/ HowTos

Stop Qualys from Overrunning BASH History

If you work with Linux in an enterprise setting, you probably have come into contact with the lovely Qualys security scanner.

One GREAT side effect of this scan, is that your root user's BASH history file gets overrun. So much so that you essentially no longer have a history file because there are so many lines generated by what the security scan is doing.

Here is how I stemmed the tide. Check out the man page for BASH, and look for 'HISTIGNORE'

              A  colon-separated  list of patterns used to decide which command lines should be saved on the history list.  Each pattern is anchored at the beginning of the line and must match the complete line (no implicit `*' is appended).  Each pattern is tested against the line after the checks specified by HISTCONTROL are applied.  In addition  to  the normal  shell pattern matching characters, `&' matches the previous history line.  `&' may be escaped using a backslash; the backslash is removed before attempting a match. The second and subsequent lines of a multi-line compound command are not tested, and are added to the history regardless of the value of HISTIGNORE.

After some trial and error, I settled on the following value for my HISTIGNORE. Probably not perfect, but I've not seen any new Qualys items in root's BASH history since adding it.