I sometimes mistakenly type my su password in a linux terminal that is echoing the typed characters. It gets recorded in ~/.bash_history which makes me feel insecure. Does anyone have a short script (bash one-liner?) to clean .bash_history of any plain text passwords?
Using sed leaves it's own traces in the .bash_history file, but if readline and/or history service could be temporarily disabled this might work:
sed -ir -e 's/su_password/PASSWORD_REMOVED/g' ~/.bash_history
And this could create additional problems/holes if the password is often used as part of other phrases/words.
Ideally, the script should just peruse the hashed passwd list (/etc/shadow) to create a list of search terms. Then it would have to hash portions of the file it's checking (.bash_history) for comparison. The problem is knowing how much of the text in the file to hash during the comparison as the length of the password is unknown. Alternatively, it could request the password in a secure way, like passwd does, before doing the grep/sed.
I usually do a echo > .bash_history to clear this. Although your password can show up in strange places so you might want to do a sudo grep "password" -R / first, to see if its anywhere else on the system, and then clear out your history.