bash_history

13 results back to index


pages: 200 words: 54,897

Flash Boys: Not So Fast: An Insider's Perspective on High-Frequency Trading by Peter Kovac

bank run, barriers to entry, bash_history, Bernie Madoff, compensation consultant, computerized markets, computerized trading, Flash crash, housing crisis, index fund, locking in a profit, London Whale, market microstructure, merger arbitrage, prediction markets, price discovery process, Sergey Aleynikov, Spread Networks laid a new fibre optics cable between New York and Chicago, transaction costs, zero day

For example, Lewis tells us that after Aleynikov copies Goldman’s source code to a third party location for later retrieval: “…then he did what he had always done since he’d first started programming computers: He deleted his bash history – the commands he had typed into his own Goldman computer keyboard. To access the computer, he was required to type his password. If he didn’t delete his bash history, his password would be there to see, for anyone who had access to the system.” From a technical perspective, this is rife with errors. First, one’s “bash history” is not visible to anyone who has access to a system. It is only visible to the system’s administrators. The system’s administrators can already see any file on the system, and they don’t need Sergey’s password to do so.

The only reason somebody “needs” to delete their command history is that they don’t want anyone to know what they are doing. Lewis sums up the discussion with what he calls the “obvious” question: “If deleting the bash history was so clever and devious, why had Goldman ever found out he’d taken anything?” The technical answer is that when you delete your bash history, you replace the entire log of everything you have done on your computer with a single entry which says that you deleted your bash history. Effectively, you replace the security video tapes for the last six hours with a single thirty-second clip of you erasing all the security footage. Any reasonable system administrator would find this highly suspicious, and would review other activity logs to piece together what happened.

The system’s administrators can already see any file on the system, and they don’t need Sergey’s password to do so. Further, a user’s login password is never stored in the bash history anyway. The only password that one might find in the bash history would be one that Aleynikov used to connect to the third-party server to which he sent Goldman’s source code.[63] Even in that case, it’s quite unusual for anyone to specify a password on the command line – in fact, it’s against all security best practices. Many applications don’t even permit it. They require the user to type the password in after running the command.


pages: 260 words: 40,943

Hacking Exposed: Network Security Secrets and Solutions by Stuart McClure, Joel Scambray, George Kurtz

AltaVista, bash_history, Larry Wall, MITM: man-in-the-middle, peer-to-peer, remote working, web application

For example, the .bash_history may look something like this: tail -f /var/log/messages vi chat-ppp0 kill -9 1521 logout < the attacker logs in and begins his work here > id pwd cat /etc/shadow >> /tmp/.badstuff/sh.log cat /etc/hosts >> /tmp/.badstuff/ho.log cat /etc/groups >> /tmp/.badstuff/gr.log netstat –na >> /tmp/.badstuff/ns.log arp –a >> /tmp/.badstuff/a.log /sbin/ifconfig >> /tmp/.badstuff/if.log find / -name –type f –perm –4000 >> /tmp/.badstuff/suid.log find / -name –type f –perm –2000 >> /tmp/.badstuff/sgid.log … Using a simple text editor, the attackers will remove these entries and use the touch command to reset the last accessed date and time on the file. Usually attackers will not generate history files because they disable the history feature of the shell by setting unset HISTFILE; unset SAVEHIST Additionally, an intruder may link .bash_history to /dev/null: [rumble]# ln -s /dev/null ~/.bash_history [rumble]# ls -l .bash_history lrwxrwxrwx 1 root root 9 Jul 26 22:59 .bash_history -> /dev/null Cleaning Countermeasure U Log It is important to write log file information to a medium that is difficult to modify. Such a medium includes a file system that supports extend attributes such as the append-only flag.

Many UNIX shells keep a history of the commands run to provide easy retrieval and repetition. For example, the Bourne again shell (/bin/bash) keeps a file in the user’s directory (including root’s in many cases) called .bash_history that maintains a list of the recently used commands. Usually as the last step before signing off, attackers will want to remove their entries. For example, the .bash_history may look something like this: tail -f /var/log/messages vi chat-ppp0 kill -9 1521 logout < the attacker logs in and begins his work here > id pwd cat /etc/shadow >> /tmp/.badstuff/sh.log cat /etc/hosts >> /tmp/.badstuff/ho.log cat /etc/groups >> /tmp/.badstuff/gr.log netstat –na >> /tmp/.badstuff/ns.log arp –a >> /tmp/.badstuff/a.log /sbin/ifconfig >> /tmp/.badstuff/if.log find / -name –type f –perm –4000 >> /tmp/.badstuff/suid.log find / -name –type f –perm –2000 >> /tmp/.badstuff/sgid.log … Using a simple text editor, the attackers will remove these entries and use the touch command to reset the last accessed date and time on the file.

