Re: Am I infected with a rootkit?
On Sun 16 Apr 2023 at 19:35:20 (+0200), Thomas Schmitt wrote:
>
> Jesper Dybdal, do you see the riddling lines in file ~/.bash_history
> of the superuser ?
> If so: Do you see other strange lines there ? (Do they give more clue ?)
>
>
> A bit less on-topic:
>
> Greg Wooledge wrote:
> > Bash doesn't read the contents of the history file into the in-memory
> > history unless you run "history -r". If you had some kind of ksh-like
> > setup where you combined "history -w" and "history -r" commands in your
> > PROMPT_COMMAND or other variables, then we might be able to reconcile
> > the statements we've been given.
> >
> > In the absence of that, there's just no way you could have commands in
> > your shell history that were not typed in that same shell session.
>
> My Debians always behaved that way. I remember that in Debian 8 i got
> several different readline histories in the first shell terminals which
> i started. With Debian 11 it's only one history per user. It seems to be
> a collection of the last commands of shell sessions when the recent
> shutdowns happened.
Me too: each shell starts with the contents of ~/.bash_history at that
instant, and adds its freshly typed lines to the end of the disk file
when it exits. And I spent a while searching unsuccessfully for some
HISTFILE=~/.bash_history or history -r command squirrelled away in
some startup file.
I set export HISTCONTROL=ignoreboth and don't know whether that
has side effects.
$ echo "$SHELLOPTS"
braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor:noclobber
$ echo "$BASHOPTS"
checkwinsize:cmdhist:complete_fullquote:expand_aliases:extglob:extquote:force_fignore:globasciiranges:interactive_comments:progcomp:promptvars:sourcepath
$
However, I can't confirm your Debian 8 behaviour.
Cheers,
David.
Reply to: