Jeff Leggett

How to stop Qualys scanner from filling .BASH_history

Discussion created by Jeff Leggett Employee on Jul 18, 2016

Check out the man page for BASH, and look for 'HISTIGNORE'

HISTIGNORE A  colon-separated  list of patterns used to decide which command lines should be saved on the history list.  Each pattern is anchored at the beginning of the line and must match the complete line (no implicit `*' is appended).  Each pattern is tested against the line after the checks specified by HISTCONTROL are applied.  In addition  to  the normal  shell pattern matching characters, `&' matches the previous history line.  `&' may be escaped using a backslash; the backslash is removed before attempting a match. The second and subsequent lines of a multi-line compound command are not tested, and are added to the history regardless of the value of HISTIGNORE. 

After some trial and error, I settled on the following value for my HISTIGNORE. Probably not perfect, but I've not seen any new Qualys items in root's BASH history since adding it.

HISTIGNORE=*QUALYS*:*ORIG_PATH*:echo\ *TEST*  

Stolen shamelessly from Stop Qualys from Overrunning BASH History  (putting in community in case that link goes away)

Outcomes