HPE Community
Operating System - HP-UX
1830042 Members
2173 Online
109998 Solutions
New Discussion

sh_history file format

 
Eric Guerizec
Frequent Advisor

‎06-24-2003 07:24 AM

‎06-24-2003 07:24 AM

sh_history file format

Hello!

The .sh_history file is not entirely text. There is also special characters in this file. Does anybody know more about the format of the .sh_history?
I write a C prog which read this file...

Thanks.
0 Kudos
Reply
16 REPLIES 16
Steven E. Protter
Exalted Contributor

‎06-24-2003 07:27 AM

‎06-24-2003 07:27 AM

Re: sh_history file format

Um,

Its supposed to be all text.

Its a text log file.

All it is supposed to be is a record of keystrokes from the user at the prompt.

Maybe you want to upload this file and show us curious ones whats in it.


Inquiring minds want to know.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
John Poff
Honored Contributor

‎06-24-2003 07:29 AM

‎06-24-2003 07:29 AM

Re: sh_history file format

Hi,

Sometimes it does have some binary characters in it. When I want to view it I do this:

strings .sh_history | more


JP
0 Kudos
Reply
Hai Nguyen_1
Honored Contributor

‎06-24-2003 07:29 AM

‎06-24-2003 07:29 AM

Re: sh_history file format

Eric,

.sh_history is 100% text. It reflects 100 %what one types at the command line. If there is a typo or a non-readable character, it is logged in .sh_history as well.

Hai
0 Kudos
Reply
Jim Mallett
Honored Contributor

‎06-24-2003 07:32 AM

‎06-24-2003 07:32 AM

Re: sh_history file format

Your history file should be all text. Do a:
file .sh_history to see the file type.

I do however see some control characters in mine from time to time and it probably just catches them just like it catches commands.

Jim
Hindsight is 20/20
0 Kudos
Reply
David_246
Trusted Contributor

‎06-24-2003 07:33 AM

‎06-24-2003 07:33 AM

Re: sh_history file format

Hi Eric,

I checked on our systems and indeed there are some special characters inside the file. Doing a more should be no problem but a cat gives you the beeps :)
When reading the file there should be no unexpected end of lines or so, so there should be no real problem when reading the file. I gues you should open it as a normal text-file.

Regs David
@yourservice
0 Kudos
Reply
Umapathy S
Honored Contributor

‎06-24-2003 07:44 AM

‎06-24-2003 07:44 AM

Re: sh_history file format

Eric,

As previously said, .sh_history logs the command history of the shell. These special characters would have come into the file if you had typed some control chars in the shell followed by enter. This will get recorded into the file.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

‎06-24-2003 07:44 AM

‎06-24-2003 07:44 AM

Re: sh_history file format

Hi,

If "strings" command works for you, then instead of :

fopen(".sh_history", ...)

you could use a :

popen("strings .sh_history")

which would do the filtering for use. It returns a FILE * descriptor like popen, but don't forget the pclose() ...

Regards.
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
Eric Guerizec
Frequent Advisor

‎06-24-2003 08:42 AM

‎06-24-2003 08:42 AM

Re: sh_history file format

hey! many reponses for me :)
If you think that sh_history is only ascii file, use bvi or od and you'll see extra characters like ^A or ^B :))))

My C prog open a user session and trace every user command in a log file. Each time the user press the enter key, the last line in .sh_history is read and copied in anoter file to keep the trace. I wrote a version which use fopen. Even with fopen, I can see some extra characters (not all) in the final log! A solution is to reject all characters < 0x20. I will test...

:)
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎06-24-2003 08:53 AM

‎06-24-2003 08:53 AM

Re: sh_history file format

do a strings on .sh_history and redirect to a file that should be then converted as ascii

strings .sh_history >yourfile
-USA..
Good Luck..
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎06-24-2003 11:50 AM

‎06-24-2003 11:50 AM

Re: sh_history file format

Hi

A string on the file will not display the non printable chars

so:-

strings .sh_history > /tmp/shellhist will produce a clean printable file.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-24-2003 03:31 PM

‎06-24-2003 03:31 PM

Re: sh_history file format

Actually, the shell does write special characters into the file to record position. The fc command is a shell built-in and is almost always aliased since most admins never use fc directly (alias history="fc -l"). To see this in action, edit the .sh_history file with vi and remove a few lines. Then logout and log back in again. The history command will now show a bunch of numbers with no commands and command recall doesn't work. The fix is to null the file so it can be re-initialized. Users that are trying to hide their tracks will have this symptom as they try to sanitize their history file.


Bill Hassell, sysadmin
0 Kudos
Reply
W.C. Epperson
Trusted Contributor

‎06-25-2003 11:44 AM

‎06-25-2003 11:44 AM

Re: sh_history file format

Dang, Bill, I thought when they taught us the secret handshake we had to swear not to tell those sorts of secrets!

But if you're gonna, then....

You can cover tracks without the symptom by:
grep -v {command I want to hide} .sh_history > tmp
mv tmp .sh_history

Now, of course, you end up with the grep and mv in the history, but a little script that removes itself, named after an innocuous command like ls, and a slight path manipulation can leave almost no trace.

We'll let you guys work out the details.
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
Anonymous
Not applicable

‎06-25-2003 02:23 PM

‎06-25-2003 02:23 PM

Re: sh_history file format

you may want to compare
xd $HISTFILE
or
xd -c $HISTFILE
against
head $HISTFILE
or
more $HISTFILE
-that gives enough details about it??s format.

Anyway, there are no details on that in
man sh-posix

0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-25-2003 02:30 PM

‎06-25-2003 02:30 PM

Re: sh_history file format

Hi,

.sh_history is purposefully embedded with special characters for the purpose of 'fc' comand as stated by Bill.

To see those special characters do

cat -v .sh_history

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Eric Guerizec
Frequent Advisor

‎06-26-2003 02:13 AM

‎06-26-2003 02:13 AM

Re: sh_history file format

This is what my prog does. It opens the history file for reading and reads each new line with fgets(). Null and control characters are removed, then the new string wrote in my log file. It works well but some control characters semm to be associated with some ascii characters, exemple I seen Ctrl-B+W but I never pressed the W key! ... and so I kept the W in my log! I try to investigate more....
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎06-26-2003 03:39 AM

‎06-26-2003 03:39 AM

Re: sh_history file format

Hi,

at least the ksh has the option '-s' for the builtin commands read and print, which perform a write to the $HISTFILE.
Perhaps you can look into the pdksh-source to find out what has to be done for a read ...

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.