This provides network engineers a window on what is occurring over the wire, allowing them to troubleshoot or model network behavior by viewing packet traffic in its most raw form. An example of such a packet trace appears next. The user ID is “guest” with a password of “guest.” All commands subsequent to login appear as well. ------------[SYN] (slot 1) pc6 => target3 [23] %&& #'$ANSI"!guest guest ls cd / ls cd /etc cat /etc/passwd more hosts.equiv more /root/.bash_history Like most powerful tools in the network administrator’s toolkit, this one was also subverted over the years to perform duties for malicious hackers. You can imagine the unlimited amount of sensitive data that passes over a busy network in just a short time. The data includes username/password pairs, confidential email messages, file transfers of proprietary formulas, and reports.


pages: 250 words: 87,722

Flash Boys: A Wall Street Revolt by Michael Lewis

automated trading system, bash_history, Berlin Wall, Bernie Madoff, collateralized debt obligation, computerized markets, drone strike, Fall of the Berlin Wall, financial intermediation, Flash crash, High speed trading, latency arbitrage, pattern recognition, risk tolerance, Rubik’s Cube, Sergey Aleynikov, Small Order Execution System, Spread Networks laid a new fibre optics cable between New York and Chicago, the new new thing, too big to fail, trade route, transaction costs, Vanguard fund

Up popped a list of places that stored code for free and in a convenient fashion. He clicked the first link on the list. To find a place to send the code took about eight seconds. And then he did what he had always done since he’d first started programming computers: He deleted his bash history—the commands he had typed into his own Goldman computer keyboard. To access the computer, he was required to type his password. If he didn’t delete his bash history, his password would be there to see, for anyone who had access to the system. It wasn’t an entirely innocent act. “I knew that they wouldn’t be happy about it,” he said, because he knew their attitude was that anything that happened to be on Goldman’s servers was the wholly owned property of Goldman Sachs—even when Serge himself had taken that code from open source.

He also seemed to think it significant that Serge had used a site not blocked by Goldman Sachs, even after Serge tried to explain to him that Goldman did not block any sites used by its programmers but merely blocked its employees from porn sites and social media sites and suchlike. Finally, the FBI agent wanted him to admit that he had erased his bash history. Serge tried to explain why he always erased his bash history, but McSwain had no interest in his story. “The way he did it seemed nefarious,” the FBI agent would later testify. All of which was true, as far as it went, but, to Serge, that didn’t seem very far. “I thought it was like, crazy, really,” he says. “He was stringing these computer terms together in ways that made no sense.

On the other hand, they all agreed, there wasn’t anything the least bit suspicious, much less nefarious, about the manner in which he had taken what he had taken. Using a subversion repository to store code and deleting one’s bash history were common practices. The latter made a great deal of sense if you typed your passwords into command lines. In short, Serge had not behaved like a man trying to cover his tracks. One of his new jurors stated the obvious: “If deleting the bash history was so clever and devious, why had Goldman ever found out he’d taken anything?” To these new jurors, the story that the FBI found so unconvincing—that Serge had taken the files because he thought he might later like to parse the open source code contained within—made a lot of sense.


Speaking Code: Coding as Aesthetic and Political Expression by Geoff Cox, Alex McLean

4chan, Amazon Mechanical Turk, augmented reality, bash_history, bitcoin, cloud computing, computer age, computer vision, crowdsourcing, dematerialisation, Donald Knuth, Douglas Hofstadter, en.wikipedia.org, Everything should be made as simple as possible, finite state, Gödel, Escher, Bach, Hacker Conference 1984, Ian Bogost, Jacques de Vaucanson, Larry Wall, late capitalism, means of production, natural language processing, new economy, Norbert Wiener, Occupy movement, packet switching, peer-to-peer, Richard Stallman, Ronald Coase, Slavoj Žižek, social software, social web, software studies, speech recognition, stem cell, Stewart Brand, The Nature of the Firm, Turing machine, Turing test, Vilfredo Pareto, We are Anonymous. We are Legion, We are the 99%, WikiLeaks, Yochai Benkler

In such ways, analogies can be drawn between the temporal operations of programming and historical processes more broadly.8 For example, the codework Repeating History (2009) by Pall Thayer emphasizes that historical processes are not linear but cyclic. Significantly, it is also released for further modification and comes with the warning that if the script is run, it could cause damage to the user’s system.9 #!/usr/bin/perl sub relive {$command = shift;print `$command`;} $bash_history = $ENV{ HOME }."/.bash_history"; while(1){ open(HISTORY, $bash_history); while($moment = <HISTORY>){ relive($moment); } } 42 Chapter 2 As evident if it is run, the source code expresses both what it will do and what it can do at the same time—like history, its operations can be thought of as relays between what exists and what is possible.


