Function classify_bash_command 

pub fn classify_bash_command(cmd: &str) -> Option<&'static str>

Classify a bash command string for forensic significance.

Returns a &'static str category label when the command matches a known suspicious pattern, or None otherwise.

Categories

• "file_deletion" — rm -rf, unlink
• "network_download" — wget, curl, nc, ncat
• "permission_change" — chmod +x, chmod 777
• "rootkit_persistence" — ld.so.preload, ldpreload
• "cryptomining" — xmrig, stratum, cryptonight
• "staging_area" — /dev/shm, /run/shm
• "process_termination" — kill -9, pkill