[Novalug] Command Line Passwords, was Re: openldap primer

shawn wilson ag4ve.us@gmail.com
Sat Mar 28 15:32:11 EDT 2015


On Mar 28, 2015 10:14 AM, "Maxwell Spangler via Novalug" <
novalug@firemountain.net> wrote:
>
> On Sat, 2015-03-28 at 10:50 -0400, Derek LaHousse wrote:
>
> > By the way, all: the -W flag will prompt for the password, rather than
> > having to type it at the command line.  It is important not to put
> > passwords on the command line on any system where your history may be
> > seen, or others might see the listing of running commands.
> > Particularly not for admin privs.
>
>
> This is something that needs to be repeated a lot.  All it takes is < 30
> seconds or a program on someone's system to mail out a user's
> $HOME/bash_history to gain a valuable stash of servers+services
> +passwords.
>

Putting a space before a command generally prevents it from being added to
history. Other utilities keep history as well (like mysql - just something
to keep in mind). If you run a GRSecurity kernel, people who aren't in the
proc group can't see others' processes.



More information about the Novalug mailing list