Red Hat uses Bash as its default shell. One of the features of Bash is its ability to keep a running history of commands the user has typed. This could, however, end up being a security problem. If a bad guy were able to compromise a user's home directory, they could view commands the user has executed. In some cases, this could expose improperly used passwords or special privileges available to the user (such as sudo.)
In an environment where security is more important than convenience, you may consider disabling this function. A simple solution would be to use the chattr command to lock out the ability to update the file. As root, access the user's home directory. Type:
Code:
rm .bash_history
touch .bash_history
chattr +i .bash_history
The user will still have a command line history, but it will only apply to the current session. When the user logs out, the information will not be saved to the drive. To have this apply to all future users, make the changes in the /etc/skel directory.
No comments:
Post a Comment