1) 应用场景
系统如果被黑客攻入,他就可以查看一下histroy就能知道了系统的一些敏感信息,像登录的密码之类的:比如有马虎的维护工程师,直接输入了数据库的密码:
|
1
2
3
4
5
6
|
[root@mysql-master ~]
# history
16
history
17
clear
18 mysql -u root -p
'redhat12345'
-S
/data/3306/mysql
.sock
19
history
如上,我们可以发现数据库的密码为redhat12345
|
2)如何让系统不记录这些敏感信息了?
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
[root@mysql-master ~]
# export HISTCONTROL=ignorespace
[root@mysql-master ~]
# history
16
history
17
clear
18 mysql -u root -p
'redhat12345'
-S
/data/3306/mysql
.sock
19
history
20
export
HISTCONTROL=ignorespace
21
history
22
clear
23
history
[root@mysql-master ~]
# who am i
root pts
/0
2016-10-14 21:13 (10.10.10.1)
[root@mysql-master ~]
# mysql -u root -predhat12345 -S /data/3306/mysql.sock -e "show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| blog |
| dawnpro |
| eip |
| ems |
| hangzhou_dawnpro |
| james |
| kitty |
| mysql |
| opark |
| performance_schema |
| test123 |
| wanlong |
| www |
+--------------------+
[root@mysql-master ~]
# w
03:19:43 up 1 day, 21:26, 2
users
, load average: 1.00, 1.00, 1.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts
/0
10.10.10.1 21:13 0.00s 0.76s 0.01s w
root pts
/1
10.10.10.1 03:03 14:32 0.19s 0.19s -
bash
[root@mysql-master ~]
# history
16
history
17
clear
18 mysql -u root -p
'redhat12345'
-S
/data/3306/mysql
.sock
19
history
20
export
HISTCONTROL=ignorespace
21
history
22
clear
23
history
24
who
am i
25 w
26
history
如上可知,“空格+命令”,可以不让histroy记录这些敏感信息
|
3)其它方法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
输入重要命令前,先输入
export
HISTIGNORE=*,然后输入重要命令,输入完成后,再通过"
export
HISTIGNORE=”恢复记录
[root@mysql-master ~]
# history -c
[root@mysql-master ~]
# export HISTIGNORE=*
[root@mysql-master ~]
# mysql -uroot -predhat12345 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection
id
is 65
Server version: 5.5.32-log Source distribution
Copyright (c) 2000, 2013, Oracle and
/or
its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and
/or
its
affiliates. Other names may be trademarks of their respective
owners.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
mysql> \q
Bye
[root@mysql-master ~]
# export HISTIGNORE=
[root@mysql-master ~]
# history
16
export
HISTIGNORE=*
17
history
|
本文转自 冰冻vs西瓜 51CTO博客,原文链接:http://blog.51cto.com/molewan/1863018,如需转载请自行联系原作者
