System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Clear .sh_history when log off

SOLVED
Go to solution
tom quach_1
Super Advisor

Clear .sh_history when log off

Hi All,

I would like to exec a script when i log off putty, telnet, xterm session to clear out .sh_history.
Please tell me where can i put this script.
Regards,
Tom
9 REPLIES
Mel Burslan
Honored Contributor
Solution

Re: Clear .sh_history when log off

trap "cat /dev/null >.sh_history" 0 1 3 15

place this in users' .profile or if you want this for everybody, place it in /etc/profile

hope this helps
________________________________
UNIX because I majored in cryptology...
Dennis Handly
Acclaimed Contributor

Re: Clear .sh_history when log off

Do you have a separate history file for each session, if multiple logins?
Mel's solution may blast it for each script you run?
tom quach_1
Super Advisor

Re: Clear .sh_history when log off

Thank you Mel & Dennis for your helps.

i only have one .sh_history
Mel- this line works when i add it to the bottom of the .profile
Question:
Can i hide this line from .profile
when i move this line up within .profile it does not seem to work.
Reason: do not want user to see it.

Regards,
Tom
James R. Ferguson
Acclaimed Contributor

Re: Clear .sh_history when log off

Hi Tom:

Did you do this in the ${HOME}/.profile or in '/etc/profile'?

If you did this in '/etc/profile' you need to put it at the end since there is (by default) a 'trap' for the signals in question already there. This would override Mel's suggestion if you don't put his last.

Security by obsurity is weak. Any user can list ('cat', etc.) '/etc/profile' to see what you have done.

Regards!

...JRF...
Steven E. Protter
Exalted Contributor

Re: Clear .sh_history when log off

Shalom Tom,

The reason stuff is kept in these files is so there is a record of what was done when.

This is a basic security measure and helps you catch your own mistakes.

Doing what you propose probably violates security audit parameters and is not a good idea.

Modify the ideas above to at least archive this information so its available when you need it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
James R. Ferguson
Acclaimed Contributor

Re: Clear .sh_history when log off

Hi (again):

> SEP: The reason stuff is kept in these files is so there is a record of what was done when.
This is a basic security measure and helps you catch your own mistakes. Doing what you propose probably violates security audit parameters and is not a good idea.

I'm sorry to disagree, but I do! This is _no_ audit if you consider that the owner of the history file has every right to truncate the file before he/she logs off. In fact, I routinely do this when I have issued a 'shutdown' command as root. I don't want to be able to inadvertently recall the command history looking for a command that lay next to the 'shutdown' and stupidly re-trigger that shutdown again by mistake!

Regards!

...JRF...
Mel Burslan
Honored Contributor

Re: Clear .sh_history when log off

I have to agree with JRF on this one. As the .sh_history needs to be user writable, there is no way to trust that data for any audit purpose. If you make it unwritable, then you lose the benefit of having a shell history.

If the purpose is auditing users in the sense of what they have done, then an external solution needs to be involved, like power broker, where you can log every key stroke of the user onto an external server, unreachable by the end user. Then it is a valid auditable log.
________________________________
UNIX because I majored in cryptology...
Dennis Handly
Acclaimed Contributor

Re: Clear .sh_history when log off

If you don't want to save your history, don't define HISTFILE, or unset it.
As long as you aren't root (or you use ksh), you still will have a history.

In regards to Mel's solution, that will blast it for every shell script you run.

You would need to do:
shell=$(UNIX95=EXTENDED_PS ps -p $$ -ocomm=)
if [[ "$shell" = -* ]]; then
echo "Login shell: $shell"
> $HISTFILE
fi

Or using it in a trap command:
trap 'shell=$(UNIX95=EXTENDED_PS ps -p $$ -ocomm=)
if [[ "$shell" = -* ]]; then
#echo "Login shell: $shell"
> $HISTFILE
fi' 0 1 3 15
tom quach_1
Super Advisor

Re: Clear .sh_history when log off

Thank you all for your info.
Regards,
Tom