How to protect system against accidental shutdown

Protect operating system against accidental shutdown or reboot.

Installation

Install molly-guard package.

$ sudo apt install molly-guard

It will basically override halt , shutdown , poweroff and reboot utilities.

Configuration is stored in /etc/molly-guard/ directory.

Testing using demo mode

Default configuration will protect against accidental operations.

[email protected]:~$ sudo reboot --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. W: molly-guard: SSH session detected! Please type in hostname of the machine to reboot: example molly-guard: would run: /lib/molly-guard/reboot

[email protected]:~$ sudo reboot --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. W: molly-guard: SSH session detected! Please type in hostname of the machine to reboot: x Good thing I asked; I won't reboot example ... W: aborting reboot due to 30-query-hostname exiting with code 1.

Beware, you can use more direct approach to reboot server.

$ ssh [email protected] sudo reboot --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. molly-guard: would run: /lib/molly-guard/reboot

Creating additional messages

You can create messages for specific operations and store these in /etc/molly-guard/messages.d directory.

Define message for reboot operation.

$ echo -e "

I hope you know what you're doing...

" | sudo tee /etc/molly-guard/messages.d/reboot

Every other operation without defined message will use default file if it exists.

$ echo -e "

Please inform DevOps team before executing this operation.

" | sudo tee /etc/molly-guard/messages.d/default

The following examples will illustrate this behavior.

[email protected]:~$ sudo reboot --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. I hope you know what you're doing... W: molly-guard: SSH session detected! Please type in hostname of the machine to reboot: example molly-guard: would run: /lib/molly-guard/reboot

[email protected]:~$ sudo shutdown --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. Please inform DevOps team before executing this operation. W: molly-guard: SSH session detected! Please type in hostname of the machine to reboot: example molly-guard: would run: /lib/molly-guard/shutdown

Creating additional checks

Require stdin opened on a terminal to not allow to execute any of these operations when using SSH non-interactively.

Create 20-require-stdin check in /etc/molly-guard/run.d/ directory.

#!/bin/sh # # 20-require-stdin - require stdin opened on a terminal # set -eu # require an interactive terminal connected to stdin if [ ! -t 0 ]; then echo "STDIN is not opened on a terminal; I won't $MOLLYGUARD_CMD ..." >&2 exit 1 fi

Ensure that proper permissions are applied to this file.

The following example will use this check to protect system against accidental reboot.

$ ssh [email protected] sudo reboot --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. I hope you know what you're doing... STDIN is not opened on a terminal; I won't reboot ... W: aborting reboot due to 20-require-stdin exiting with code 1.

[email protected]:~$ sudo reboot --molly-guard-do-nothing I: demo mode; molly-guard will not do anything due to --molly-guard-do-nothing. I hope you know what you're doing... W: molly-guard: SSH session detected! Please type in hostname of the machine to reboot: example molly-guard: would run: /lib/molly-guard/reboot

Additional notes