The Power of Linux “History Command” in Bash Shell

We frequently use the history command in our daily routine jobs to check the history of commands or to get information about commands executed by users.

In this post, we will see how we can use the history command effectively to extract the commands that were executed by users in the Bash shell. This may be useful for audit purposes or to find out which command was executed at a specific date and time.

By default, the date and timestamp won’t be visible when executing the history command. However, the bash shell provides command-line interface (CLI) tools for editing the user’s command history.

Let’s explore some useful tips, tricks, and the power of the history command.

1. List All Last Executed Commands in Linux

To view the complete list of the last executed commands along with their line numbers, use the following command.

history
Show Last Executed Commands
Show Last Executed Commands

2. List All Commands with Date and Timestamp

To list all commands with their date and timestamp in Linux, you can use the history command along with the HISTTIMEFORMAT environment variable as shown.

export HISTTIMEFORMAT="%F %T "

Now, you can use the history command to list all the commands with their respective date and timestamps.

history

Here’s a breakdown of the format placeholders used in HISTTIMEFORMAT='%F %T ':

  • %F: This signifies the full date in the format “YYYY-MM-DD“.
  • %T: This represents the time in the format “HH:MM:SS“.
Enable Timestamp in History Command
Enable Timestamp in History Command

3. Ignore Commands in History

To ignore a command in the history command, you can use the "HISTIGNORE" environment variable, which is used to specify which commands should not be recorded in the command history.

You can set it by using the "export" command followed by the desired command to be ignored.

export HISTIGNORE='ls -l:pwd:date:'

In this example, “ls -l“, “pwd“, and “date” are specified, meaning that any commands containing these strings will not be saved in the history.

4. Ignore Duplicate Commands in History

To ignore duplicate commands in history, you can use the following command which will instruct the system to not save repeated commands in the history, which will helps in keeping the history clean and free of redundant duplicate entries.

export HISTCONTROL=ignoredups

The option ignoredups tells the system to ignore duplicate commands when recording them in the history. If you execute the same command multiple times consecutively, only the first occurrence will be stored in the history.

5. Save Export Command Permanently

To save the configurations for HISTTIMEFORMAT, HISTIGNORE, and HISTCONTROL permanently in your Linux environment, you can add them to your .bash_profile file, which is executed every time you start a new shell session.

nano ~/.bash_profile

Add the following lines to the .bash_profile file to set the environment variables:

export HISTTIMEFORMAT="%F %T "
export HISTIGNORE="some:commands:to:ignore"
export HISTCONTROL=ignoredups

To apply the changes, either restart your terminal or run the following command in the terminal:

source ~/.bash_profile

6. Unset Export Command

To unset the settings for HISTTIMEFORMAT and HISTCONTROL environment variables, you can use the unset command to remove their values, which will revert these settings to their default configurations.

unset HISTTIMEFORMAT
unset HISTCONTROL

After executing these commands, the timestamp display in the command history will revert to the default setting, and duplicate commands will no longer be filtered out automatically.

7. List Specific User’s Executed Commands

To list specific user’s executed commands, you can use the .bash_history file of the user, which stores the history of commands executed in the Bash shell.

sudo cat /home/username/.bash_history

If you want to filter the command history based on a specific pattern, use the grep command along with the commands containing the word as shown.

sudo cat /home/username/.bash_history | grep "ls"

8. Disable Storing History of Commands

To disable the storing of command history in Linux, you can unset the HISTFILE variable, which is responsible for maintaining the history of commands in a file.

unset HISTFILE

By unsetting the HISTFILE variable, you prevent the system from storing command history, ensuring that commands executed in the terminal are not recorded for future sessions.

It’s important to note that this change will only apply to the current session and will not persist across different terminal sessions. If you want to make this change permanent, you can consider updating your shell’s configuration .bash_profile file to unset the HISTFILE variable upon each login.

9. Delete or Clear History of Commands

You can use the up and down arrow keys to see previously used commands, which can be helpful or annoying. To delete or clear all the entries from the bash history list, you can use the '-c' option.

history -c

To clear the command history for all users, you can delete or truncate the history file located at /home/[username]/.bash_history for each user.

> /home/[username]/.bash_history
OR
rm /home/[username]/.bash_history

10. Search Commands in History Using Grep Command

To filter commands in the history command output, you can use the grep command, which will only display the commands from the history that contain the keyword as shown.

history | grep "ls"
history | grep "pwd"
history | grep "date"

11. Search for Recent Commands in History

To search for recent commands in the history, you can use the grep command along with containing keyword such as “ssh” from the command history.

history | grep "ssh"

You can also search for previously executed commands using the ‘Ctrl+r' command. Once you’ve found the command you’re looking for, press ‘Enter‘ to execute it, or press ‘esc‘ to cancel.

(reverse-i-search)`source ': source .bash_profile

12. Recall Last Executed Command in History

To recall the last executed command from a specific position in the command history in Linux, you can use the history command along with a specific line number.

To view the command history with line numbers, use the history command:

history

Next, identify the line number associated with the command you want to recall, in this case, command number 8, and then recall the command using ! followed by the line number as shown.

!8

13. Recall Lastly Executed Specific Command

You can recall a previously used command, such as “netstat -np | grep 22“, by using the '!' symbol followed by some letters from that command.

For example, if you want to recall the “netstat -np | grep 22” command, you can type '!net' and press Enter in the terminal, which will execute the most recent command that starts with “net” from your command history.

!net
Conclusion

In conclusion, we’ve shown you the usefulness of the history command, but there’s still more to explore. We’d love to hear about your experiences with the history command!

