[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Am I infected with a rootkit?

On Tue, 18 Apr 2023 at 04:42, David Wright <deblis@lionunicorn.co.uk> wrote:

> There is an option to timestamp entries in the history file. I've
> never used it, nor heard of its being used. That might disambiguate
> things if you ever suspect it might happen again.

Hi, on my machines I use Bash as interactive
shell, with:
HISTTIMEFORMAT=: %Y%m%d_%H%M%S ;

That provides a couple of benefits:

1) it writes a commented Unix timestamp with
each addition to the ~/.bash_history file, so that
the history file not only logs what commands were
run interactively, but also when.

2) when I run the 'history' command, the outpt
is formatted like this:
501  : 20230418_151124 ; help history
502  : 20230418_151406 ; env
503  : 20230418_151749 ; history
The colon and semicolon allow the timestamp
to function as a no-operation command.
That means that history expansion
can still function, for example entering !502
interactively will run line number 502, but
only the 'env' that comes after the semicolon
will have any effect.
Reply to: