In bash, lock up your .bash_history file - prevent changes

[machiner]

In Linux you have about 45 ways to do about anything.  We all have our favorites and this proves to be excellent geek-campfire fodder.  Some ultra-mega with his 12-string Martin will undoubtedly belt out an impromptu ode-to-bash ditty.  Someone spills a beer from his roiling with laughter...the wind forces a choke-cloud of smoke and heat right at you.  You casually move around the fire, stopping next to the ultra-mega guy long enough to bop to his beat for a few bars....."Hey Lenny, where's your sister?"  **ssssssmack**

ba hahahahaaaa lol......

good times.



Oh -- yeah, to prevent bash from adding your commands to the .bash_history file, (which can be really handy - or a detriment to security -  It's all in how you look at it.) there are a few things that you can do.  One surefire way is to dissllow all access, even from root.  We change the file attributes allowing no access by making the file immutable - an immutable object is an object whose state cannot be modified after it is created

Wicked easy, but like anything -- maybe you should understand it a little before you go poking your clumsy nose around in it, ey?

chattr -- look up file attributes, immutable, advanced file system operations -- put a +debian or +linux in your search phrase, as well.

Here's what we do.  FIrst - fire up your terminal and become root.  Then:

# rm .bash_history

Now, make a new one:

# touch .bash_history

Now, make it immutable if you've got no saved list of handy commands (regular user, that's what we're tweaking right now) - or, if you do have a group of commands you use all the time, open the file you just made and paste your list in.  This is your only chance, because the next step creates an unchangeable file.

I'll wait....


OK -- you removed the original, made a new one, added your favorite commands if applicable, and now we make it permanent:

# chattr +i .bash_history

There ya go.  You'll have to type out all of your commands, of course, but there will be nothing saved, so a snoop cannot go poking around in your .bash_history and notice passwords that you carelessly typed into your console.

[Tags:]

Jump to: Please select a destination: ----------------------------- Migrate from Windows ----------------------------- => Command Line Goodness => Understand Program Differences => What to keep -- what to toss => What about Hardware? ----------------------------- Linux General ----------------------------- => Projects & Stuff => Linux General => Perpetuating the Goodness => Linux Tips & Tricks => Debian General => Linux Conventions ----------------------------- System Configuration ----------------------------- => Manage Partitions => Peripherals => Debian Security ----------------------------- All Things Desktop ----------------------------- => Configure your Desktop => Eye Candy ----------------------------- General - say what you will ----------------------------- => Open Forum => Music => forum script related ----------------------------- Geek Feed ----------------------------- => Projects and Events => Recipes ----------------------------- Events ----------------------------- => Happenings in the world of Debian