Data Wrangling With Python: Tips and Tools to Make Your Life Easier by Jacqueline Kazil

Amazon Web Services, bash_history, cloud computing, correlation coefficient, crowdsourcing, data acquisition, database schema, Debian, en.wikipedia.org, Firefox, Google Chrome, job automation, Nate Silver, natural language processing, pull request, Ronald Reagan, Ruby on Rails, selection bias, social web, statistical model, web application, WikiLeaks

For example, let’s cat the contents of one of our files and then use grep to search the output: cat w_gh_b.txt | grep network What we did was first return the full text of the file w_gh_b.txt and then “pipe” that output to grep, which then searched for the word network and returned the lines con‐ taining it to our command line. Learning the Command Line | 431 We can do the same type of pipe using our bash history. Try this: history | grep mv This command lets you find and reuse commands you may have forgotten as you learn bash. Let’s take our search a step further and look for files. First, we are going to use a com‐ mand called find, which looks for matching filenames and can be used to traverse child directories and search for matching files there as well.

Make sure you’re in your home directory, and then enter the follow‐ ing command: $ ls -ag Your output will look something like this: total 56 drwxr-xr-x+ drwxr-xr-x -rw-------rw-r--r--@ drwx------rw------drwx-----drwx------+ drwx------+ drwx------+ drwx------@ drwx------+ drwx------+ drwx------+ drwxr-xr-x+ 17 5 1 1 8 1 4 5 3 10 43 3 3 3 5 staff admin staff staff staff staff staff staff staff staff staff staff staff staff staff 578 170 3 12292 272 389 136 170 102 340 1462 102 102 102 170 Jun May May May Jun Jun Jun Jun May Jun Jun May May May May 22 29 29 29 10 22 10 22 29 11 10 29 29 29 29 00:08 09:49 09:49 09:44 00:45 00:07 00:35 00:08 09:49 23:47 00:29 09:49 09:49 09:49 09:49 . .. .CFUserTextEncoding .DS_Store .Trash .bash_history Applications Desktop Documents Downloads Library Movies Music Pictures Public We do not have a .bashrc file, so we will have to create one. If you do have a .bashrc file, you should back it up in case you have any issues. Making a copy of your .bashrc is easiest on your com‐ mand line. Simply run the following command to copy .bashrc to a new file called .bashrc_bkup: $ cp .bashrc .bashrc_bkup To create a .bashrc, first we need to make sure we have a .bash_profile file which is the file that will call the .bashrc file.


pages: 255 words: 76,834

Creative Selection: Inside Apple's Design Process During the Golden Age of Steve Jobs by Ken Kocienda

1960s counterculture, anti-pattern, Apple's 1984 Super Bowl advert, bash_history, Bill Atkinson, Charles Lindbergh, conceptual framework, Donald Knuth, en.wikipedia.org, HyperCard, Kickstarter, Lao Tzu, premature optimization, profit motive, QWERTY keyboard, Richard Feynman, Richard Stallman, Robert X Cringely, Silicon Valley, Steve Ballmer, Steve Jobs, Steven Levy, zero-sum game

Stallman wanted code to be free as a political and social good. His notion was for software to be “free as in freedom.”4 For Netscape, open source was an attempt to save the company from going under. It was making its source code “free as in beer.”5 The hope was to earn money by running the best beer bash. History has shown this didn’t work, and while Netscape didn’t survive as a stand-alone company, it did ship the open source version of its browser code, christened with a new name: Mozilla. Mozilla had made it out the door with much thanks to Don, my new Eazel colleague, since he was responsible for purging all the dirty words from the source code before it was released.


pages: 1,065 words: 229,099

Real World Haskell by Bryan O'Sullivan, John Goerzen, Donald Stewart, Donald Bruce Stewart

bash_history, database schema, Debian, distributed revision control, domain-specific language, en.wikipedia.org, Firefox, functional programming, general-purpose programming language, Guido van Rossum, job automation, Larry Wall, lateral thinking, p-value, Plutocrats, plutocrats, revision control, sorting algorithm, transfer pricing, type inference, web application, Yochai Benkler

