Bash - history in the making

Many people do not realise but Bash actually keeps a record of the most recent commands you used.

Now although the file is automatically given read/write permissions for the user only, it's still all there in a plain text file.

It doesn't keep a record of any passwords you may have used but, be honest, have you ever given a password at the wrong time or got halfway through a password before the programme caught up with you?

I have, and these 'errors' on my part are recorded in plain text.

One argument, and possibly why the default allows the command history to be recorded, is that it can be very useful to go back and see what commands you gave and in what order.

Let's see what your trail tells you. Log into your VPS and issue the 'history' command:

history

I can't give a screenshot here as I already have the history set at zero. However, you may be surprised by the level of detail available in the .bash_history file.

You can view the last 20 lines like this:

history 20

You can also give a recorded command again by pressing the up-arrow on your keyboard until you reach the required command, or by giving a '!' followed by the history line number e.g:

!18

However, the point of this article is to remove this command trail and to do this, you need to open .bashrc in your favourite text editor:

nano ~/.bashrc

Depending on your OS you may have some 'HISTORY' configurations already set, e.g:

# don't put duplicate lines in the history. See bash(1) for more options
export HISTCONTROL=ignoredups

Add the following lines to ensure a history is not kept:

# ensure no command history is recorded
export HISTSIZE=0

There are other ways of turning off the history file, such as linking the file to /dev/null and so on. The reason I use this method is that it is then easier to change if I so wished.

Why would I change it? Well, it may be that I am going to be doing some particularly complicated bash commands and really don't want to type them over and over. In a case such as this, I could turn on a limited history size, such as 100.

Best of both worlds

There is a final way that may be of interest as having a command history can be useful (as explained above) and that is to set a limited history but have the history file automatically cleared when you log out.

That way, you don't have to be concerned about leaving a trail of commands (especially as an admin user) but you do have the convenience of a session history.

Firstly, in .bashrc, set the history size to 100 or 1000, etc:

export HISTSIZE=100

Then open .bash_logout in a text editor:

nano ~/.bash_logout

and append the following lines:

# clear .bash_history on logout
history -c;

The line beginning with a hash (#) is simply a comment and is ignored by bash_logout. The 'history -c' command clears the .bash_history file.

This 'compromise' is possibly the best of both worlds - the convenience of having a working command history and having the security of deleting it on logging out.

PickledOnion.

Digg it | del.icio.us | reddit | StumbleUpon