• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » How to Delete Traces from Linux History

How to Delete Traces from Linux History

November 25, 2020 - by Zsolt Agoston - last edited on November 27, 2020

So, you have run some commands on a Linux machine that you don't want others to see? For example, I like to use chpasswd to change a password in the system because this way it's more visual.

However, anyone who has access to the root account (knowing the root password, or if they are present in the sudoers file) could see the sensitive information.

To prevent this, we need to delete those last commands from the bash history log.

How to Delete Traces from Linux History

You could edit the history log file in the user's home directory (~/.bash_history), but that case you would leave your traces. If someone checked the log, they would see that you edited the bash history log for some reason.

How to Delete Traces from Linux History

You want to delete all traces. So, what can you do?

1. Remove last part of the history from the machine itself

One neat technique is to exploit the fact that you can delete a certain line from history. In our case we want to delete line 336 and everything after it.

If we delete line 341, then 342 becomes 341, and so on so forth.

That means we simply need to delete line 339 that many times as how many lines we have after it, plus one (which is our delete command itself).

Let's take an example.

How to Delete Traces from Linux History

In this case in line 337 of the history log we have the information we want to remove and everything after is as it would have never happened.

We will use the history -d command to accomplish it, which will eventually become entry 342 in history. So, we want to run the "history -d 337" command six times. We can do that in multiple ways:

for i in $(seq 337 342); do history -d 337; done

# We don't care about the "i" variable, nor any sequence numbers. They are only there because it's simpler to make the computer calculate the proper number of how many times to run the command after the "do" part. We can achieve the same this way:

for i in {1..6}; do history -d 337; done

This is how our history looks like after our command. Everything is deleted after line 337, which entry contained our password earlier. Now it only contains the command "history" that we've just used to list the history log.

How to Delete Traces from Linux History

2. Simply delete the history log remotely

As a less elegant alternative solution, we can simply remove the bash history file from the computer remotely, using another box.

The log file that needs to be gone is called .bash_history, and it's located in the home directory of the specific user who's command history we want to wipe.

The important thing is that we'll use SSH and the user account we authenticate with needs to have write access for the bash log file.

For the root it's simple, as the superuser has access to all files in the filesystem. However, many times the root account is not allowed to use SSH, or we simply don't know it's password.

That case we can use a regular user to SSH into the box. If we use a regular user make sure it's added to the sudoers file with the NOPASSWD attribute, so they can use sudo to run the rm command with root privileges!

Here is an example sudoers entry for user zsolt to run the rm command with elevated permissions:

# Remove bash history with root credentials
ssh root@10.0.0.100 'rm /root/.bash_history'

# Remove bash history with user credentials, which user has sudo privileges as discussed earlier
ssh zsolt@10.0.0.100 'sudo rm /root/.bash_history'
How to Delete Traces from Linux History

Enjoy 🙂 

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • 1. Remove last part of the history from the machine itself
  • 2. Simply delete the history log remotely

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}