Koozali.org: home of the SME Server

Security > Bash command line history should be disabled by default ?

Offline countzero

  • *
  • 31
  • +0/-0
Problem
When I press the up arrow logged as root I can see my complete command history.  I would rather not.

Solution
Code: [Select]
su -
cd
vi .bash_profile
Add to end of file [SHIFT+G] [SHIFT+A]:
history -c
history -w
Save changes to file [ESC] [:wq]

This clears (-c) the Bash command history in memory and then writes (-w) it to the HIST file (~\.bash_history).

Given that Koozali makes the sensible choices when it comes to security I sort of wonder if command line history should be disabled by default.
« Last Edit: September 23, 2021, 03:14:36 AM by countzero »

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Security > Bash command line history should be disabled by default ?
« Reply #1 on: September 23, 2021, 03:29:22 AM »
No sure it should be default, confuse the shite ot of the less than experienced user, and it is very simple to disable if that is what the admin wants. You could do an NFR as a placeholder you may get support for perhaps a db property being added and default is disabled..
--
qui scribit bis legit

Offline sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: Security > Bash command line history should be disabled by default ?
« Reply #2 on: September 23, 2021, 05:44:13 AM »
If you've managed to gain access to a terminal session I don't think command line history is anywhere on the radar for security issues. The horse has already bolted.
...

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Security > Bash command line history should be disabled by default ?
« Reply #3 on: September 23, 2021, 09:28:01 AM »
If you've managed to gain access to a terminal session I don't think command line history is anywhere on the radar for security issues. The horse has already bolted.

Absolutely.

Of course it's easy to stop logging history if you really want to, but it isn't worth the effort IMHO.

Spend the energy on preventing access.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation