Because I’m kinda lazy and didn’t pay attention in typing class, I work the heck out of the Linux history buffer. For pentesting, I use the history command to see what was going on, then I redirect the output to /dev/shm, which is basically just the RAM area. Now it’ll be deleted after the machine reboots and nobody can see at least those tracks. (I’ll save my pentesting tips for another blog.)
Take a look at the long list of commands in the history buffer. Let’s try and make these a little more usable. Like nacho-cheese flavoring on popcorn, you’re gonna wonder how ya lived without these!
History Tip 00x01
When you run the history command, it just shows an order of the commands executed. What would be helpful to me is knowing WHEN the commands were run. No problem there! Just type in:
# export HISTTIMEFORMAT=’%F %T ‘
History Tip 00x02
Some history listings will be really big. Almost too big to do much with. Sure would be groovy if we could do a keyword search, wouldn’t it? Heck yeah it would, man! Well then, try pressing Control + R, and look:
Check out how my prompt changed. I can edit that line, too. Let’s say I stopped a print service. I can do a Control + R keyword search for “print”, then change the action STOP to START and execute the command.
History Tip 00x03
Speaking of cluttered logs. Cleaning them is one thing. Keeping them clean? Well, that’s another story. What clutters up history buffers is crap like this:
If there are certain commands you don’t really care about, like “ps,” “pwd,” and “ls,” then use this command:
# export HISTIGNORE=“ps,pwd,ls”
Keep in mind this ONLY ignores exactly what you put in. So, “ps” is ignored, but “ps –a” is not. You’d need to also list that if you want it ignored.
Kinda cool right? I use this stuff all the time so I have more time to lose fishing lures and play Elevator Simulator v3. Big ole shout out goes to Ramesh Natarajan and his great book “Bash 101 Hacks.” It teaches me something new every time I bend back the pages.
—Jimmy Ray Purser