|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide|
|Prev||Chapter 5. General System Security||Next|
To make it easy for you to repeat long commands, the bash shell stores up to 500 old commands in the ~/.bash_history file where ~/ is your home directory. Each user that has an account on the system will have this file .bash_history in their home directory. Reducing the number of old commands the .bash_history files can hold may protect users on the server who enter by mistake their password on the screen in plain text and have their password stored for a long time in the .bash_history file.
The HISTFILESIZE and HISTSIZE lines in the /etc/profile file determine the size of old commands the .bash_history file for all users on your system can hold. For all accounts I would highly recommend setting the HISTFILESIZE and HISTSIZE in /etc/profile file to a low value such as 20. Edit the profile file vi /etc/profile and change the lines to:
The administrator should also add into the /etc/skel/.bash_logout file the rm -f $HOME/.bash_history line, so that each time a user logs out, its .bash_history file will be deleted so crackers will not be able to use .bash_history file of users who are not presently logged into the system. Edit the .bash_logout file vi /etc/skel/.bash_logout and add the following line:
rm -f $HOME/.bash_history
The above hack will only work for future users you'll add in the server. If you already have existing users in the /etc/passwd file, you must edit and add the above line into their .bash_logout files manually.