01-18-2012
List of dangerous shell commands
Hello,
I have a Application which needs to run shell scripts in a elevated state (root) for system interrogation. So I execute each script using bash -C. This has worked really well.
I now want to add another layer of security, I cant inspect each of the scripts before they get deployed to the systems. So I would like to have my app inspect the script for dangerous command line apps that might be on purpose or a fat finger, like rm; mv; cp; chown; chmod; etc.
I did try running bash in restricted mode but I had issues running some of the scripts. Is there a list or a command I can run to add a layer of protection to protect against something dangerous from happening?
Thanks,
tom
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Guys,
I wonder if one of you would have a list of dangerous commands on unix.
Regards (8 Replies)
Discussion started by: JBB873
8 Replies
2. Solaris
Dear All,
I am a new Administrator of Solaris in the company , I need a list of the commands pls ...
Regards
Adel (2 Replies)
Discussion started by: ArabOracle.com
2 Replies
3. Shell Programming and Scripting
Hi ,
I am having one situation in which I need to run some simple unix commands after doing "chroot" command in a shell script. Which in turn creates a new shell.
So scenario is that
- I need to have one shell script which is ran as a part of crontab
- in this shell script I need to do a... (2 Replies)
Discussion started by: hkapil
2 Replies
4. UNIX for Advanced & Expert Users
Hi,
I would like to have a list of commands in a table, see below example
Command description
HPUNIX
SUN UNIX
IBM AIX
all above i need comparison list of commands ASAP please..........
B.R (1 Reply)
Discussion started by: f_amshan
1 Replies
5. Shell Programming and Scripting
hi all scripting gurus,
need some guide and advise from you.
i'm trying to list all the files in the year 2004 and the file format is something like this: 11176MZ00004JV900004JVB00004JVCcDBU20041206.txt try to use the symbol ^ but somehow it does not help.
i try this as well: ls -ltr |... (12 Replies)
Discussion started by: lweegp
12 Replies
6. Shell Programming and Scripting
Dear Sir/Mam,
Can you tell me list of internal commands which are easy to implements...???
Means sir I am a beginner in unix shell programming. So, I just wanted to know that which internal commands are easy to implements in C language.
thanks.... (1 Reply)
Discussion started by: ranusahu
1 Replies
7. Shell Programming and Scripting
I want to log into a remote server transfer over a new config and then backup the existing config, replace with the new config.
I am not sure if I can do this with BASH scripting.
I have set up password less login by adding my public key to authorized_keys file, it works.
I am a little... (1 Reply)
Discussion started by: bash_in_my_head
1 Replies
8. Linux
I had a umount busy issue, that the usual fuser -mk did not solve, I did a umount -l and was able to unmount the device, I then got in trouble by the storage team staff:
Here was a snippet of their response:
Using "umount -l" is a potentially dangerous act.
The command combination for a lazy... (8 Replies)
Discussion started by: pastajet
8 Replies
9. Shell Programming and Scripting
basically i'm tired of hitting the left arrow a few dozen times when correcting a mistake or modifying a history command
i'd like to use vim style key shortcuts while on the command line so that a 55 moves the cursor 55 places to the left...
and i want all the other vi goodies, search of... (3 Replies)
Discussion started by: marqul
3 Replies
10. War Stories
Hello All,
I am posting a intresting story which is posted by Mark Brader but actual story is from Mario Wolczko. Original link is here
Thanks,
R. Singh (4 Replies)
Discussion started by: RavinderSingh13
4 Replies
LEARN ABOUT LINUX
alien::package::rpm
Alien::Package::Rpm(3pm) User Contributed Perl Documentation Alien::Package::Rpm(3pm)
NAME
Alien::Package::Rpm - an object that represents a rpm package
DESCRIPTION
This is an object class that represents a rpm package. It is derived from Alien::Package.
FIELDS
prefixes
Relocatable rpm packages have a prefixes field.
METHODS
checkfile
Detect rpm files by their extention.
install
Install a rpm. If RPMINSTALLOPT is set in the environement, the options in it are passed to rpm on its command line.
scan
Implement the scan method to read a rpm file.
unpack
Implement the unpack method to unpack a rpm file. This is a little nasty because it has to handle relocatable rpms and has to do a bit
of permissions fixing as well.
prep
Prepare for package building by generating the spec file.
cleantree
Delete the spec file.
build
Build a rpm. If RPMBUILDOPT is set in the environement, the options in it are passed to rpm on its command line.
An optional parameter, if passed, can be used to specify the program to use to build the rpm. It defaults to rpmbuild.
version
Set/get version.
When retreiving the version, remove any dashes in it.
postinst
postrm
preinst
prerm
Set/get script fields.
When retrieving a value, we have to do some truely sick mangling. Since debian/slackware scripts can be anything -- perl programs or
binary files -- and rpm is limited to only shell scripts, we need to encode the files and add a scrap of shell script to make it
unextract and run on the fly.
When setting a value, we do some mangling too. Rpm maintainer scripts are typically shell scripts, but often lack the leading shebang
line. This can confuse dpkg, so add the shebang if it looks like there is no shebang magic already in place.
Additionally, it's not uncommon for rpm maintainer scripts to contain bashisms, which can be triggered when they are ran on systems
where /bin/sh is not bash. To work around this, the shebang line of the scripts is changed to use bash.
Also, if the rpm is relocatable, the script could refer to RPM_INSTALL_PREFIX, which is set by rpm at run time. Deal with this by
adding code to the script to set RPM_INSTALL_PREFIX.
arch
Set/get arch field. When the arch field is set, some sanitizing is done first to convert it to the debian format used internally. When
it's retreived it's converted back to rpm form from the internal form.
AUTHOR
Joey Hess <joey@kitenet.net>
perl v5.12.3 2011-06-11 Alien::Package::Rpm(3pm)