The Seven Deadly Linux Commands
Most of those on Minds know me as someone with a political mindset in common with old people, but what they don't realize is that I'm far more technically savvy than they are. Part of the conservative online counterculture is finding alternatives to fiat currencies that are controlled by institutions like the Fed, and what better alternatives than cryptocurrencies? Alas, that's exactly what I'm betting on, and I'm using Linux to mine them. I'm not the only one either, so watch out, because any of these 7 types of commands are capable of completely erasing all of that hard-earned Ethereum from your hard drive.
1. Mass-Deleting
Linux is part of a class of operating systems known as Unix-like ― they're clones of the Unix OS that was developed at AT&T way back in 1969. As a result, Linux, along with its cousin BSD (which Mac OS X is based on), shares all of the same command names with the OS that it tries to mimic.
One of those commands is "rm," which is shorthand for "remove," and it does just that: deletes files. There's a particular set of two parameters, however, that makes this command especially dangerous: "rm --recursive --force," or "rm -rf" for short. That makes it delete everything in a folder without asking, so be very careful what folder you delete, because it just might be the one that holds everything:
rm -rf / #root folder
rm -rf . #current folder
rm -rf * #contents of current folder
rm -rf ~ #home folder
rm -rf /boot #folder that holds critical startup filesRunning any of the above commands is an especially easy way to brick your system, and the only route of recovery is a total system reinstallation which will of course require a reconfiguring of all mining software, etc. in the case of a mining rig.
2. Reformatting
Those who have used computers long enough have probably heard of the dangers of running the "format" command on the wrong drive on Windows, but did you know that there's a Linux equivalent? It's called mkfs, which is short for "make file system," and there are several variants for each file system. Assuming that /dev/sda is the drive that Linux is installed on, all of the following commands are dangerous:
mkfs.ext4 /dev/sda
mkfs.vfat /dev/sda
mkfs.btrfs /dev/sda
mkfs.reiserfs /dev/sda
mkfs.xfs /dev/sdaWhen a device is formatted, it doesn't just delete everything on it, the entire file system is replaced. A file system is what organizes the data, and replacing it starts that organization completely from scratch. It doesn't make the data impossible for computer forensics experts like the guys at Kroll OnTrack to find (more on that later), but it does leave all that data orphaned ― and your computer unbootable unless you reinstall Linux, which will overwrite that data.
Now if you have a blank USB flash drive that you want to get stuff onto from your Linux system, then sure, format it — but don’t EVER run this command on anything that the computer depends on for critical startup reasons.
3. Overwriting Disks with Junk
In keeping with the "everything is a file" Unix philosophy, everything in Linux is literally a file ― and this includes files representing physical devices. Unfortunately, this opens up a plethora of security holes, as it means that raw command output text can actually be redirected to files representing whole devices:
dmesg > /dev/sda
rm --help > /dev/sda
lspci > /dev/sda
lshw > /dev/sda
cat /proc/cpuinfo > /dev/sda
apt-get update > /dev/sdaThis will overwrite the data that represents the partition table ― the data on the disk that tells the bootloader where the partitions are. Get rid of that, and all partitions ― and by extension all data on them ― are gone along with it. Overwriting the partition table with raw text corrupts it, which has the same effect that getting rid of it has.
Like with the above, however, there is an exception to this — if you want to create a bootable USB flash drive rather quickly, you can use some commands similar to this to write bootable ISO images to certain drives directly without filling up your internal storage with saved ISO image copies in the process:
wget -O /dev/sdb https://some-distributor.org/some-distro.isoLikewise, with a DVD-RW drive (and it has to have a rewritable disk in it, not merely a recordable one), you could also use this same trick to download-and-burn in one fell swoop, without needing to save first:
wget -O /dev/sr0 https://some-distributor.org/some-distro.isoAgain, however, you only ever want to do this with removable media, NEVER with internal hard drives and/or SSDs.
4. Disk Shredding
The previous examples, although highly destructive, still leave data recoverable by computer forensics experts, but there's one command that, if used improperly, will literally erase everything you have. That command is dd, which gets its name from the "Data Definition" command in IBM's Job Control Language, but as far as I'm concerned "Disk Destroyer" is a far better thing to call it, because, well, see the following:
dd if=/dev/zero of=/dev/sda
dd if=/dev/random of=/dev/sdaWhether it's overwriting all ones with zeroes ― completely erasing all data at the representative level in so doing ― or writing a stream of random numbers to a device, it's still far more destructive than all three prior examples, because this actually makes it unrecoverable even in a computer forensics lab. Unless you're Hillary Clinton and are trying to purge evidence from your email server, I wouldn't recommend running these commands, ever.
