# Impair Command History Logging

Impairing command history logging allows for an attacker to operate on a compromised host while leaving minimal evidence behind. 

### Methods for Linux and MacOS

#### Clearing the HISTFILE

```bash
# Clear the command history variable
unset HISTFILE

# Set the command history size to zero
export HISTFILESIZE=0

# Configure the HISTCONTROL variable to ignore commands that begin with a space. 
HISTCONTROL=ignoreboth
```

### Methods for Windows

```powershell
# Disable the PSReadLine module
Set-PSReadlineOption -HistorySaveStyle SaveNothing

# Modify where logs are stored
Set-PSReadLineOption -HistorySavePath {File Path}
```

### References

{% embed url="<https://attack.mitre.org/techniques/T1562/003/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ttp.parzival.sh/pentesting/infrastructure/defense_evasion/impair-command-history-logging.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.