LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-14-2009, 03:28 PM   #1
Cyberman
Member
 
Registered: Aug 2005
Distribution: Debian Stable
Posts: 184

Rep: Reputation: 17
Clearing out /dev/tty1 on exits


I like to switch to tty1 whenever I have a root task to accomplish. The unfortunate thing about this is that if someone were to switch to tty1 without me noticing, they might be able to read the events that occurred before the logout of root. I don't want this occurring. So, how do I remove such information before a complete exit?

For example, imagine I use
Code:
apt-get -d upgrade
.

It leaves a trail of information whenever I type in
Code:
exit
.

If I remain in tty1, all I have to do is shift+"page up" in order to view what happened before the exit. If I switch to a different tty and then back to tty1, I can't shift+"page up."

I want that same effect but while staying in tty1.
How do I accomplish such a thing?
 
Old 03-14-2009, 08:48 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Quote:
Originally Posted by Cyberman View Post
I like to switch to tty1 whenever I have a root task to accomplish. The unfortunate thing about this is that if someone were to switch to tty1 without me noticing, they might be able to read the events that occurred before the logout of root. I don't want this occurring. So, how do I remove such information before a complete exit?
The "SHIFT+up" thing, as far as I know, is a terminal configuration thing. The lines shown are shell history. Clearing those lines means clearing your shell history and setting root envvars that govern shell history logging. Since you're performing root account tasks I'd strongly suggest keeping a record of things. If not in the root shell history file then elsewhere.
 
Old 03-14-2009, 10:54 PM   #3
Cyberman
Member
 
Registered: Aug 2005
Distribution: Debian Stable
Posts: 184

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by unSpawn View Post
The "SHIFT+up" thing, as far as I know, is a terminal configuration thing. The lines shown are shell history. Clearing those lines means clearing your shell history and setting root envvars that govern shell history logging...
How do I do that?
What specific lines do I set?
 
Old 03-15-2009, 07:38 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Since shell history buffer gets written on exit you could 'echo "mv -f /root/.bash_history /root/.bash_history.0"|at now + 1 minutes; logout' inside your shell session and beforehand add HISTFILE=/dev/null and HISTSIZE=0 to the .bashrc. Ksh it'll be .sh_history and .kshrc.
 
Old 03-15-2009, 08:07 AM   #5
Cyberman
Member
 
Registered: Aug 2005
Distribution: Debian Stable
Posts: 184

Original Poster
Rep: Reputation: 17
I don't think what you have recommended is what I am looking for. The tty1 still displays things when I scroll up after an exit.
 
Old 03-15-2009, 08:32 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Quote:
Originally Posted by Cyberman View Post
I don't think what you have recommended is what I am looking for.
Well, that's one way to put it. I don't know what shell you run, if it's got multiple sessions open, if you actually run the 'at' service or if you just fat-fingered a command. So I don't even have a clue what you have performed is what you should have.
 
Old 03-15-2009, 10:58 AM   #7
Linuxchuck
LQ Newbie
 
Registered: Aug 2007
Distribution: Slackware from 94-09, Debian Since March 09
Posts: 28

Rep: Reputation: 19
Quote:
Originally Posted by Cyberman View Post
I like to switch to tty1 whenever I have a root task to accomplish. The unfortunate thing about this is that if someone were to switch to tty1 without me noticing, they might be able to read the events that occurred before the logout of root. I don't want this occurring. So, how do I remove such information before a complete exit?

For example, imagine I use
Code:
apt-get -d upgrade
.

It leaves a trail of information whenever I type in
Code:
exit
.

If I remain in tty1, all I have to do is shift+"page up" in order to view what happened before the exit. If I switch to a different tty and then back to tty1, I can't shift+"page up."

I want that same effect but while staying in tty1.
How do I accomplish such a thing?
I recommend adding the "clear console" command to your logout script. For example, here is my ~/.bash_logout script:

Code:
# ~/.bash_logout: executed by bash(1) when login shell exits.

# when leaving the console clear the screen to increase privacy

if [ "$SHLVL" = 1 ]; then
    [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
fi
If your system does not have the "clear_console" command available, then create this logout script, and use it when you are on TTY1:

Code:
#!/bin/bash
clear
chvt 2 && chvt 1
logout
Hope this helps...

Last edited by Linuxchuck; 03-15-2009 at 11:02 AM. Reason: tweaked the script a bit.
 
1 members found this post helpful.
Old 03-15-2009, 10:01 PM   #8
Cyberman
Member
 
Registered: Aug 2005
Distribution: Debian Stable
Posts: 184

Original Poster
Rep: Reputation: 17
Yes, /usr/bin/clear_console is what I was looking for. At least, it's close enough to what I have been desiring.

