LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-21-2013, 07:13 PM   #1
Timatekore
LQ Newbie
 
Registered: Mar 2013
Location: Planet Earth
Distribution: open SuSE, Knoppix, Android, Puppy
Posts: 11

Rep: Reputation: Disabled
How to get rid of threatening file history?


Howdy folks,

I am using TrueCrupt 7.1a under Suse 12.3 and for added safety I specified a keyfile for my TC Volume.
That keyfile was carefully renamed by me and hidden among all kinds of other files, to obfuscate it.
And now imagine how grateful I am that, even so TC doesn't remember my last opened file (since I unchecked the "Remember History" option), the Linux operating system does it for me, and *always* displays the list of last used files to select from.

This of course makes utter waste of any obfuscation attempt of mine, when naming/placing the key file - I'd call that a brain damaged "feature" design, specially since I seem to be unable to erase that "used file history".

Anyone got any idea how to remove that file history altogether, and possibly prevent it from being created in the first place?
 
Old 08-21-2013, 07:51 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Mageia Studio-13.37 Kubuntu.
Posts: 3,325
Blog Entries: 33

Rep: Reputation: 199Reputation: 199
Talking

I'm using sweeper, see screen shot...(kde4)
Attached Images
File Type: jpg sweeper-kde4.jpg (264.6 KB, 28 views)
 
Old 08-22-2013, 02:10 AM   #3
Timatekore
LQ Newbie
 
Registered: Mar 2013
Location: Planet Earth
Distribution: open SuSE, Knoppix, Android, Puppy
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by GlennsPref View Post
I'm using sweeper, see screen shot...(kde4)
As do I, but that dreaded file list just keeps popping up, like a bad habit.
I tried almost every "KDE privacy cleanser" I could come up with, but that darn list won't go away.
Did the NSA design that "feature" or what?

Last edited by Timatekore; 08-22-2013 at 02:12 AM.
 
Old 08-22-2013, 02:29 AM   #4
pan64
Senior Member
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 4,752

Rep: Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271
I think it is your default file manager (or similar) application, and you can find a .<something> dir in your home containing that info.
Also you can try to rename that file again and check if it was still remembered.
 
Old 08-22-2013, 08:02 AM   #5
Timatekore
LQ Newbie
 
Registered: Mar 2013
Location: Planet Earth
Distribution: open SuSE, Knoppix, Android, Puppy
Posts: 11

Original Poster
Rep: Reputation: Disabled
Jeez Louis, I've got hundreds of File Managers, Editors and the like installed on my box.
I can't manually inspect each & every subdir they've ever created.
Isn't there a simpler way to figure out where this info is being stored?
 
Old 08-22-2013, 08:04 AM   #6
pan64
Senior Member
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 4,752

Rep: Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271Reputation: 1271
probably grep -R will work in your home
 
Old 08-22-2013, 04:54 PM   #7
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Mageia Studio-13.37 Kubuntu.
Posts: 3,325
Blog Entries: 33

Rep: Reputation: 199Reputation: 199
I'm thinking you may need to decrypt the fs or file before you can remove it.

TrueCrypt 7.1a, ...

I tried encryption with win7, when I first got it, and was repartitioning and formatting in no time, lol!


Good luck, Glenn

Last edited by GlennsPref; 08-22-2013 at 09:08 PM.
 
Old 08-22-2013, 08:56 PM   #8
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Mageia Studio-13.37 Kubuntu.
Posts: 3,325
Blog Entries: 33

Rep: Reputation: 199Reputation: 199
Post Ahhh? That's not right, getting carried away.

Quote:
Originally Posted by GlennsPref View Post
I'm thinking you may need to decrypt the fs or file before you can remove it.

TrueCrypt 7.1a, ...

I tried encryption with win7, when I first got it, and was repartitioning and formatting in no time, lol!

Good luck, Glenn
That's not right, getting a bit confused/carried away.

with kde4, all the rc files, or nearly all, have a recently used line/list.

look here...for the program name. substitute 'glenn' for your $USER

/home/glenn/.kde4/share/config/

and...

/home/glenn/.kde4/share/apps/RecentDocuments/

Last edited by GlennsPref; 08-22-2013 at 08:59 PM.
 
Old 08-25-2013, 03:48 AM   #9
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
If you want security, you need to encrypt the system as a whole. Otherwise, leaks to /tmp, swap, various filesystems or several history registries are nearly unavoidable. Full encryption ensures they will have to crack the whole system or be able to access nothing at all. Even managing to delete the file list does not ensure it won't be recovered with forensic tools.

I agree that many applications make it very hard to delete or disable this kind of history registries. That sucks.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
detect file deletion on an operating system and trace the file history or activity? lovsis Linux - Security 2 10-19-2010 08:52 AM
Threatening message when starting arora grissiom Slackware 7 10-11-2009 12:14 AM
tcsh: can you save the history from multiple shells to one history file? BrianK General 2 04-23-2009 05:19 AM
Why doesn't removing .bash_history get rid of history? dggoldst Zenwalk 1 04-05-2007 04:20 AM


All times are GMT -5. The time now is 03:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration