Protection Coverage
System & Network
Protection patterns for system commands, network operations, and Heroku CLI
shellfirm covers system-level commands through three check groups: base (core system operations), network (firewall and networking), and heroku (Heroku CLI).
Base system checks (base)
Fork bomb
| |
|---|
| ID | base:bash_fork_bomb |
| Severity | Critical |
The classic fork bomb :(){ :|:& };: creates processes that recursively replicate, consuming all CPU and memory until the system freezes.
# Triggers
:(){ :|:& };:
Delete all cron tasks
| |
|---|
| ID | base:delete_all_cron_tasks |
| Severity | High |
# Triggers
crontab -r
Execute all history commands
| |
|---|
| ID | base:execute_all_history_commands |
| Severity | Critical |
Piping your command history to a shell re-executes every command you have ever run.
# Triggers
history | bash
history | sh
Reboot
| |
|---|
| ID | base:reboot_machine |
| Severity | High |
# Triggers
reboot
sudo reboot
Shutdown
| |
|---|
| ID | base:shutdown_machine |
| Severity | High |
# Triggers
shutdown
shutdown -h now
sudo shutdown -r +5
Network checks (network)
Flush iptables rules
| |
|---|
| ID | network:flush_iptables |
| Severity | Critical |
Flushing all firewall rules leaves the system completely unprotected.
# Triggers
iptables -F
sudo iptables -F
Delete custom chains
| |
|---|
| ID | network:delete_custom_chains |
| Severity | High |
# Triggers
iptables -X
Flush NAT rules
| |
|---|
| ID | network:flush_nat_rules |
| Severity | High |
# Triggers
iptables -t nat -F
Disable firewall (ufw)
| |
|---|
| ID | network:disable_firewall |
| Severity | Critical |
# Triggers
ufw disable
sudo ufw disable
Force reset firewall
| |
|---|
| ID | network:force_reset_firewall |
| Severity | Critical |
# Triggers
ufw --force reset
Stop networking services
| ID | Command | Severity |
|---|
network:stop_networking | systemctl stop networking | High |
network:stop_network_manager | systemctl stop NetworkManager | High |
Bring down network interface
| ID | Command | Severity |
|---|
network:bring_down_interface | ifconfig <iface> down | High |
network:bring_down_interface_ip | ip link set <iface> down | High |
Delete default route
| |
|---|
| ID | network:delete_default_route |
| Severity | High |
# Triggers
route del default
Network checks summary
| ID | Command | Severity |
|---|
network:flush_iptables | iptables -F | Critical |
network:delete_custom_chains | iptables -X | High |
network:flush_nat_rules | iptables -t nat -F | High |
network:disable_firewall | ufw disable | Critical |
network:force_reset_firewall | ufw --force reset | Critical |
network:stop_networking | systemctl stop networking | High |
network:stop_network_manager | systemctl stop NetworkManager | High |
network:bring_down_interface | ifconfig <iface> down | High |
network:bring_down_interface_ip | ip link set <iface> down | High |
network:delete_default_route | route del default | High |
Heroku checks (heroku)
The heroku check group covers destructive Heroku CLI operations.
Critical
| ID | Command | Description |
|---|
heroku:destroy_app | heroku apps:destroy | Permanently destroy an app |
High severity
| ID | Command | Description |
|---|
heroku:stop_app_dynos | heroku ps:stop | Stop app dynos |
heroku:kill_app_dynos | heroku ps:kill | Kill app dynos |
heroku:enable_maintenance_mode | heroku maintenance:on | Put app into maintenance mode |
heroku:remove_member | heroku members:remove | Remove user from team |
heroku:remove_app_container | heroku container:rm | Remove process type |
heroku:destroy_client | heroku clients:destroy | Delete OAuth client |
heroku:destroy_addons | heroku addons:destroy | Permanently destroy an add-on |
heroku:remove_user_access | heroku access:remove | Remove user access from app |
heroku:reset_repo | heroku repo:reset | Reset Heroku repo |
Medium severity
| ID | Command | Description |
|---|
heroku:restart_app_dynos | heroku ps:restart | Restart app dynos |
heroku:disable_app_feature | heroku features:disable | Disable an app feature |
heroku:unset_environment_variable | heroku config:unset | Unset config vars |
heroku:rotate_oauth_client | heroku clients:rotate | Rotate OAuth client secret |
heroku:update_oauth_client | heroku clients:update | Update OAuth client |
heroku:remove_yourself_from_app | heroku apps:leave | Remove yourself from team app |
heroku:rename_app_name | heroku apps:rename | Rename an app |
heroku:detach_addon | heroku addons:detach | Detach add-on from app |
heroku:update_collaborators_access | heroku access:update | Update collaborator access |