Remove your terminal history on remote servers

Posted by Mike Barkas on Saturday December 02, 2017

Remove your terminal history on remote servers

Many command line programs have a history storing mechanism that is designed to assist the user in quickly displaying the commands they previously have run. The purpose is to relieve typing the commands each time and remembering the syntax or flag options the program provides.

Some of the commands you may enter in your development or remote server's shell terminal programs may contain sensitive information. A few information examples could be database usernames and/or passwords, network service end-points or hostnames, and IP addresses.

The information you may think is not too sensitive is very valuable to an attacker scoping out a network. Network intruders can take small pieces of information and assemble them into something that is meaningful.

When logging out of development or remote servers, its good practice to remove some of your sensitive history. A common pivot point for network intruders is to find user accounts on the system and check what they can find from them.

Most shell programs will have a logout hook or trigger that is implemented when you log out of your remote terminal. You should hook into these triggers and empty out your history files that save your information.

Here is an example of cleaning out your terminal command history for MySQL and Bash.

I use the Bash built-in : operator to empty the contents of the .mysql_history and .bash_history files. Removing the history files will work as well. The point is to remove the contents of your history files.

Conditionally check if the file exists, so the script won't return an error code. Make your scripts more dependable by not making assumptions and conditionally checking before executing.

My example is using Bash on a Linux operating system.

This example code will go in the logout file of your shell and may be different than my example.


The logout file is automatically run when you log out of the Bash terminal.

~/.bash_logout

Example removing mysql_history

if [[ -f ~/.mysql_history ]]; then
  : > ~/.mysql_history
fi

Example removing bash_history

if [[ -f ~/.bash_history ]]; then
  : > ~/.bash_history
fi

The code snippets above check if the file exists, and if it does, remove its contents.


There are other systems and history mechanisms that vary by system and architecture of your environment. Take a look in your system and ask your system administrator or devops people for assistance. It is common that history files may be a hidden type of file and you will have to look for them.

Summary

Use your shell's logout hook or triggering mechanism to remove the sensitive information that may exist in your history files.