How to protects Linux and Unix machines from accidental shutdowns/reboots with molly-guard
Oops! I did it again. I thought I was logged into my home server. Turns out I rebooted the db server. Another my not so favorite is typing “shutdown -h 0” into the wrong terminal. I know a few people who have admitted to doing that here.
Is there any end to the madness? Do I need to suffer from accidentally random reboots and shutdowns? After all, it is human nature to make mistakes, but one should not keep on making the same mistakes again and again.
Recently I tweeted my frustration:
I seems to run into this stuff again and again 🙁 Instead of typing:
sudo virsh reboot d1
I just typed & rebooted my own box
sudo reboot d1
— nixCraft (@nixcraft) February 19, 2017
I come across quite a few suggestion on Twitter. Let us try out those.
Say hello to molly guard
Molly-Guard try to block you from accidentally running or shutting down or rebooting Linux servers. From the Debian/Ubuntu package description:
The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts, which all have to exit successfully, before molly-guard invokes the real command. One of the scripts checks for existing SSH sessions. If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down. This should adequately prevent you from accidental shutdowns and reboots.
It seems molly-guard has the entry in the Jargon File:
A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer’s toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you’ll see the much less interesting description “guarded button”.
How to install molly guard
Type the reboot command or shutdown command:
$ sudo reboot
$ shutdown -h 0
# sudo shutdown -h 0
### running wrong command such as follows instead of
### sudo virsh reboot vm_name_here
$ sudo reboot vm_name_here
I liked molly-guard so much. I updated my apt-debian-ubuntu-common.yml file with the following lines:
- apt: name: molly-guard
That’s right. It is now part of all of my Debian and Ubuntu servers automation tasks done using Ansible tool.
Related: My 10 UNIX Command Line Mistakes
What if molly-guard not available on my Linux distro or Unix system like FreeBSD?
Fear not, set shell aliases:
## bash shell example ### alias reboot="echo 'Are you sure?' If so, run /sbin/reboot" alias shutdown="echo 'Are you sure?' If so, run /sbin/shutdown"
## bash shell example ###
alias reboot=”echo ‘Are you sure?’ If so, run /sbin/reboot”
alias shutdown=”echo ‘Are you sure?’ If so, run /sbin/shutdown”
You can temporarily get rid of an aliases and run actual command such as reboot:
Another option is to write a shell/perl/python script calling these and asking confirmation for reboot/halt/shutdown options.