ll need again, but inevitably forget. For a while, I relied on the good old shell history... Until I hit all its usual quirks. You know the drill: history lengths are always either too short or way too long, sessions end abruptly and wipe your precious commands, and each machine needs its own little tweaks just to behave the way you want.
So I came up with a solution: a centralized history receiver, which I wrote about in an earlier post (linked in this one). It worked great... until BusyBox entered the scene. With its stripped-down shell, my previous approach no longer worked.
This article is about how I adapted my setup to work in BusyBox environments. Yes, it could be used for auditing (and that’s how I “sold” it in the post), but my real goal was more about convenience and sanity-saving than full-blown security.
So yep, you’re totally right that there are heavier-duty tools like sudosh2 and snoopy if someone needs serious audit trails. But sometimes you just want your commands to stick around long enough to reuse them without opening a dozen terminal tabs trying to remember where you ran what!
Does that make more sense now?