For an even more destructive way to go, there’s the shred command, which does multiple passes (25 by default) of random data writes before finishing off with a write of zeros:
shred -z /dev/sdaAgain, unless you have something to hide from people out to get you, this conmand is simply not worth running, and NEVER shred the main boot device. You’ll render your computer inoperable AND render all data forensically unrecoverable.
5. The Fork Bomb
The fork() operation is a method by which a program can run multiple processes, and it's the most fundamental functionality behind what we know as multitasking. Whenever you click "File > Open" or "File > New" in a word processor to edit more than one document at once, you fork the word processing app. Whenever you open more than one browser tab (or window), you fork the browser. If it wasn't for the ability for processes to fork, we would be stuck in the days of game cartridges.
Unfortunately, this same thing that's so critical to our everyday computing lives can also be abused. How so? By running so many command shells so quickly that the system is overwhelmed:
:() { :|:& };:Before you go "WTF?" at the cryptic sight of that as I did when I first encountered it online almost 10 years ago, it's important to note that "function_name() {...}" is how shell functions are defined in the default Linux command shell, which is called Bash by the way. Bash is more than just a command shell like Windows cmd.exe is, it's also a full scripting language (more on that later) and functions are part of that scripting ability. So with this in mind, we have ':' as an arbitrary name for a shell function here.
Ah, but here's where the fun part is: in the function definition block. What's inside it? ":" piped through itself, which creates two more instances of ":". Then there's the "&" which ensures that each new instance has a different process ID. The result? Each instance executed by ":" executes two more instances, causing an exponential growth in the number of processes running. In just a few seconds of running that command, I guarantee you that your computer will freeze, and if that happens then any work you have unfinished will be lost, since the only way to recover from infinite process creation is pressing Alt+SysRq+B to force-reboot the system. In addition, if there’s any file operations involving critical system files (like a system update, for example) in progress when you run the fork bomb, you could end up with corrupted core services, a corrupted kernel, or worse.
6. Malicious Archive Files
Many have heard of the zip bomb, and it's just as bad on Linux as it is on any other operating system, being a piece of data so tightly squeezed that it can take up as much as 3 petabytes of disk space when unpacked. Zip bombs, however, aren't the only problematic archives that can plague Linux users. There are also .tar.gz files, which most raw source code bundles are distributed as. Not only can tarballs, as these archives are often colloquially called, be just as tightly compressed as zip bombs, but the command that unpacks them ― namely, tar ― overwrites files by default, so if you extract a specially designed archive file in the root folder, you could end up overwriting critical system files with junk, corrupting them.
7. All Of The Above In A Script
As hinted at in Point 5, Bash is far more like PowerShell than like cmd even though it's the default shell in Linux, and that's no accident. Although a fully functional shell programming language can be used to do a lot of good, it can also do a lot of evil. A shell script, which often carries the .sh extension (although it doesn't have to) and begins with a special line called a shebang, can hide all sorts of malicious payloads. Consider, for example, the following:
#!/bin/bash
./$0&
./$0&If this looks familiar, it's because it's one of the above examples ― namely, the fork bomb ― hidden in a script. "$0" is a variable that returns the name of the script itself, so running "./$0&" twice amounts to the script running itself in a separate process twice. Oh, but it gets so much worse than that:
BrickerBot payload
This is the series of commands executed by BrickerBot, the infamous piece of IoT malware that renders devices ranging from routers to set-top boxes completely useless. In case it wasn't obvious, BrickerBot is in fact written in Linux shell scripting language! And yes, it definitely has many of the above destructive commands hidden in it; everything from the first example on Line 20 to something in between the third and fourth examples (using cat and redirection instead of dd) on Lines 1 through 11. If you download a script, always open it in a text editor like gedit before running it. If it has any of the commands mentioned earlier in this post hidden in it, then it's scripted malware and will do tremendous damage to your system. Always look before you run.
Honorable Mentions
Before we go, it's time to mention a few commands that didn't make the "worst of the worst" list:
chmod -R 777 /
ping -s 65507 -f 127.0.0.1The first of those two is a malicious invocation of chmod, a command that changes permissions on files. In this case, the permissions being changed to are 777 ― or in other words, full read, write, and execute permissions granted to the user, group, and others. Or, put even more simply, it leaves the system completely vulnerable to compromise.
The second is a ping of death ― only in this case it's being sent to 127.0.0.1, which is the loopback address — AKA yourself. Not something that can do too much physical damage to the system itself, but it can certainly do what the fork bomb does and cause the system to stop running.
Well, there you have it, the worst of the worst. Now you know what to look for when people mention commands that can do irreparable harm to your system, so be especially careful not to run them and always check for typos (which can result in accidental invocation of some of these commands) before hitting "Enter" in that terminal window.