shellfirm 0.3.9

`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

- from: base
  test: ':\(\)\{ :|:& \};:'
  description: "This short line defines a shell function that creates new copies of itself.\nThe process continually replicates itself, and its copies continually replicate themselves, quickly taking up all your CPU time and memory.\nThis can cause your computer to freeze. It's basically a denial-of-service attack."
  id: base:bash_fork_bomb
  severity: Critical
- from: base
  test: \s*crontab\s+-r
  description: "You are going to remove your entire table of cron tasks."
  id: base:delete_all_cron_tasks
  severity: High
- from: base
  test: \s*history(.*)[|](.*)(bash|sh)($|\s)
  description: "You are going to executes every command from the command log that you have already executed."
  id: base:execute_all_history_commands
  severity: Critical
- from: base
  test: (^|\s)reboot(\s|$)
  description: "You are going to reboot your machine."
  id: base:reboot_machine
  severity: High
- from: base
  test: (^|\s)shutdown(\s|$)
  description: "You are going to shutdown your machine."
  id: base:shutdown_machine
  severity: High
- from: base
  test: kill\s+-9\s+
  description: "SIGKILL gives no chance for graceful shutdown or cleanup."
  id: process:kill_9
  severity: Low
  alternative: "kill <pid>"
  alternative_info: "Send SIGTERM first to allow graceful shutdown, then kill -9 if needed."
- from: base
  test: killall\s+
  description: "Kills ALL processes matching the name."
  id: process:killall
  severity: Medium
- from: base
  test: pkill\s+
  description: "Kills processes matching a pattern — could match unintended processes."
  id: process:pkill
  severity: Medium
- from: base
  test: systemctl\s+(disable|mask)\s+
  description: "Disabling or masking a service prevents it from starting on boot."
  id: systemd:disable_service
  severity: Medium
- from: base
  test: systemctl\s+stop\s+(docker|sshd|nginx|apache2|httpd|postgresql|mysql|redis)[\w.-]*(\s|$)
  description: "Stopping a critical system service can cause outages."
  id: systemd:stop_critical_service
  severity: High
- from: base
  test: (halt|poweroff)(\s|$)
  description: "This command will immediately power off your machine."
  id: base:poweroff_machine
  severity: High
- from: base
  test: init\s+(0|6)(\s|$)
  description: "This command will shutdown (init 0) or reboot (init 6) your machine."
  id: base:init_shutdown_reboot
  severity: High
- from: base
  test: ssh-add\s+-D
  description: "Removes all SSH identities from the agent."
  id: ssh:delete_all_identities
  severity: Medium
- from: base
  test: ssh-keygen\s+-R\s+
  description: "Removes a host from known_hosts — could enable MITM attacks."
  id: ssh:remove_known_host
  severity: Low