---
title: Ensure User Bash History File Has Correct Permissions
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Ensure User Bash History File Has
  Correct Permissions
---

# Ensure User Bash History File Has Correct Permissions
 
## Description{% #description %}

Set the mode of the bash history file to `0600` with the following command:

```
$ sudo chmod 0600 /home/USER/.bash_history
```

## Rationale{% #rationale %}

Incorrect permissions may enable malicious users to recover other users' command history.

## Remediation{% #remediation %}

### Shell script{% #shell-script %}

The following script can be run on the host to remediate the issue.

```bash
#!/bin/bash

readarray -t interactive_users < <(awk -F: '$3>=1000   {print $1}' /etc/passwd)
readarray -t interactive_users_home < <(awk -F: '$3>=1000   {print $6}' /etc/passwd)
readarray -t interactive_users_shell < <(awk -F: '$3>=1000   {print $7}' /etc/passwd)

USERS_IGNORED_REGEX='nobody|nfsnobody'

for (( i=0; i<"${#interactive_users[@]}"; i++ )); do
    if ! grep -qP "$USERS_IGNORED_REGEX" <<< "${interactive_users[$i]}" && \
        [ "${interactive_users_shell[$i]}" != "/sbin/nologin" ]; then

        chmod u-sx,go= "${interactive_users_home[$i]}/.bash_history"
    fi
done
```

### Ansible playbook{% #ansible-playbook %}

The following playbook can be run with Ansible to remediate the issue.

```
- name: Ensure User Bash History File Has Correct Permissions - Gather User Info
  ansible.builtin.getent:
    database: passwd
  tags:
  - file_permission_user_bash_history
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy

- name: Ensure User Bash History File Has Correct Permissions - Check Bash History
    Files Existence
  ansible.builtin.stat:
    path: '{{ item.value[4] }}/.bash_history'
  register: bash_history_files
  with_dict: '{{ ansible_facts.getent_passwd }}'
  when:
  - item.value[4] != "/sbin/nologin"
  - item.key not in ["nobody", "nfsnobody"]
  - item.value[1] | int >= 1000
  tags:
  - file_permission_user_bash_history
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy

- name: Ensure User Bash History File Has Correct Permissions - Fix Bash History Files
    Permissions
  ansible.builtin.file:
    path: '{{ item.stat.path }}'
    mode: u-sx,go=
  with_items: '{{ bash_history_files.results }}'
  when:
  - item.stat is defined
  - item.stat.exists
  tags:
  - file_permission_user_bash_history
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - restrict_strategy
```