You have possibly worked on a
linux/unix server and you possibly don't want the security auditor,
subordinates, manager, workmate to know what you have been working
on. Chances are high that the first place people will go to in case
they want to know what you have been doing on a server is the command
history.
Many servers now days are using
/bin/bash as the default shell and as a default this shell keeps
history of all commands run. How then can one make sure that the
command run are not recorded in the command history located at
~/.bash_history ?
This is something I have tested with ma
system and it works pretty well.
Assumptions:
My command prompt is indicated by the '$' and it is also assumed that you are not a super user on the computer.
First I need to disable bash from
caching and recording ma commands.
$ set +o history
When bash cannot record your command
history, the last command that you have run at all times is the set
command but it will raise question to those who understand it. They
will know that you set off command history and possibly you run other
commands there after. I then have to remove it from the history it's
self.
I shall need to know which history ID
it is taking by running
$ history
752 fmt -w 58 odlove.txt
753 man fmt
754 clear
755 cd ~
756 where
757 set +o history
From the output it is seen that command
'set +o history' took position (ID) 757
I can then remove it from the history
$ history -d757
When I run history again you will
realise that 'set +o history' is not listed any more.
$ history
751 fmt -w 10 odlove.txt
752 fmt -w 58 odlove.txt
753 man fmt
754 clear
755 cd ~
756 where
I can now run all the commands I want
to run in the dark and they will never be brought to light at any one
moment.
You have to remember to turn on history
because it's absence can also raise questions.
$ set -o history
The system will never at anyone moment
ever show that the commands I run in the dark have even ever been
executed.
Make sure that in the command history
there is no command that is related to history cause it can be enough
to show that you know about hiding commands and manipulating the
command history.
This method is good in case you are
training and doing work on systems that are very sensitive but
dangerous for security audits and also a bad habbit.
Stay blessed as you cheat systems.
No comments:
Post a Comment