首页 > 代码库 > 使用history环境变量提升系统安全性
使用history环境变量提升系统安全性
1) 应用场景
系统如果被黑客攻入,他就可以查看一下histroy就能知道了系统的一些敏感信息,像登录的密码之类的:比如有马虎的维护工程师,直接输入了数据库的密码:
[root@mysql-master ~]# history 16 history 17 clear 18 mysql -u root -p‘redhat12345‘ -S /data/3306/mysql.sock 19 history 如上,我们可以发现数据库的密码为redhat12345
2)如何让系统不记录这些敏感信息了?
[root@mysql-master ~]# export HISTCONTROL=ignorespace [root@mysql-master ~]# history 16 history 17 clear 18 mysql -u root -p‘redhat12345‘ -S /data/3306/mysql.sock 19 history 20 export HISTCONTROL=ignorespace 21 history 22 clear 23 history [root@mysql-master ~]# who am i root pts/0 2016-10-14 21:13 (10.10.10.1) [root@mysql-master ~]# mysql -u root -predhat12345 -S /data/3306/mysql.sock -e "show databases;" +--------------------+ | Database | +--------------------+ | information_schema | | blog | | dawnpro | | eip | | ems | | hangzhou_dawnpro | | james | | kitty | | mysql | | opark | | performance_schema | | test123 | | wanlong | | www | +--------------------+ [root@mysql-master ~]# w 03:19:43 up 1 day, 21:26, 2 users, load average: 1.00, 1.00, 1.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.10.10.1 21:13 0.00s 0.76s 0.01s w root pts/1 10.10.10.1 03:03 14:32 0.19s 0.19s -bash [root@mysql-master ~]# history 16 history 17 clear 18 mysql -u root -p‘redhat12345‘ -S /data/3306/mysql.sock 19 history 20 export HISTCONTROL=ignorespace 21 history 22 clear 23 history 24 who am i 25 w 26 history 如上可知,“空格+命令”,可以不让histroy记录这些敏感信息
3)其它方法
输入重要命令前,先输入export HISTIGNORE=*,然后输入重要命令,输入完成后,再通过"export HISTIGNORE=”恢复记录 [root@mysql-master ~]# history -c [root@mysql-master ~]# export HISTIGNORE=* [root@mysql-master ~]# mysql -uroot -predhat12345 -S /data/3306/mysql.sock Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 65 Server version: 5.5.32-log Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. mysql> \q Bye [root@mysql-master ~]# export HISTIGNORE= [root@mysql-master ~]# history 16 export HISTIGNORE=* 17 history
本文出自 “冰冻vs西瓜” 博客,请务必保留此出处http://molewan.blog.51cto.com/287340/1863018
使用history环境变量提升系统安全性
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。