T1146

Adversaries may clear the command history of a compromised account to conceal the actions undertaken during an intrusion.

Adding it as PBA:
- LINUX: 2 PBAs mapped to the same technique -
1. store value of $HISTFILE temporarily, try to unset HISTFILE (this makes it not store any subsequent commands); restore original [HISTFILE doesn't exist for non-interactive shells, can't do this in a script for all shells]
2. store shell history files temporarily, try clearing them; restore original (implementation would be similar to "modify shell startup files" PBA)

- WINDOWS: not applicable (Windows doesn't store commands)

Mapping the technique to the ATT&CK matrix