Share them with us in the comment box below.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Narad Shrestha
He has over 10 years of rich IT experience which includes various Linux Distros, FOSS and Networking. Narad always believes sharing IT knowledge with others and adopts new technology with ease.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

32 Comments

Leave a Reply
  1. How can i display the last five commands when i login like this :

    The last five commands you executed last login were:
    566 2019-10-25 20:30:19 > ls
    567 2019-10-25 20:30:22 > ls -l
    568 2019-10-25 20:30:27 > clear
    569 2019-10-25 20:30:32 > test
    
    Reply
  2. How can I filter a many of commands in history? for example i don’t want to show me “ls” command in history file.

    HISTIGNORE='ls' command don't work for me
    
    Reply
    • Perhaps the easiest is to just filter what you are looking *for* instead of what you are not looking for. Just a standard ‘history | grep (thing you want to find)‘ is enough? Otherwise you should be able to construct a regex in the grep to search what you want *and* ignore the ls lines found.

      Reply
  3. Great stuff! I would suggest updating the title text for points 11, 12, and 13 to read: “Recall Last…”, not “Recall Lastly…” just to make the tips a bit more readable and could possibly improve search engine results. It is also proper grammar. :) Keep up the good work!

    Reply
  4. To clear (totally) all the command history of a certain user (e.g root)

    1. Log-in to that user
    2. cat “” > .bash_history (same as cat /dev/null > .bash_history)
    3. history -c

    Logout and re-login.

    Reply
  5. Dear Narad,
    If you allow me one suggestion. The ignoredups remove consecutive duplicates; erasedups- eliminate duplicates across the whole history.
    So, if I type multiple times-but not consecutive- the same commands in bash:
    1.ls -l
    2.dir -a
    3.ls -l- the way to remove duplicates from history is : export HISTCONTROL=erasedups.
    Great work!!
    Thanks!!!!!!!!!!!!!

    Reply
  6. HISTSIZE=0 is nice if you don’t want to leave traces of history increasing security, however your shell is your working tool and sometimes you need to view the commands you typed previously which you can’t with this limitation.
    Consider this:
    ln -s -f /dev/null ~/.bash_history
    This approach will keep the history through your session and erase it when you close shell or logout

    Reply
  7. Thanks for this nice summary on the “history” command. I’ve been using the method with grep as
    in paragraph 10 for years. Now I’ve upgraded my linux system and get the following:
    $ history | grep pwd
    Binary file (standard input) matches
    Any idea what might be misconfigured, making grep consider the output of history to be binary, even
    when it clearly isn’t?

    Reply
  8. Good article! Just one question: can anyone explain why all commands in the first example have the same time stamp, 2013-06-09 10:40:12 ?
    Even if you cut and pasted them, commands “ping google.com” would take more than one second, would not they?
    Occasionally I see the same anomaly in my history logs; I wonder if these time stamps are reliable at all?

    Reply
  9. This article saved tons of my worries. I am not a linux cli expert and I am asked to configure an l2tp server. Did not know how to add iptables rules and so checking the previous commands in a different server, I was able to copy and execute the proper commands!

    Cheers!

    Reply
  10. Hi,
    I really very thankful for your post , it’s very useful for me , I am a beginner in Linux , we can delete all history using “$ history -c” command, but I want to delete my history from last 1 month, or any specified duration , how can we delete by command ,

    Reply
  11. Hi,
    while using this commnad “export HISTSIZE=0” it wil delete all users history or related to me(the commands which has executed by me) in the global user account.

    Reply
  12. Hi,

    We need the ssh session commands to be redirected to a file everytime they login.

    We have added the below lines under bashrc.

    HISTFILE=/var/tmp/history/$USER.$(date +%d-%m-%Y:%H:%M)
    readonly HISTFILE
    HISTSIZE=5000
    HISTTIMEFORMAT=”%d/%m/%y %T ”

    Its logging all the commands but, when we run history it shows only session history where we want that to show the complete history..

    Please help. thanks in advance.
    Subu.

    Reply
  13. var/log/secure provides us below information :

    Mar 20 08:07:07 testing sshd[29749]: Accepted password for oracle from 10.51.1.12 port 49239 ssh2
    Mar 20 08:07:07 testing sshd[29749]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
    Mar 20 08:12:16 testing sshd[29759]: Received disconnect from 10.51.1.12: 11: Disconnect requested by Windows SSH Client.
    Mar 20 08:12:16 testing sshd[29749]: pam_unix(sshd:session): session closed for user oracle

    But what commands that oracle user executed we can not get from the above information?

    /home/oracle/.bash_history provides us information like this about what commands are executed:
    exit
    cat /home/oracle/ashfaq/Auto_Clone/Auto_Clone.sh
    cat /u01/down.sh
    cd /u01/oracle/inst/apps/TESTING_testing/admin/scripts/
    ./adstpall.sh apps/apps
    ./adstrtal.sh apps/apps
    cat /home/oracle/ashfaq/Auto_Clone/Auto_Clone.sh
    ls -ltr
    cat main_exec.sh

    but does not tell us that user from which IP or hostname and at what time executed these commands.

    how we can store all this information in one file with time, IP, user name (root, oracle, ricky ) and commands executed by these users ?

    Reply
    • Hi Jack, of course it’s possible.

      Edit your ~/.bashrc and set the line
      HISTTIMEFORMAT
      to:
      HISTTIMEFORMAT=”%F %T “.

      Exit all your terminals and now it should write a timestamp in the history file.
      (Maybe you have to log out!)

      Reply
  14. 5. unset export HISTCONTROL

    This command unsets two variables, export and HISTCONTROL. It does not just remove HISTCONTROL from the environment; it unsets it entirely.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.