Thank you, Linuxchuck.
+1
 
Old 03-16-2009, 04:46 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Does clear_console only clear the screen or shell history as well? I doubt it.
 
Old 03-16-2009, 07:17 AM   #10
Linuxchuck
LQ Newbie
 
Registered: Aug 2007
Distribution: Slackware from 94-09, Debian Since March 09
Posts: 28

Rep: Reputation: 19
Quote:
Originally Posted by unSpawn View Post
Does clear_console only clear the screen or shell history as well? I doubt it.
If I read this thread correctly, Cyberman never asked for a way to clear the shell history. Only the scrollback buffer on consoles. He never mentioned that anyone other than himself logs in as root. Only that he was looking for an automated process to make sure that nobody can walk up to the screen after he has logged out of root from one of the virtual consoles (TTY1-10) and use the scrollback buffer (shift+pgup) to read the commands and output that he had performed prior to logging out.
 
Old 03-16-2009, 10:06 AM   #11
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Rep: Reputation: 34
It's common practice to alias or script logout so that it "clear"s or "reset"s the screen as the last thing it does, especially if working as root. Both clear and reset are standard commands in /usr/bin in all distros.

They are also incredibly useful remotely - often an SSH session will break it's line-lengths and make a mess of the screen and clear with fix it. And equally often, you paste binary data, or run a command that puts binary data onto stdout by accident and it will mess up the whole charset encoding - everything will still "work", but you'll see garbage in place of the characters you type. "Reset" is designed to fix that (and be easy to type even when you can't see what's on screen!).
 
1 members found this post helpful.
Old 03-16-2009, 10:10 AM   #12
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by ledow View Post
And equally often, you paste binary data, or run a command that puts binary data onto stdout by accident and it will mess up the whole charset encoding - everything will still "work", but you'll see garbage in place of the characters you type. "Reset" is designed to fix that (and be easy to type even when you can't see what's on screen!).
Awesome! Thanks for this tip!
 
Old 03-16-2009, 04:43 PM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Quote:
Originally Posted by Linuxchuck View Post
If I read this thread correctly, Cyberman never asked for a way to clear the shell history. Only the scrollback buffer on consoles.
And you did. Somehow the SHIFT didn't sink in.
 
Old 03-16-2009, 04:57 PM   #14
GazL
Senior Member
 
Registered: May 2008
Posts: 3,319

Rep: Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881
I'd gotten it into my head that there was a console escape sequence to clear out the scrollback history on the linux Virtual Terminal, but I've been searching all over and I'm buggered if I can find it. It's possible I might have be thinking of FreeBSD though.


Anyway, the following approach will sort of work in a round about way.

Add an INIT string to your getty command line in /etc/inittab.
In my case on slackware which uses agetty it's the -I option.

Code:
c6:12345:respawn:/sbin/agetty -I "\033c\033[12;7]" 38400 tty6 linux
Now, when you logout of your console session, in this example on tty6, inittab with respawn the getty process which will then use the init string to \033c (reset) and \033[12:7] (switch to virtual console 7. In my case X Windows). Because of the VT switch the scroll-back buffer belonging to the previous VT is no longer available if someone were to switch back with ctrl-alt-f6. As long as you don't mind this VT switching it'll ensure the privacy of whatever it was you were doing on the VT prior to logout.


If anyone knows of a control sequence to erase the scrollback itself, I'd be very interested to see it. man "console_codes" doesn't list one.
 
Old 03-16-2009, 05:00 PM   #15
Berticus
Member
 
Registered: Jul 2005
Distribution: Arch
Posts: 159

Rep: Reputation: 31
By the way, there's many other ways to do this. For example, editing /etc/issue:
Code:
^[[H^[[2J
Welcome to my linux box
This issues escape sequences, which clears the virtual console (some distros already have this setup, such as ArchLinux). You could also edit ~/.bash_logout or ~/.logout:
Code:
clear
 
  


Reply

Tags
exit, security, tty1


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
logs sent to /dev/console appear on /dev/tty1 lfur Linux - General 3 01-08-2008 01:19 PM
Fails to boot - rcS /dev/tty1: No such file or directory Spearhawk Debian 1 03-29-2007 09:05 AM
[SOLVED] su - mysql; /dev/tty1 operation not permitted Wim Sturkenboom Linux - Software 6 04-20-2006 11:25 PM
/dev/tty0, /dev/tty1, /dev/tty10...and so on...which should be used for a device ??? b0nd Slackware 2 04-02-2006 08:14 AM
/dev/tty1 no longer exists Steerpike Linux - Newbie 3 11-27-2004 11:16 AM


All times are GMT -5. The time now is 09:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration