In this solution I did not try to keep sensitive commands from entering current in-memory session history.When the user logs out of the CLI session I see that klish copies session history data to the file .clish_history .So in the bash script that calls klish I simply clean out the history file of sensitive commands upon exit of klish.This does not fully satisfy the original requirements and it's also very weak. Does not handle crashes or users who know how to circumvent this.
As you can see, both approaches don't work.Here is what my view looks like<VIEWname="myrestricted-view"prompt="admin> " >.. then here I define a bunch of command definitions that I don't want recorded in history<COMMANDname="exit"help="exit from admin-mode"view="root-view"><ACTION builtin="clish_history">1</ACTION></COMMAND></VIEW>In this approach when exiting the "myrestricted-view" view via the exit command .. it basically blows away all history.. from the session ... oops!! Secondly when I exit the CLI session altogether, the permanent history in .cli_history is also removed.. Double-oops! :)
--
You received this message because you are subscribed to the Google Groups "klish-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to klish-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/klish-dev/CAFhJ4hzYx%3DOHX_ingiAi1mVdQ-3fsVgh%2Bek5ghNeuMobks1UuA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/klish-dev/e43ebe73-0614-de64-61ce-95258971c70c%40gmail.com.