Question: How to disable BASH shell history, so that it does not save users shell history?
Solution:
Add a line like the following to the end of /etc/profile or a new /etc/profile.d/*.sh file
unset HISTFILE
This will make each user’s bash shell to skip saving history files unless the users manually configure the HISTFILE variable.
caveat
There is no practical way to completely prevent users from saving their own bash shell history. Users can still get auto-saved shell history by manually declaring the HISTFILE variable. A user could add the following to their ~/.bash_profile or ~/.bashrc to create their own history files.
HISTFILE=$HOME/.my_history_file
To make it harder for users to get their bash processes to auto-save command history, take the following steps.
1. Add unset HISTFILE to global config as originally described here in the start of the post.
2. As root, take ownership of the ~/.bashrc and ~/.bash_profile files in EVERY user’s home directory, e.g.:
# chown root:root ~bob/.bashrc ~bob/.bash_profile
As root, make those same files (in EVERY user’s homedir) immutable, e.g.:
# chattr +i ~bob/.bashrc ~bob/.bash_profile
Note that performing these steps will not prevent a user from manually declaring the HISTFILE variable from the command-line each time they start a bash process. So if someone declares a variable HISTFILE, he can still be able to save the command history to a file.