If you use bash as the default shell, it keeps a history of commands accessed via the `history` command for convenience. This could end up being a security problem if someone were able to compromise a users' home directory. In some cases, this could expose improperly used passwords or special privileges available to the user such as sudo.
Consider disabling this by changing the attribute of the file to lock out the ability to update the file. As root:
# cat /dev/null > ~user/.bash_history # chattr +i ~user/.bash_history
The user will still have a command line history, but it will only apply to the current session. When the user logs out, the information will not be saved. To have this apply to all future users, make the changes in the "/etc/skel" directory.