It's been said that there are more passwords stored in history than in /etc/shadow
- so, how do I limit the number of items in history?
This is controlled by the HISTSIZE and HISTFILESIZE built-in shell variables. Quoting from the documentation in man bash
:
HISTSIZE
- The number of commands to remember in the command history (see HISTORY below). If the value is 0, commands are not saved in the history list. Numeric values less than zero result in every command being saved on the history list (there is no limit). The shell sets the default value to 500 after reading any startup files.
HISTFILESIZE
- The maximum number of lines contained in the history file. When this variable is assigned a value, the history file is truncated, if necessary, to contain no more than that number of lines by removing the oldest entries. The history file is also truncated to this size after writing it when a shell exits. If the value is 0, the history file is truncated to zero size. Non-numeric values and numeric values less than zero inhibit truncation. The shell sets the default value to the value of HISTSIZE after reading any startup files.
~/.bashrc
is an appropriate place to set these values. They don't need to be exported, since they're internal to the shell:
HISTFILESIZE=25
...will do fine, no export
needed.
You can limit the number of items in history by adding this line to your ~/.bashrc file:
# remember the last 1000 commands in history
HISTSIZE=1000
Some additional bash history parameters that you might find interesting:
# Limit the size of the ~/.bash_history file
HISTFILESIZE=2000
# append to the history file, don't overwrite it
shopt -s histappend
# Avoid duplicate entries
export HISTCONTROL=ignoredups:erasedups
From the command line, you can also enter a history search mode by pressing Control + R. As you start typing, the history search will suggest items.
Additionally, if you use the history
command, you can execute items by number (e.g. !99
would execute the 99th command in history). !!
will also execute the last command previously executed.
Many programs are good about keeping passwords out of history. If you do notice an entry you would like to delete, however, you can do so like this:
# say we start with an empty bash command history
bash-3.2$ history
1 history
# enter a command that requires a password
bash-3.2$ sudo rm -i some_file
Password:
# accidentally ^C and type your password
# into the prompt and hit enter
bash-3.2$ secret_password
bash: secret_password: command not found
# your password is now there for all to
# see in your bash history
bash-3.2$ history
1 history
2 sudo rm -i some_file
3 secret_password
4 history
# first option to fix it, delete the numbered entry from
# history and write to your ~/.bash_history file
bash-3.2$ history -d 3
bash-3.2$ history -w
# entry 3 will be removed entirely from your command history
bash-3.2$ history
1 history
2 sudo rm -i some_file
3 history
4 history -d 3
5 history -w
6 history
# the second option is to clear the entire history
# and write the changes to disk
bash-3.2$ history -c
bash-3.2$ history -w
# it's now pretty obvious that your history has been
# scrubbed clean, but at least your password is history!
bash-3.2$ history
1 history -w
2 history
source for above example: http://rawsyntax.com/blog/learn-bash-remove-commands-from-your-history/
Set history file size with something like:
HISTFILESIZE=1024
Disable history with:
HISTFILESIZE=0
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With