Jump to content


Photo

Clearing CLI history, security concerns

Started by Charles Long , 18 April 2017 - 08:00 PM
2 replies to this topic

Best Answer Rhonda Rowland , 19 April 2017 - 01:40 PM

I think it depends on how you set your passwords:

If you call:

add system user <username> <password>

Then yes, the password is in the history (CLI:  history)

 

If you create the account using the -password flag, then the password will be masked and not captured in the history:

add system user <username> -password

Examples:  

set system user Newuser -password

add system user newuser2 -password

The system then prompts for password and the field is masked.

 

Reviewing the cli command:  history

Did not show me any of the entered passwords.

 

The trick is to not use a cleartext password command.  This will help you avoid the problem. Doesn't help with a clear history command though.

Charles Long Members

Charles Long
  • 3 posts

Posted 18 April 2017 - 08:00 PM

We have a multiple user environment for local CLI access to our netscalers.  The way we set our passwords is from the command line.  The problem is that this stores the account/password in plain text in the command history, any review of past commands would reveal this, a serious security concern if ever reviewing with a coworker.  How can the native CLI history be cleared to remove prior commands?  



Paul Blitz Members

Paul Blitz
  • 3,767 posts

Posted 19 April 2017 - 10:11 AM

I just checked the docs, looked online, played, and it seems that there is no way to clear the history within the Netscaler Kernel (I believe it might be possible in the BSD, but that's no help here!)



Rhonda Rowland Members

Rhonda Rowland
  • 79 posts

Posted 19 April 2017 - 01:40 PM

I think it depends on how you set your passwords:

If you call:

add system user <username> <password>

Then yes, the password is in the history (CLI:  history)

 

If you create the account using the -password flag, then the password will be masked and not captured in the history:

add system user <username> -password

Examples:  

set system user Newuser -password

add system user newuser2 -password

The system then prompts for password and the field is masked.

 

Reviewing the cli command:  history

Did not show me any of the entered passwords.

 

The trick is to not use a cleartext password command.  This will help you avoid the problem. Doesn't help with a clear history command though.


Best Answer