Recently I installed Debian Woody on my testing server. Now I found these entries in the .bash_history files for both root and my normal user account. I never entered those commands. And I would just cd directly to / instead of using this strange cd "`echo -e '\057'`" construct. What is connected to the &6 fd?
PROMPT_COMMAND='pwd>&6;kill -STOP $$' cd "`echo -e '\057\150\157\155\145'`" cd "`echo -e '\057'`" cd "`echo -e '\057\150\157\155\145\057\141\146'`" cd "`echo -e '\057'`"
Do I need to be concerned about this? Any advise or information would be appreciated.
I don't think this is an intrusion. I think mc (Midnight Commander) does this, don't quite remember why... Has something to do with reading your password, checking where your directory is and drawing that cute GUI window.
The mc idea sounds reasonable since I have been using it and found the PROMPT_COMMAND string within the mc binary. I was just worried since mc running on Redhat 7.0 never caused these lines to appear in the history file and since the system had been without a firewall for some time (still working on figuring out the subtle differences between Debian and Redhat;)).
The solution to prevent these entries in the history file (they are really annoying) is to set the HISTIGNORE environment variable to "[ ]*" which is obviously done by Redhat as a default but not by Debian Woody.