Scenario Description
In large-scale operations management, system administrators often use commands that may pose risks, such as rm -rf, reboot, and mkfs. If these high-risk commands are accidentally executed, they can lead to data loss, service interruptions, and even affect the overall stability of the business system. To prevent such situations, it is essential to manage these commands.
This article summarizes some common high-risk commands for awareness during daily operations. Additionally, using JumpServer's Command Filter feature can more effectively prevent inadvertent operations of these commands, thereby enhancing system security.
Command List
Common High-Risk Commands
Command | Description |
|---|
rm | Stands for "remove"; deletes one or more files or directories. |
rmdir | Stands for "remove empty directories"; deletes empty directories. |
chattr | Changes file attributes. |
su | Switches user identity. |
visudo | Edits the /etc/sudoers file specifically. |
sudo | Executes commands as another user (default is root) allowed in the sudoers file. |
shutdown / halt | Shuts down the system. |
poweroff | Powers off the machine. |
init 0 | Switches to runlevel 0, shutting down the system. |
reboot | Restarts the system. |
init 6 | Restarts the system. |
Disk and File System Management Commands
Command | Description |
|---|
mount | Mount the file system. |
unmount | Unmount the file system. |
fdisk | Disk partitioning command, suitable for disks under 2TB. |
parted | Disk partitioning command, no size limit. |
mkfs | Format and create a Linux file system. |
mkswap | Create a Linux swap partition. |
swapon | Enable the swap partition. |
swapoff | Disable the swap partition. |
Command | Description |
|---|
useradd/adduser | Add a user. |
usermod | Modify an existing user's properties. |
userdel | Delete a user. |
passwd | Change user password. |
groupadd | Add a user group. |
groupdel | Delete a user group. |
chage | Modify user password expiration date. |
Command | Description |
|---|
Command | Description |
|---|
ifup | Start the network interface. |
ifdown | Shut down the network interface. |
nmtui | Modify network-related information. |
vi /etc/sysconfig/network-scripts/ifcfg-* | Edit network-related information. |
System Permissions and User Authorization Commands
Command | Description |
|---|
chmod | Modify the access permissions of files or directories. |
chown | Change the owner of files or directories. |
chgrp | Change the group ownership of files or directories. |
sudo | Execute commands as another user (default is root). |
setfacl | Set the access control list (ACL) for files. |
getfacl | Get the access control list (ACL) for files. |
usermod | Modify the attributes and permissions of existing users. |
Built-in Commands and Others
Command | Description |
|---|
alias | Set system alias. |
unalias | Cancel system alias. |
history | View command execution history. |
export | Set or display environment variables. |
unset | Delete variables or functions. |
kill | Terminate processes. |
killall / pkill | Terminate processes by process name. |
