As a red team member, one crucial step in maintaining operational security is turning off command history in various Linux shells. By default, most shells save a record of all commands executed on the system, including any sensitive information that may be entered, such as login credentials or command-line options for tools like Metasploit or Nmap. This article will explore the different methods of disabling command history in various Linux shells.
Why turn off command history?
Command history is a valuable feature for system administrators and users, as it allows them to quickly recall previously executed commands and save time typing repetitive commands. However, command history can be a double-edged sword for red team members. On the one hand, it can be used to quickly repeat complex commands or chain together a series of commands without retyping them manually. On the other hand, it can be used by defenders to trace the steps of an attacker and identify what commands were executed on the system. Disabling command history can prevent this and maintain the operational security of a red team operation.
Disabling command history in the Bash shell
Bash is one of the most popular shells on Linux systems, and disabling command history in Bash is a straightforward process. To turn off command history, you can set the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, using the following commands:
export HISTFILE=/dev/null
export HISTSIZE=0
Bash uses the HISTFILE variable to specify the file where command history is stored. By setting it to /dev/null, Bash will not save command history to a file. The HISTSIZE variable determines the maximum number of commands stored in memory. By setting it to 0, Bash will not store any commands in memory.
Disabling command history in the Zsh shell
Zsh is another popular shell on Linux systems, and disabling command history in Zsh is similar to Bash. To turn off command history in Zsh, you can set the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, using the following commands:
export HISTFILE=/dev/null
export HISTSIZE=0
Zsh uses the HISTFILE variable to specify the file where command history is stored. Setting it to /dev/null will not save command history to a file. The HISTSIZE variable determines the maximum number of commands that can be stored in memory. Setting it to 0 will not store any commands in memory.
Disabling command history in the Fish shell
Fish is a newer shell that has gained popularity recently due to its user-friendly interface and powerful scripting capabilities. To turn off command history in Fish, you can set the FISH_HISTORY variable to /dev/null using the following command:
set -gx FISH_HISTORY /dev/null
Fish uses the FISH_HISTORY variable to specify the file where command history is stored. Setting it to /dev/null will prevent Fish from saving command history to a file.
Disabling command history in the C shell (csh)
The C shell, or csh, is an older shell still used on some systems. To turn off command history in csh, you can set the history variable to 0 using the following command:
set history=0
This will prevent csh from storing command history in memory. However, it is essential to note that csh does not have an option to turn off saving command history to a file.
Disabling command history in the Tenex C shell (tcsh)
The Tenex C shell, or tcsh, is an enhanced version of the C shell that provides
additional features and functionality. To turn off command history in tcsh, you
can set the savehist and histfilesize variables to 0 using the following
commands:
set savehist=0
set histfilesize=0
The savehist variable determines whether tcsh should save command history to a file. By setting it to 0, tcsh will not save command history to a file. The histfilesize variable determines the maximum number of commands stored in memory. Setting it to 0, tcsh will not store any commands in memory.
Disabling command history in the Korn shell (ksh)
The Korn shell, or ksh, is another popular shell on Unix-based systems. To turn off command history in ksh, you can set the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, using the following commands:
export HISTFILE=/dev/null
export HISTSIZE=0
The HISTFILE variable is used by ksh to specify the file where command history is stored. Setting it to /dev/null will not save command history to a file. The HISTSIZE variable determines the maximum number of commands that can be stored in memory. Setting it to 0 will not store any commands in memory.
Conclusion
Disabling command history in Linux shells is critical for red team members who want to maintain operational security and prevent defenders from tracing their steps. By setting the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, in Bash and Zsh and the FISH_HISTORY variable to /dev/null in Fish, you can disable command history and prevent sensitive information from being stored in memory or on disk.
Disabling command history in the C shell (csh) and the Tenex C shell (tcsh) is similar to Bash, Zsh, and Fish. Setting the appropriate variables to 0 prevents these shells from storing command history in memory or on disk. However, it is essential to note that csh does not have an option to turn off saving command history to a file. As with all shells, maintaining the operational security of a red team operation requires careful consideration and attention to detail. Disabling command history is just one step in the process but is crucial.