I want to know if a script has been launched "secretly" or "anonymously" or "without leaving trace", aka. with a space before. In such event, the script is not added to the history.

./my_script.sh

vs

 ./my_script.sh (there is a space before the script)

I came with the following solution:

if [ $0 = `history | tail -n 1 | cut -d ' ' -f 3` ]; then
    echo "No hidden launch (no space before script)"
else
    echo "Hidden launch (space before script)"
fi

It's working except if the script is launched twice sequentially. Any better idea?

It's assumed that the option HISTCONTROL=ignoreboth is in bashrc. Even with or without such option, the question remains.

I want to know if a script has been launched "secretly" or "anonymously" or "without leaving trace", aka. with a space before. In such event, the script is not added to the history.

./my_script.sh

vs

 ./my_script.sh (there is a space before the script)

I came with the following solution:

if [ $0 = `history | tail -n 1 | cut -d ' ' -f 3` ]; then
    echo "No hidden launch (no space before script)"
else
    echo "Hidden launch (space before script)"
fi

It's working except if the script is launched twice sequentially. Any better idea?

It's assumed that the option HISTCONTROL=ignoreboth is in bashrc. Even with or without such option, the question remains.

• linux
• bash
• command-line
• sh

• 2 How is it working for you if history is available only in interactive shells? – Arkadiusz Drabczyk Commented Mar 19 at 19:55
• 3 The "secret" behaviour depends on $HISTCONTROL. With some values, even commands starting with spaces are saved to the history. – choroba Commented Mar 19 at 20:57
• 7 What you're trying to do is basically impossible. The command that launched the script is basically private to the program that launched the script (maybe bash, maybe something else). If that program is not bash (like another shell, or something entirely different like find ... -exec ...) it won't be in the bash history. Even if it was run from bash, it won't be in the history if it was run via an alias or function, or within a script (where history is disabled by default). It can also fail if it was run as part of a complex command like othercommand; ./my_script.sh. – Gordon Davisson Commented Mar 19 at 23:52
• 1 Suggest you look into audit tools such as auditd , acct ... , depends upon your paranoia level how far you want/need this level of detail. – ticktalk Commented Mar 21 at 9:00
• 2 Why do you need to know if you ran something yourself secretly? Did you leave your computer unattended and you want to know if someone used it? Don't do that in the first place. – Barmar Commented Mar 27 at 19:54

1 Answer 1

This looks like a variant of this question:

https://superuser/questions/175799/does-bash-have-a-hook-that-is-run-before-executing-a-command

A bash function that run prior to execution might be able to detect the extra space and then log the command or take another action.