1.下载safe-rm
safe-rm实际上就是一个工具,一个可以指定那些目录文件不被误删除的工具
官网地址:https://launchpad.net/safe-rm/+download
wget https://launchpad.net/safe-rm/trunk/0.12/+download/safe-rm-0.12.tar.gz
2.替换系统的rm命令
# 解压
shell> tar -zxvf safe-rm-0.12.tar.gz
# 将safe-rm命令复制到系统的/usr/local/bin目录
shell> cp safe-rm-0.12/safe-rm /usr/local/bin/
# 创建链接,将safe-rm替换rm
shell> ln -s /usr/local/bin/safe-rm /usr/local/bin/rm
此时已经替换掉rm命令,为了确保环境变量有效,我们将/usr/local/bin目录设置在所有PATH环境变量之前.先更改/etc/profile文件
shell> echo "PATH=/usr/local/bin:$PATH" >> /etc/profile
shell> source /etc/profile
编辑完毕之后,为了让环境变量在整个系统全局生效,我们重启操作系统.重启之后执行rm命令就相当于执行safe-rm了
3.设置过滤目录
过滤目录将不被删除,新建 /etc/safe-rm.conf 文件,添加自己需要过滤的目录,以下是配置示例,实际上要根据你的需求来,
shell> cat /etc/safe-rm.conf
/
/*
/bak
/boot
/boot/*
/dev
/dev/*
/erp
/etc
/etc/*
/home
/media
/media/*
/mnt
/opt
/proc
/proc/*
/root
/root/*
/run
/run/*
/srv
/srv/*
/sys
/sys/*
/tmp
/usr
/usr/bin/*
/usr/local
/usr/local/bin
/usr/local/bin/*
/var
/test
/test/*
/bin
/bin/*
/lib
/lib/*
/lib64
/lib64/*
/sbin
/sbin/*
4.测试
执行 rm -rf /* 出现问题
[root@vm63 ~]# rm -rf /*
safe-rm: skipping /bak
safe-rm: skipping /boot
safe-rm: skipping /dev
safe-rm: skipping /erp
safe-rm: skipping /etc
safe-rm: skipping /home
safe-rm: skipping /media
safe-rm: skipping /mnt
safe-rm: skipping /opt
safe-rm: skipping /proc
safe-rm: skipping /root
safe-rm: skipping /run
safe-rm: skipping /srv
safe-rm: skipping /sys
safe-rm: skipping /tmp
safe-rm: skipping /usr
safe-rm: skipping /var
[root@vm63 ~]# ls
-bash: /usr/bin/ls: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: 没有那个文件或目录
[root@vm63 ~]# cat /etc/passwd
-bash: /usr/bin/cat: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: 没有那个文件或目录
5.给 / 添加特殊权限完美解决问题
[root@vm63 ~]# chattr +i /
[root@vm63 ~]# lsattr -d /
----i----------- /
[root@vm63 ~]# rm -rf /*
safe-rm: skipping /bak
safe-rm: skipping /boot
safe-rm: skipping /dev
safe-rm: skipping /erp
safe-rm: skipping /etc
safe-rm: skipping /home
safe-rm: skipping /media
safe-rm: skipping /mnt
safe-rm: skipping /opt
safe-rm: skipping /proc
safe-rm: skipping /root
safe-rm: skipping /run
safe-rm: skipping /srv
safe-rm: skipping /sys
safe-rm: skipping /tmp
safe-rm: skipping /usr
safe-rm: skipping /var
/bin/rm: 无法删除"/bin": 权限不够
/bin/rm: 无法删除"/lib": 权限不够
/bin/rm: 无法删除"/lib64": 权限不够
/bin/rm: 无法删除"/sbin": 权限不够
[root@vm63 ~]# ls /opt/
containerd data erp jumpserver mysql release src teleport xz.cnf
[root@vm63 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin