On Fri, Jan 28, 2005 at 06:52:20PM -0800, Todd Walton wrote: > On Fri, 28 Jan 2005 17:08:07 -0800 (PST), Neil Schneider > <[EMAIL PROTECTED]> wrote: > > > > Todd Walton said: > > > What security could regularly erasing the .bash_history offer? > > > > Log in as root, and do "history | less". How much of that information > > would you like to have known by the next person logging in as root? > > In my case, I would be the next person logging in as root. And in any > case, if a person has root access, don't they implicitly have > permission to know about anything "root" should know about? > > > In the case of a hacked box, if .bash_history exists there can be a lot > > of information that makes it easier to further compromise the system. > > Shut the barn door! The horses are out! > > Or something... >
I agree with you about the root thing, although it's a good practice not to leave anything sharp lying around. More to the point in history, especially if you use sudo, many times one (that's me, maybe you) types a password at the prompt by accident. Passwords in history are Bad Things. Either wipe the history immediately or get in the habit of wiping it periodically. In a multiuser machine, enforcing a periodic wipe is not a bad idea. -- Lan Barnes [EMAIL PROTECTED] Linux Guy, SCM Specialist 858-354-0616 -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
