Thursday, January 3, 2013

Removing and ommiting commands from bash command history


You have possibly worked on a linux/unix server and you possibly don't want the security auditor, subordinates, manager, workmate to know what you have been working on. Chances are high that the first place people will go to in case they want to know what you have been doing on a server is the command history.
Many servers now days are using /bin/bash as the default shell and as a default this shell keeps history of all commands run. How then can one make sure that the command run are not recorded in the command history located at ~/.bash_history ?
This is something I have tested with ma system and it works pretty well.

Assumptions:
My command prompt is indicated by the '$' and it is also assumed that you are not a super user on the computer.

First I need to disable bash from caching and recording ma commands.
$ set +o history
When bash cannot record your command history, the last command that you have run at all times is the set command but it will raise question to those who understand it. They will know that you set off command history and possibly you run other commands there after. I then have to remove it from the history it's self.
I shall need to know which history ID it is taking by running
$ history
752 fmt -w 58 odlove.txt
753 man fmt
754 clear
755 cd ~
756 where
757 set +o history
From the output it is seen that command 'set +o history' took position (ID) 757
I can then remove it from the history
$ history -d757
When I run history again you will realise that 'set +o history' is not listed any more.
$ history
751 fmt -w 10 odlove.txt
752 fmt -w 58 odlove.txt
753 man fmt
754 clear
755 cd ~
756 where
I can now run all the commands I want to run in the dark and they will never be brought to light at any one moment.
You have to remember to turn on history because it's absence can also raise questions.
$ set -o history
The system will never at anyone moment ever show that the commands I run in the dark have even ever been executed.
Make sure that in the command history there is no command that is related to history cause it can be enough to show that you know about hiding commands and manipulating the command history.

This method is good in case you are training and doing work on systems that are very sensitive but dangerous for security audits and also a bad habbit.

Stay blessed as you cheat systems.

No comments:

Post a Comment

Post a Comment