This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny
Champion Champion
Champion
‎2022-05-27 03:22 AM

How to delete a specific entry from Gaia's Clish history?

I'd like a delete a specific entry from Gaia's Clish history (it's a password) without deleting the other entries.
What's the correct procedure for this? Gaia command history didn't provide a solution.

0 Kudos
3 Replies
Alex-
Leader Leader
Leader
‎2022-05-27 08:22 AM

The clish history is recorded in ~/.clish_history that you can access from Expert mode.

From there, edit the file or script something to your liking.

 

Danny
Champion Champion
Champion
‎2023-03-30 01:19 AM
In response to Alex-

Even after deleting the entry from ~/.clish_history, then logging out and in again to the system then the unwanted clish entry is still there and also appears back again in ~/.clish_history

What is the reason Check Point stores failed non-command entries into clish history?
Most of us use password systems these days, so it happens sometimes that we copy&paste a password into the clish and hit enter to realize only afterwards that there was no expert prompt waiting for password entry.

I figured out that when I login with another admin account and delete the entry from the unwanted clish history entry of the first admin account it finally works. Looks like Gaia caches the clish history of a logged in admin and stores it into ~/.clish_history on logout. So editing ~/.clish_history with the same admin account is not working (or probably working only by temp. changing the CLI to /bin/bash to login without loading the Clish environment, thus make the edit of the Clish history effective).

0 Kudos
Alex-
Leader Leader
Leader
‎2023-03-30 02:52 AM
In response to Danny

Yes, history is written on logout. I made a simple tool a while ago to check all histories to see now and then if people didn't put sensitive stuff in environments with a lot of users. Clish commands are also logged in /var/log/messages so could benefit from a syslog export and analysis tool.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events