shellfirm
shellfirm
是一个shell
的拦截器,拦截任何有风险的shell
命令(默认或由您定义)并提示您进行双重验证。
我如何从自己身上拯救自己?
- rm -rf *
- git reset --hard在按下回车键之前?
- kubectl delete ns停止!你要删除很多资源
- 还有很多!
你想从别人的错误中吸取教训吗?
shellfirm
将拦截任何有风险的模式(预定义或用户自定义添加)并立即提示一个小挑战,该挑战将双重验证您的操作,将其视为您终端的验证码。
$ rm -rf /
#######################
# RISKY COMMAND FOUND #
#######################
* You are going to delete everything in the path.Solve the challenge: 8 + 0 = ? (^C to cancel)
shellfirm
将在幕后评估所有的 shell 命令。如果检测到有风险,您将立即收到带有相关警告的提示,以验证您的命令。
github的地址在这里。
安装
下载二进制文件,解压缩文件并移动到/usr/local/bin
文件夹。
验证 shellfirm
安装
shellfirm --version
配置
Bash
实现基于rcaloras/bash-preexe
c项目,该项目添加了一个pre-exec
钩子以在执行之前捕获命令。
# Download bash-preexec hook functions.
curl https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh -o ~/.bash-preexec.sh# Source our file at the end of our bash profile (e.g. ~/.bashrc, ~/.profile, or ~/.bash_profile)
echo '[[ -f ~/.bash-preexec.sh ]] && source ~/.bash-preexec.sh' >> ~/.bashrc# Download shellfirm pre-exec function
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.sh -o ~/.shellfirm-plugin.sh# Load pre-exec command on shell initialized
echo 'source ~/.shellfirm-plugin.sh' >> ~/.bashrc
这样我们就完成了 shellfirm
的配置。
另外开启一个控制终端。
输入如下的命令:
$ mkdir /tmp/shellfirm
$ cd /tmp/shellfirm
$ git reset --hard
这时候他会提示我们:
#######################
# RISKY COMMAND FOUND #
#######################
* This command going to reset all your local changes.Solve the challenge:: 9 + 5 = ? ^C to cancel
自定义检查定义示例
shellfirm
默认情况下在~/.shellfirm/config.yaml.
确保您只编辑enable
字段(以防您想禁用特定检查),所有其余字段均由shellfirm
命令 ( shellfirm config --help
) 管理。
challenge: Math # Math, Enter, Yesincludes: - base- fs- gitchecks:- test: git resetmethod: Containsenable: truedescription: "This command going to reset all your local changes."from: gitchallenge: Default- test: "rm.+(-r|-f|-rf|-fr)*"method: Regexenable: truedescription: "You are going to delete everything in the path."from: fschallenge: Default- test: ">.+/dev/sda"method: Regexenable: truedescription: "Writing the data directly to the hard disk drive and damaging your file system."from: fschallenge: Default- test: "mv+.*/dev/null"method: Regexenable: truedescription: "The files will be discarded and destroyed."from: fschallenge: Default