delete input history

[BobbyBD]

What command is used to delete input command history in terminal ?
I am afraid my friend will trace what been input
Thank you

[mndar]

It's
history -c

The commands you type are stored in
~/.bash_history

[BobbyBD]

Thank you mndar

[assen]

Hi,

A 'hacky' question :-) Actually, some of the most interesting tasks for a real hacker relate to shell history - how to disable it, or even better - how to make the regular user think he has disabled it and still have it written into some other place :-) "man bash" is priceless :-)

WWell,

[stevea]

Why would another user ever have access to your shell history. If they can read /home/you/.bash_history then you have bigger problems than shell history.

[assen]

Hi,

Not just "any" user, but, say, your (friendly) sysadmin. Have you never been assigned (purchased etc.) a shell account? There's where it gets important.

WWell,

[pete_1967]

Quote:

Originally Posted by assen

Hi,

Not just "any" user, but, say, your (friendly) sysadmin. Have you never been assigned (purchased etc.) a shell account? There's where it gets important.

WWell,

If a sysadmin wants to track what you do, there's nothing you can do to prevent it. And on a shared account it's not difficult for another user to record it for themselves.

Code:

/etc/profile:
function log2syslog
{
   declare command
   command=$(fc -ln -0)
   logger -p local1.notice -t bash -i — $USER : $command
}
trap log2syslog DEBUG

Just a quick and dirty way to do it. Not to mention using logger.

[jpollard]

A sysadmin, can easily put a keystroke recorder in server daemons (sshd).

Been done several times, in several different ways. The most difficult
to identify is when the log is sent to another system as you enter
commands.

And that goes for the DoD smart card as well...

[stevea]

Quote:

Originally Posted by jpollard

A sysadmin, can easily put a keystroke recorder in server daemons (sshd).

Been done several times, in several different ways. The most difficult
to identify is when the log is sent to another system as you enter
commands.

And that goes for the DoD smart card as well...

What does that mean - about DoD smart cards ?

I suspect you are not aware of how that protocol works. The card isn't "read" despite the terminology. The ICC device(card) has processing capability and it doesn't divulge it's content any more than you bank does when is returns a public half key.

The design of the interface is meant so that someone can listen to every bit of the interface traffic and still it won't allow an exploit.

[jpollard]

Quote:

Originally Posted by stevea

What does that mean - about DoD smart cards ?

I suspect you are not aware of how that protocol works. The card isn't "read" despite the terminology. The ICC device(card) has processing capability and it doesn't divulge it's content any more than you bank does when is returns a public half key.

The design of the interface is meant so that someone can listen to every bit of the interface traffic and still it won't allow an exploit.

Actually, your pin is read via login/initialization of the card. And
that can be sniffed (did it myself during evaluation). After that
the entire session can be sniffed.

And that gives access to the certs generated/signed. The easiest
way is to put pcscd into debug mode, or replace it with one that
has debug turned on.

In my opinion, none of the existing smart cards are any better
than a password. The ONE advantage is that the card can't be
sniffed if it isn't plugged in...

A few one-time password cards are not too bad, these have external
pin pads such that the pin cannot be seen by the computer
(until you use them in front of a webcam) - CryptoCard is one,
another is SecurID (the more expensive ones).

Of course, from the military point of view, both are flawed - they
are made in China (you have to dismantle the CryptoCard to see
the "made in china" tag on the circuit board, The SecurID is
marked on the outside).

The DoD smart cards, last I heard, were made in VietNam,
shipped to Belgium for embedding in plastic, then shipped to
the US for sales.

It has been a couple of years since I had first hand information
on these though.

[Min]

Use a space before the command won't make the command stored in history
yum install something
instead of
yum install something