How do I save myself from myself?
rm -rf *
git reset --hard
Before hitting the enter key?kubectl delete ns
Stop! you are going to delete a lot of resources- And many more!
Do you want to learn from other people's mistakes?
shellfirm
will intercept any risky patterns and immediately prompt a small challenge that will double verify your action, think of it as a captcha for your terminal.
rm -rf /
#######################
# RISKY COMMAND FOUND #
#######################
* You are going to delete everything in the path.
Solve the challenge: 8 + 0 = ? (^C to cancel)
shellfirm
will evaluate all the shell commands behind the scenes.
If a risky pattern is detected, you will immediately get a prompt with the relevant warning to verify your command.
brew tap kaplanelad/tap && brew install shellfirm
Or download the binary file from releases page, unzip the file and move to /usr/local/bin
folder.
Validate shellfirm installation
shellfirm --version
mkdir /tmp/shellfirm
cd /tmp/shellfirm
git reset --hard
Oh My Zsh
Download zsh plugin:curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.oh-my-zsh.zsh --create-dirs -o ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/shellfirm/shellfirm.plugin.zsh
Add shellfirm
to the list of Oh My Zsh plugins when Zsh is loaded(inside ~/.zshrc):
plugins=(... shellfirm)
Bash
Bash implementation is based on https://github.com/rcaloras/bash-preexec project, which adds a pre-exec hook to catch the command before executing.# Download bash-preexec hook functions.
curl https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh -o ~/.bash-preexec.sh
# Source our file at the end of our bash profile (e.g. ~/.bashrc, ~/.profile, or ~/.bash_profile)
echo '[[ -f ~/.bash-preexec.sh ]] && source ~/.bash-preexec.sh' >> ~/.bashrc
# Download shellfirm pre-exec function
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.sh -o ~/.shellfirm-plugin.sh
# Load pre-exec command on shell initialized
echo 'source ~/.shellfirm-plugin.sh' >> ~/.bashrc
fish
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.fish -o ~/.config/fish/conf.d/shellfirm.plugin.fish
Zsh
# Add shellfirm to conf.d fishshell folder
curl https://raw.githubusercontent.com/kaplanelad/shellfirm/main/shell-plugins/shellfirm.plugin.zsh -o ~/.shellfirm-plugin.sh
echo 'source ~/.shellfirm-plugin.sh' >> ~/.zshrc
ℹ️ Open a new shell session
👀 👀 Verify installation 👀 👀
You should get a shellfirm
prompt challenge.
If you didn't get the prompt challenge:
- Make sure the
shellfirm --version
returns a valid response. - Make sure that you downloaded the Zsh plugin and added it to the Oh My Zsh plugins in .zshrc.
We have predefined a baseline of risky groups command that will be enabled by default, these are risky commands that might be destructive.
Group | Enabled By Default |
---|---|
base | true |
git | true |
fs | true |
fs-strict | false |
kubernetes | false |
kubernetes-strict | false |
heroku | false |
terraform | false |
shellfirm config update-groups
Currently we support 3 different challenges when a risky command is intercepted:
Math
- Default challenge which requires you to solve a math question.Enter
- Required only to pressEnter
to continue.Yes
- Required typingyes
to continue.
You can change the default challenge by running the command:
shellfirm config challenge
At any time you can cancel a risky command by hitting ^C
You can disable one or more patterns in a selected group by running the command:
shellfirm config ignore
Restrict user run command by select pattern id's that you not allow to run in the shell:
shellfirm config deny
brew upgrade shellfirm
Thank you for your interest in contributing! Please refer to contribution guidelines for guidance.
Copyright (c) 2022 @kaplanelad. See LICENSE for further details.