If you use bash as the default shell, it keeps a history of commands accessed via the `history` command for convenience. This could end up being a security problem if someone were able to compromise a users' home directory. In some cases, this could expose improperly used passwords or special privileges available to the user such as sudo.
Consider disabling this by changing the attribute of the file to lock out the ability to update the file. As root:
# cat /dev/null > ~user/.bash_history # chattr +i ~user/.bash_history
The user will still have a command line history, but it will only apply to the current session. When the user logs out, the information will not be saved. To have this apply to all future users, make the changes in the "/etc/skel" directory.
Bookmark/Search this post with:
HISTFILE as /dev/null
This will redefine HISTFILE as /dev/null, telling the shell to write it's
history to this file. Therefore, all data passed to null device is thrown away.
export HISTFILE=/dev/nullAuto clear history on logout
Additionally, you can clear out the history by including the below line in the ".bash_logout" file.
Post new comment