I heard that you still don't know the power of history? You still don't know who is operating what on your linux?

Enterprise 2022-03-23 12:25:40 views: null

Article directory

Fundamental

insert image description here

  • The history of Linux commands will be persistently stored, and the default location is the .bash_historyfile .

  • When a Linux system starts a Shell, the Shell will .bash_historyread the history from the file and store it in the corresponding memory buffer.

  • The Linux commands we usually operate are recorded in the buffer. The history command management, including the history command, operates on the buffer, rather than directly on the .bash_historyfile.

  • When we exit the Shell, such as pressing Ctrl+D, the Shell process will write the contents of the history buffer back to the .bash_historyfile.
    [So now you should know what to do to permanently delete the record?

Use details

Clear the basic principles of history, let's learn how to use it in detail.

Basic usage

View Records & View Specified Lines

  • Enter the history command directly, and you can see that all the recently operated commands are displayed
root@ccx ~]# history
   1  bash
   2  ls
   3  vim .bash_history
   4  cat .bash_history
   5  history
   6  bash
  • Sometimes I don't need to display all the historical commands, only the last 10 historical records, you can add the number N after the command
root@ccx ~]# history 10

Active save buffer

Normally, the buffer contents are only saved to a file when the shell exits normally. If you want to actively save the history of the buffer, execute the -w option

root@ccx ~]# history -w

delete buffer

Of course, if you perform some sensitive command operations, you can execute -c to delete the buffer content directly

root@ccx ~]# history -c

execute a command repeatedly

  • If you want to execute some commands repeatedly, you can use !to quickly execute the repeated commands.

  • For example, to repeatedly execute the 1024th historical command, you can execute the following command

root@ccx ~]# !1024
#1024 这个编号的命令内容是可以通过 history 查看哦
  • Repeat the previous command
root@ccx ~]# !!
  • Repeatedly execute the last 6th history command, which can be represented by a negative number, -6 means the 6th last record
root@ccx ~]# !-6

search history command

  • Sometimes, you need to repeatedly execute the last command at the beginning of a certain string. You can also use ! to operate, and then press Enter to execute it. For
    example, you just executed a long command, and only recorded that the command starts with curl, then you can pass !curl executes the command quickly
# 假设我最后一次执行的是 curl 1.1.1.1 
root@ccx ~]# !curl

# 上面命令呢就是会执行curl 1.1.1.1
  • This usage is very efficient, but there is an insecurity factor, because it is possible to execute a command that is not what you want to execute, which is a bad thing. Can be :pexecuted safely via .
root@ccx ~]# !curl:p
curl 1.1.1.1

#加上 :p 后,只是打印出了搜索到的命令,如果要执行,请按 ↑ 键,然后回车即可。
  • If you only know that a command contains x information and does not start with x, you can also use ? to execute a command containing a string
root@ccx ~]# ?x
  • In fact, more people like to use grep to search histoart | grep x, get all the historical command content containing x and the previous serial number, and then use it !序号to quickly execute the command.

Interactive search history command

  • Searching for historical commands in Linux can also be done interactively, which is efficient and direct. Ctrl+RAfter entering on the command line , enter the interactive interface, and type the keyword to be searched. If multiple commands are matched, you can type multiple times Ctrl+Rto switch to the previous matching command.
(reverse-i-search)`sina': echo sina

It can be seen that after I input sina, it will automatically match the latest command that matches sina, and then press Enter to execute the command.

show timestamp

  • Sometimes it is necessary to audit the Linux system, which is very useful to add a timestamp to the history and display.
root@ccx ~]# export HISTTIMEFORMAT='%F %T '
root@ccx ~]# history 3
  46  2022-01-11 18:21:33 curl baidu.com
  47  2022-01-11 18:21:35 pwd
  48  2022-01-11 18:21:39 history 3
  • As you can see, the history has shown the timestamp. In fact, these are not enough for auditing needs, you can add more detailed information:
root@ccx ~]# export HISTTIMEFORMAT="%F %T `who -u am i 2>/dev/null| awk '{print root@ccx ~]#NF}'|sed \-e 's/[()]//g'` `whoami` "
  6  2022-01-11 18:22:48 113.200.44.237 root ls
  7  2022-01-11 18:22:59 113.200.44.237 root pwd
  8  2022-01-11 16:08:14 113.200.44.237 root history

