Closed matthieumarrast closed 5 months ago
To disable history for a mewotk user, add unset HISTFILE
in ~/.metwork.custom_profile
This will be done at admin level on exposed machines. We will not complicate module configuration for this need. So I think we can close this issue ?
Yes we can close. Below a command for disabling the history fil for all the modules, as root:
for module in mfserv mfbase mfdata mfsysmon; do echo "unset HISTFILE" | tee /home/${module}/.metwork.custom_profile >/dev/null 2>&1 && chown ${module}:metwork /home/${module}/.metwork.custom_profile >/dev/null 2>&1 || true; done
Problem
In the module HOME directory, the file
.bash_history
stores the history of the commands seized by the module user (mfserv, mfdata, mfbase... etc...). These commands can be accessed using commandhistory
.During a security audit on february 2024, we have detected in this command history somme commands that can leak sensitive data or operations.
We recommend to remove the command history
Solution
Add a configuration in metwork module in order to disable the command history (can be useful in production environment) or to restrict the number of saved commands.
In the module config, we can add:
It will results to execution of below command in the module
bash_profile
orbashrc
: Ifcommand_history=0
:If
command_history_size=10
: