[英]Loop to fill up .bash_history
How would one write a loop to reach the limit on $HISTFILESIZE in bash? 一个人如何编写循环以达到bash中$ HISTFILESIZE的限制?
Something like this that would actually print the commands? 这样的东西实际上可以打印命令吗?
for i in $(seq 1 $HISTFILESIZE); do echo test-$i;done
The goal is to see if logs can be overwritten with a simple loop that a malicious user might use to hide his shell history. 目的是查看是否可以通过一个简单的循环来覆盖日志,恶意用户可以使用该循环来隐藏其外壳历史记录。 I have .bash_history append only with: chattr +a I know that relying on .bash_history is probably not the best way to keep track, this is more of a "I'm curious" question.
我只有.bash_history附加:chattr + a我知道依靠.bash_history可能不是跟踪的最佳方法,这更多是“我很好奇”的问题。
Thanks Jon 谢谢乔恩
You don't need seq
, Bash has two ways of providing numbers to iterate over with a for
loop. 您不需要
seq
,Bash有两种方式提供数字以使用for
循环进行迭代。
for i in {1..100}
which won't take variables as arguments (unless you use eval
). 不会将变量作为参数(除非您使用
eval
)。
And 和
for ((i = 1; i <= $HISTFILESIZE; i++))
which obviously can use variables. 显然可以使用变量。
You can do: 你可以做:
for ((i = 1; i <= $HISTFILESIZE; i++))
do
history -s "anything you want"
done
With this technique a user can obliterate the in-memory history list of the current session. 使用此技术,用户可以清除当前会话的内存历史记录列表。 When the user exits, that list is written to the history file.
当用户退出时,该列表将被写入历史文件。
You can truncate the history file: 您可以截断历史记录文件:
>~/.bash_history
Assuming it's not append-only. 假设它不是仅追加。
Well, the user could always run 好吧,用户可以一直运行
for i in $(seq 1 $HISTFILESIZE); do echo test-$i;done
just as you say, and paste the output into a terminal. 就像您说的那样,然后将输出粘贴到终端中。 But
.bash_history
is in the user's home directory, so he could chmod +w
and then shred
it just as easily. 但是
.bash_history
位于用户的主目录中,因此他可以chmod +w
然后将其shred
一样容易。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.