Control the total number of history records

  • By default, Linux systems store up to 1000 history records, which can be viewed through the HISTSIZE environment variable
root@ccx ~]# echo root@ccx ~]#HISTSIZE
1000
  • For scenarios that need to be audited, 1000 historical records may be too few, we can modify it to an appropriate value
root@ccx ~]# export HISTSIZE=10000

  • Note that the HISTSIZE variable can only control the number of historical records in the buffer. If you need to control the maximum number of records stored in the .bash_historyfile , you can control it through HISTFILESIZE

  • The above command line modification only takes effect in the current shell environment. If it needs to take effect permanently, it needs to be written into the configuration file

root@ccx ~]# echo "export HISTSIZE=10000" >> ~/.bash_profile
root@ccx ~]# echo "export HISTFILESIZE=200000" >> ~/.bash_profile
root@ccx ~]# source ~/.bash_profile

Change history file name

  • Sometimes it is necessary to change the path and name of the history file for ease of management and backup. Simple, also change its file name through the environment variable HISTFILE
root@ccx ~]# echo "export HISTFILE=/data/backup/chopin.bash_history" >> ~/.bash_profile
root@ccx ~]# souce ~/.bash_profile

Disable history

  • In some kind of special environment, we need to disable history
root@ccx ~]# echo "export HISTSIZE=0" >> ~/.bash_profile
root@ccx ~]# echo "export HISTFILESIZE=0" >> ~/.bash_profile
root@ccx ~]# source ~/.bash_profile

Haha, directly set the value of the above two variables to 0, the function of disabling history is realized.

A hacker must-know

  • Finally, share a little-known trick that hackers must know.

  • Add an extra space before the command, such a command will not be recorded in the history, doesn't it feel cool?

  • If this trick does not work on your system, please check whether the environment variable HISTCONTROLis included ignorespace. It seems that the centos system does not set this value by default.

Summarize

  • In the Linux system, the history command can be very convenient to help us manage historical commands. Usually, our commands will be recorded in the cache area first, and will be recorded in the file when the Shell exits.

  • The history command provides a very convenient management function. Reasonable configuration and management of history records can make your Linux system more robust and secure.

    • historyCommon methods of commands
    • history n: Show only the most recent n history records
    • history -c: Clear the history in the cache
    • history -w: save the history of the buffer to a file
    • history -d N: delete the Nth history record

  • Several methods of repeatedly executing commands: !!, !-1, !N, !stringand other interactive historical command search, please use Ctrl+Rshortcut keys to properly use several related environment variables to make your Linux system more secure:

    • HISTSIZE: Controls the maximum number of buffer history records
    • HISTFILESIZE: Controls the maximum number of records in the history file
    • HISTIGNORE: Set which commands are not recorded to the history
    • HISTTIMEFORMAT: Set the time format displayed by the history command
    • HISTCONTROL: Extended control options

  • If in a production environment, these environment variables need to be persisted to the configuration file~/.bash_profile

export HISTCONTROL=ignoreboth
# ignorespace: 忽略空格开头的命令
# ignoredups: 忽略连续重复命令
# ignoreboth: 表示上述两个参数都设置


# 设置追加而不是覆盖
shopt -s histappend

export HISTSIZE=1000
export HISTFILESIZE=200000
export HISTTIMEFORMAT="%F %T "
export HISTIGNORE="ls:history"

finally

I’m going to go on vacation on the 15th. There are a lot of things going back this year, and I will definitely not be able to study. Therefore, the study and notes in 2021 will come to an end, so the number of notes this month is small. Continue to work hard in 2022, come on !

Guess you like

Origin blog.csdn.net/cuichongxin/article/details/122450217
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com