Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: countzero on September 23, 2021, 03:10:28 AM

Title: Security > Bash command line history should be disabled by default ?
Post by: countzero on September 23, 2021, 03:10:28 AM

Problem
When I press the up arrow logged as root I can see my complete command history.  I would rather not.

Solution

Code: [Select]

su -
cd
vi .bash_profile
Add to end of file [SHIFT+G] [SHIFT+A]:
history -c
history -w
Save changes to file [ESC] [:wq]
This clears (-c) the Bash command history in memory and then writes (-w) it to the HIST file (~\.bash_history).

Given that Koozali makes the sensible choices when it comes to security I sort of wonder if command line history should be disabled by default.

Title: Re: Security > Bash command line history should be disabled by default ?
Post by: TerryF on September 23, 2021, 03:29:22 AM

No sure it should be default, confuse the shite ot of the less than experienced user, and it is very simple to disable if that is what the admin wants. You could do an NFR as a placeholder you may get support for perhaps a db property being added and default is disabled..

Title: Re: Security > Bash command line history should be disabled by default ?
Post by: sages on September 23, 2021, 05:44:13 AM

If you've managed to gain access to a terminal session I don't think command line history is anywhere on the radar for security issues. The horse has already bolted.

Title: Re: Security > Bash command line history should be disabled by default ?
Post by: ReetP on September 23, 2021, 09:28:01 AM

Quote from: sages on September 23, 2021, 05:44:13 AM

If you've managed to gain access to a terminal session I don't think command line history is anywhere on the radar for security issues. The horse has already bolted.

Absolutely.

Of course it's easy to stop logging history if you really want to, but it isn't worth the effort IMHO.

Spend the energy on preventing access.