,"lost+found","proc",".autorelabel",".autofsck", "sys","misc","home","tmp","boot",".bash_history","root","sbin","usr"] getDirectoryContents returns a list for every item in a given directory. Note that on POSIX systems, this list normally includes the special values "." and "..". You will usually want to filter these out when processing the content of the directory, perhaps like this: ghci> getDirectoryContents "/" >>= return . filter (`notElem` [".", ".."]) ["dev",".vmware","mnt","var","etc","net","lib","srv","media","lib64","opt", ".ccache","bin","selinux","lost+found","proc",".autorelabel",".autofsck", "sys","misc","home","tmp","boot",".bash_history","root","sbin","usr"] Tip For a more detailed discussion of filtering the results of getDirectoryContents, refer to Chapter 8.


pages: 356 words: 105,533

Dark Pools: The Rise of the Machine Traders and the Rigging of the U.S. Stock Market by Scott Patterson

algorithmic trading, automated trading system, banking crisis, bash_history, Bear Stearns, Bernie Madoff, butterfly effect, buttonwood tree, buy and hold, Chuck Templeton: OpenTable:, cloud computing, collapse of Lehman Brothers, computerized trading, creative destruction, Donald Trump, fixed income, Flash crash, Francisco Pizarro, Gordon Gekko, Hibernia Atlantic: Project Express, High speed trading, Joseph Schumpeter, latency arbitrage, Long Term Capital Management, Mark Zuckerberg, market design, market microstructure, pattern recognition, pets.com, Ponzi scheme, popular electronics, prediction markets, quantitative hedge fund, Ray Kurzweil, Renaissance Technologies, Sergey Aleynikov, Small Order Execution System, South China Sea, Spread Networks laid a new fibre optics cable between New York and Chicago, stealth mode startup, stochastic process, Tragedy of the Commons, transaction costs, Watson beat the top human players on Jeopardy!, zero-sum game

., Aleynikov accessed the German server—designated SVN.XP-dev.com—and uploaded the code. The next day, his last at Goldman, he transferred more code at 7:07 A.M. Then, at 5:23 P.M., he ran a program to upload even more code to the German server. At last, hoping to cover his tracks, he swiped clean his computer’s “bash” history, a record of activity on its hard drive. He shut down the computer, said good-bye to his colleagues, and walked out of Goldman’s office for the last time. Aleynikov felt positive that he’d pulled it off. With the Goldman code, he’d have a cheat sheet to create new, even better code for Teza.


pages: 603 words: 141,814

Python for Unix and Linux System Administration by Noah Gift, Jeremy M. Jones

Amazon Web Services, bash_history, Bram Moolenaar, cloud computing, create, read, update, delete, database schema, Debian, distributed revision control, Firefox, functional programming, Guido van Rossum, industrial robot, inventory management, job automation, Mark Shuttleworth, MVC pattern, skunkworks, web application

Here is an example of the whos function used with no command-line arguments: In [22]: whos Variable Type Data/Info ---------------------------- a int 1 aa str one b int 2 bb str two c int 3 cc str three n str cc And as we can with who, we can filter on type: In [23]: whos int Variable Type Data/Info ---------------------------- a int 1 b int 2 c int 3 In [24]: whos str Variable Type Data/Info ---------------------------- aa str one bb str two cc str three n str cc History There are two ways to gain access to your history of typed-in commands in IPython. The first is readline-based; the second is the hist magic function. Readline support In IPython, you have access to all the cool features that you would expect to be in a readline-enabled application. If you are used to searching your Bash history using Ctrl-s, you won’t have a problem transitioning to the same functionality in IPython. Here, we’ve defined a few variables, then searched back through the history: In [1]: foo = 1 In [2]: bar = 2 In [3]: bam = 3 In [4]: d = dict(foo=foo, bar=bar, bam=bam) In [5]: dict2 = dict(d=d, foo=foo) In [6]: <CTRL-s> (reverse-i-search)`fo': dict2 = dict(d=d, foo=foo) <CTRL-r> (reverse-i-search)`fo': d = dict(foo=foo, bar=bar, bam=bam) We typed Ctrl-r to start the search, then typed in fo as the search criteria.


