As a red team member, one of the crucial steps in maintaining operational security is to disable command history in the various Linux shells. By default, most shells save a record of all commands that are executed on the system, including any sensitive information that may be entered, such as login credentials or command-line options for tools like Metasploit or Nmap. In this article, we will explore the different methods of disabling command history in various Linux shells.
Why disable command history?
Command history is a useful feature for system administrators and users, as it allows them to quickly recall previously executed commands and save time typing repetitive commands. However, for red team members, command history can be a double-edged sword. On the one hand, it can be used to quickly repeat complex commands or chain together a series of commands without retyping them manually. On the other hand, it can be used by defenders to trace the steps of an attacker and identify what commands were executed on the system. Disabling command history can help to prevent this and maintain the operational security of a red team operation.
Disabling command history in the Bash shell
Bash is one of the most popular shells on Linux systems, and disabling command history in Bash is a straightforward process. To disable command history, you can set the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, using the following commands:
export HISTFILE=/dev/null
export HISTSIZE=0
The HISTFILE variable is used by Bash to specify the file where command history is stored. By setting it to /dev/null, Bash will not save command history to a file. The HISTSIZE variable determines the maximum number of commands that can be stored in memory. By setting it to 0, Bash will not store any commands in memory.
Disabling command history in the Zsh shell
Zsh is another popular shell on Linux systems, and disabling command history in Zsh is similar to Bash. To disable command history in Zsh, you can set the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, using the following commands:
export HISTFILE=/dev/null
export HISTSIZE=0
The HISTFILE variable is used by Zsh to specify the file where command history is stored. By setting it to /dev/null, Zsh will not save command history to a file. The HISTSIZE variable determines the maximum number of commands that can be stored in memory. By setting it to 0, Zsh will not store any commands in memory.
Disabling command history in the Fish shell
Fish is a newer shell that has gained popularity in recent years due to its user-friendly interface and powerful scripting capabilities. To disable command history in Fish, you can set the FISH_HISTORY variable to /dev/null using the following command:
set -gx FISH_HISTORY /dev/null
The FISH_HISTORY variable is used by Fish to specify the file where command history is stored. By setting it to /dev/null, Fish will not save command history to a file.
Disabling command history in the C shell (csh)
The C shell, or csh, is an older shell that is still in use on some systems. To disable command history in csh, you can set the history variable to 0 using the following command:
set history=0
This will prevent csh from storing command history in memory. However, it is important to note that csh does not have an option to disable saving command history to a file.
Disabling command history in the Tenex C shell (tcsh)
The Tenex C shell, or tcsh, is an enhanced version of the C shell that provides additional features and functionality. To disable command history in tcsh, you can set the savehist and histfilesize variables to 0 using the following commands:
set savehist=0
set histfilesize=0
The savehist variable determines whether tcsh should save command history to a file. By setting it to 0, tcsh will not save command history to a file. The histfilesize variable determines the maximum number of commands that can be stored in memory. By setting it to 0, tcsh will not store any commands in memory.
Disabling command history in the Korn shell (ksh)
The Korn shell, or ksh, is another popular shell on Unix-based systems. To disable command history in ksh, you can set the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, using the following commands:
export HISTFILE=/dev/null
export HISTSIZE=0
The HISTFILE variable is used by ksh to specify the file where command history is stored. By setting it to /dev/null, ksh will not save command history to a file. The HISTSIZE variable determines the maximum number of commands that can be stored in memory. By setting it to 0, ksh will not store any commands in memory.
Conclusion
Disabling command history in Linux shells is a critical step for red team members who want to maintain operational security and prevent defenders from tracing their steps. By setting the HISTFILE and HISTSIZE variables to /dev/null and 0, respectively, in Bash and Zsh, and the FISH_HISTORY variable to /dev/null in Fish, you can disable command history and prevent sensitive information from being stored in memory or on disk.
Disabling command history in the C shell (csh) and the Tenex C shell (tcsh) is similar to Bash, Zsh, and Fish. By setting the appropriate variables to 0, you can prevent these shells from storing command history in memory or on disk. However, it is important to note that csh does not have an option to disable saving command history to a file. As with all shells, maintaining the operational security of a red team operation requires careful consideration and attention to detail. Disabling command history is just one step in the process, but it is an important one.