Re: Am I infected with a rootkit?

To: debian-user@lists.debian.org
Subject: Re: Am I infected with a rootkit?
From: David <bouncingcats@gmail.com>
Date: Tue, 18 Apr 2023 11:59:58 +0000
Message-id: <[🔎] CAMPXz=oBBecASA2qWDMWX__hiv3BVaLutMgRavBsu0QkGKYz-w@mail.gmail.com>
In-reply-to: <ZD5L/XlJto+qANU9@tuxteam.de>
References: <[🔎] 8759d727-f80a-61af-ee6c-13d37a3ab2f1@dybdal.dk> <[🔎] ZDwHIyOXBSVJpoiu@axis.corp> <[🔎] 6a50e599-671c-2de9-3d95-38b047d8ddd7@dybdal.dk> <[🔎] ZD4frFLz7cvMwQu4@axis.corp> <[🔎] CAMPXz=oCvq6y2xjpE=xyVrJHe5qbsuoit2_Jjd9OUQnuLDiQmg@mail.gmail.com> <ZD5L/XlJto+qANU9@tuxteam.de>

On Tue, 18 Apr 2023 at 07:51, <tomas@tuxteam.de> wrote:
> On Tue, Apr 18, 2023 at 05:29:43AM +0000, David wrote:
> > On Tue, 18 Apr 2023 at 04:42, David Wright <deblis@lionunicorn.co.uk> wrote:

> > > There is an option to timestamp entries in the history file. I've
> > > never used it, nor heard of its being used. That might disambiguate
> > > things if you ever suspect it might happen again.
> >
> > Hi, on my machines I use Bash as interactive
> > shell, with:
> > HISTTIMEFORMAT=: %Y%m%d_%H%M%S ;
> >
> > That provides a couple of benefits:
> >
> > 1) it writes a commented Unix timestamp with
> > each addition to the ~/.bash_history file, so that
> > the history file not only logs what commands were
> > run interactively, but also when.
> >
> > 2) when I run the 'history' command, the outpt
> > is formatted like this:
> > 501  : 20230418_151124 ; help history
> > 502  : 20230418_151406 ; env
> > 503  : 20230418_151749 ; history
> > The colon and semicolon allow the timestamp
> > to function as a no-operation command.
>
> At least in bash, this doesn't seem necessary, as you are
> only seeing an external representation: internally, bash
> keeps the timestamp separate (as happens to the seq number,
> too).

Hi, it could well be unnecessary, I haven't played with it
for a long time.

I'm sure that there would have been some reason at the
time why I chose to configure it that way, but it is so many years
ago that I can't recall the reason.

Guessing, it could just have been that I was lazy and doing something
odd. Perhaps I wanted to dump the history output into a file, preserve
the timestamps for some long-forgotten reason, and also put a shebang
at the top of the file and run it again with minimal editing. Or maybe
I wanted a known delimiter that I could strip automatically from
the history output. I dunno.

It also would have been several Bash versions ago, Bash 2 or 3, so
perhaps the behaviour changed since I configured it.

Anyway, if it isn't necessary now, there's no reason for me to advocate
doing that, so I appreciate that you have let everyone know about that.

Reply to:

Follow-Ups:
- Re: Am I infected with a rootkit?
  - From: <tomas@tuxteam.de>

References:
- Am I infected with a rootkit?
  - From: Jesper Dybdal <jd-debian-user@dybdal.dk>
- Re: Am I infected with a rootkit?
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: Am I infected with a rootkit?
  - From: Jesper Dybdal <jd-debian-user@dybdal.dk>
- Re: Am I infected with a rootkit?
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: Am I infected with a rootkit?
  - From: David <bouncingcats@gmail.com>
- Re: Am I infected with a rootkit?
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Am I infected with a rootkit?
Next by Date: Re: Am I infected with a rootkit?
Previous by thread: Re: Am I infected with a rootkit?
Next by thread: Re: Am I infected with a rootkit?
Index(es):
- Date
- Thread