pages: 678 words: 159,840

The Debian Administrator's Handbook, Debian Wheezy From Discovery to Mastery by Raphaal Hertzog, Roland Mas

bash_history, Debian, distributed generation, do-ocracy, en.wikipedia.org, failed state, Firefox, GnuPG, Google Chrome, Jono Bacon, MITM: man-in-the-middle, NP-complete, QWERTY keyboard, RFC: Request For Comment, Richard Stallman, Skype, SpamAssassin, Valgrind, web application, zero day, Zimmermann PGP

When mounting these images, care should be taken to use the ro,nodev,noexec,noatime options so as to avoid changing the contents (including timestamps of access to files) or running compromised programs by mistake. Retracing an attack scenario usually involves looking for everything that was modified and executed: .bash_history files often provide for a very interesting read; so does listing files that were recently created, modified or accessed; the strings command helps identifying programs installed by the attacker, by extracting text strings from a binary; the log files in /var/log/ often allow reconstructing a chronology of events; special-purpose tools also allow restoring the contents of potentially deleted files, including log files that attackers often delete.


Ubuntu 15.04 Server with systemd: Administration and Reference by Richard Petersen

Amazon Web Services, bash_history, cloud computing, Debian, Firefox, Mark Shuttleworth, MITM: man-in-the-middle, RFC: Request For Comment, SpamAssassin, web application

Except for the TCSH shell, all shells use much the same syntax for variable definitions and assigning values (TCSH uses a slightly different syntax, described in its Man pages). Filename Function BASH Shell .profile Login initialization file .bashrc BASH shell configuration file .bash_logout Logout name .bash_history History file /etc/profile System login initialization file /etc/bash.bashrc System BASH shell configuration file /etc/profile.d Directory for specialized BASH shell configuration files /etc/bash_completion Completion options for applications TCSH Shell .login Login initialization file .tcshrc TCSH shell configuration file .logout Logout file Z Shell .zshenv Shell login file (first read) .zprofile Login initialization file .zlogin Shell login file .zshrc Z shell configuration file .zlogout Logout file Korn Shell .profile Login initialization file .kshrc KORN shell configuration file Table 22-2: Shell Configuration Files Configuration Directories and Files Applications often install configuration files in a user’s home directory that contain specific configuration information, which tailors the application to the needs of that particular user.


pages: 1,380 words: 190,710

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield

anti-pattern, barriers to entry, bash_history, business continuity plan, business process, Cass Sunstein, cloud computing, continuous integration, correlation does not imply causation, create, read, update, delete, cryptocurrency, cyber-physical system, database schema, Debian, defense in depth, DevOps, Edward Snowden, fault tolerance, fear of failure, general-purpose programming language, Google Chrome, Internet of things, Kubernetes, load shedding, margin call, microservices, MITM: man-in-the-middle, performance metric, pull request, ransomware, revision control, Richard Thaler, risk tolerance, self-driving car, Skype, slashdot, software as a service, source of truth, Stuxnet, Turing test, undersea cable, uranium enrichment, Valgrind, web application, Y2K, zero day

Recently, MITRE has developed the ATT&CK framework to instrument this idea more thoroughly. In short, the framework expands each stage of the cyber kill chain into detailed steps and provides formal descriptions of how an attacker could carry out each stage of an attack. For example, in the Credential Access stage, ATT&CK describes how a user’s .bash_history may contain accidentally typed passwords that an attacker could obtain by simply reading the file. The ATT&CK framework lays out hundreds (potentially thousands) of ways attackers can operate so that defenders can build defenses against each attack method. Risk Assessment Considerations Understanding potential adversaries, who they are, and which methods they might use can be complex and nuanced.


pages: 2,054 words: 359,149

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Justin Schuh

Albert Einstein, Any sufficiently advanced technology is indistinguishable from magic, bash_history, business process, database schema, Debian, defense in depth, en.wikipedia.org, Firefox, information retrieval, iterative process, loose coupling, MITM: man-in-the-middle, MVC pattern, RFC: Request For Comment, slashdot, web application

Personal User Files Personal user files might also be of interest to attackers, because there are not only sensitive files in a typical user’s directory, but also configuration files that are used by various applications on the system. This list is a brief summary of some interesting personal user files: • Shell histories (.sh_history, .ksh_history, .bash_history, .history)—Shell histories are files containing a log of each command users enter in their command shells. Attackers could use these files to observe the behavior of other users in an attempt to discover potential attack targets on the system or discover other systems users commonly log into. • Shell login and logout scripts (.profile, .bashrc, cshrc, .login)—These files run automatically when users log in or out.