LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   Where's my bash history? (https://www.linuxquestions.org/questions/red-hat-31/wheres-my-bash-history-526495/)

subnet_rx 02-07-2007 03:17 PM
Where's my bash history?
 
It may be a simple question I know, but I am working through a terminal on AS 2.1. I have always worked on "desktop" linux systems and don't have a /home directory. Where are user's .bash_history files stored on this server?

digen 02-07-2007 03:26 PM
They are stored inside the user's home directory. For example the superuser root's bash_history file could be found at the location /root/.bash_history.

Please note the file .bash_history is a hidden file. You will need to provide the "a" argument to ls in order to view files starting with a period "."

Quote:
#ls -al
Or if you are trying to view it through a graphical file manager you will need to enable something like "Show hidden files and directories" from it's menu.

subnet_rx 02-07-2007 03:28 PM
hmm, so maybe my next question is, how do I know where my home directory is?

gilead 02-07-2007 04:36 PM
Typing echo $HOME in a terminal window usually gives the answer to that question.

subnet_rx 02-07-2007 04:54 PM
thanks. Basically, my account has been compromised and malicious commands executed on the server. It doesn't look like the history file gives any kind of detailed information I need though, and other log files were deleted. So I guess I'm going to have to live with the fact that management thinks I screwed up, then tried to cover it up.

gilead 02-07-2007 05:20 PM
By other log files, do you mean all of the info in /var/log?

Have a look through the info here at http://www.linuxquestions.org/questi...ad.php?t=45261. A good one to start with is CERT's Intruder Detection Checklist. I'd also recommend http://www.cert.org/tech_tips/root_compromise.html

subnet_rx 02-07-2007 06:35 PM
Quote:
Originally Posted by gilead
By other log files, do you mean all of the info in /var/log?

Have a look through the info here at http://www.linuxquestions.org/questi...ad.php?t=45261. A good one to start with is CERT's Intruder Detection Checklist. I'd also recommend http://www.cert.org/tech_tips/root_compromise.html
Thanks, I'll definitely look through that. Yes, files in /var/log, several that I didn't know existed or would know to delete. I am a web programmer so I know about web server security from a programming standpoint, but only dabble in Linux server administration. The problem is, my access has been yanked down to nothing, so I can't run half of those commands. They basically told me if I want anything on the server now, I have to hand it to an admin and he'll put it on for me. The server is fairly insecure in my opinion though (I just signed on), so I'm sure that I will be able to investigate some of this with my read access to virtually every file on the server.


All times are GMT -5. The time now is 12:45 PM.