Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

So What’s Wrong with Blacklisting Commands?

Blacklisting Commands

Blacklisting is one of those feature comparisons that really gets Osiriumites annoyed. It is pointless, you can drive a bus through it, and most of the time it stops sensible work getting done.

We could go on ad infinitum, but here are a few basic points:

It is Stupid – and gets in the way

For example, your organisation thinks it is a good idea to blacklist the ‘rm’ command. Let’s consider the difference between these command sequences:

cd /var/log/apache2
rm error*.*.log


cd /var/log/log
rm syslog-20170801

and …

rm ../log*.log
cd ../..
rm -f *.log

The first is almost harmless – most likely recovering vital disk space, the second is probably dodgy, and you have no idea what the third does (unless you’ve managed to keep track of the working directory). So if you blacklist the rm command, It just gets in the way of real work.

How about only blacklisting for non-privileged users? Great now everyone needs privileged access to clean up their log files! Of course, if that second example was an insider cleaning up after nefarious activity you will have actually increased your attack surface!

Slippery but not full devious

There’s more that one way of deleting a file on a system, here are a few options:

  • unlink the file
  • use shred -u
  • use find -name filename -delete
  • move it to /tmp
  • put a mount infront of the file
  • use a graphical tool
  • alias rm to something else
  • hide it in a one off cron job
  • write a program in Bash, C, Python, Java …. to delete files.

os.removedirs(directory) # recursively
shutil.remtree(directory) # recursively

We are not even getting devious so if that’s not enough, just Google it!

Tasks are a better way

Sysadmins need to do System Administration; they need those commands. Everyone else can use tasks, just write a safe task to delete debug log files and delegate to the people who need it. No direct system access, no issuing commands in the wrong directory and no prodding around in sensitive parts of your system.

The best way of really reducing the attack surface of your systems is to work out what you want your users to be able to do on your systems rather than creating a list of all the bad things they could do. That is why we built Privileged Task Management (PTM).


Related Articles

term->name is Task Automation

First contract win for Opus

Osirium is pleased to announce the first customer for its innovative privileged process automation solution, Opus.… Read Post

Privileged Access Management – The secret to CI and DevOps Success

Read Post

What is Privileged Robotic Process Automation?

There is already an established market for RPA. Here, we are going to outline the differences between Robotic Process Automation (RPA) and the… Read Post