Ensure User Bash History File Has Correct Permissions

Docs > Plateforme de sécurité Datadog > OOTB Rules > Ensure User Bash History File Has Correct Permissions

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Set the mode of the bash history file to 0600 with the following command:

$ sudo chmod 0600 /home/USER/.bash_history

Rationale

Incorrect permissions may enable malicious users to recover other users’ command history.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

readarray -t interactive_users < <(awk -F: '$3>=1000   {print $1}' /etc/passwd)
readarray -t interactive_users_home < <(awk -F: '$3>=1000   {print $6}' /etc/passwd)
readarray -t interactive_users_shell < <(awk -F: '$3>=1000   {print $7}' /etc/passwd)

USERS_IGNORED_REGEX='nobody|nfsnobody'

for (( i=0; i<"${#interactive_users[@]}"; i++ )); do
    if ! grep -qP "$USERS_IGNORED_REGEX" <<< "${interactive_users[$i]}" && \
        [ "${interactive_users_shell[$i]}" != "/sbin/nologin" ]; then
        
        chmod u-sx,go= "${interactive_users_home[$i]}/.bash_history"
    fi
done