Earlier today Dwayne Boyland was saved from deleting all of the files on his computer when a simple command meant to clean up hidden files in his home directory began to traverse his entire system.
“I had some big hidden directories so I wasn’t too surprised when it took awhile to run the rm command. But after about 90 seconds, I started to realize something was wrong.”
The command Boyland ran was
rm -rf .*. According to him he had
some files owned by root in his home directory and so he prefaced
the command with the privilege escalation tool,
However, what could’ve turned into a major issue was prevented because after 90 seconds, his system was still trying to delete all of the logs his corporation’s IT department had on his system.
“Apparently they had configured auditd so it was creating a new log file for every event on the system,” Boyland said, “There was a log file for every file I had ever opened, every key I’d ever hit, and network connection I’d ever made. I was still a couple hundred thousand files away from deleting all of that when I hit control C and stopped the process. IT really saved my bacon today.”
Still, while Boyland is happy he was saved, he wasn’t all sunshine and roses, “I guess this explains why my system never finishes a virus scan before the next one starts and why whenever I try to see what files are in /var/log my system hangs. I’m gonna file a ticket with them so that they can get it resolved.”
When reached for comment, Boyland’s IT department responded, “We’re currently in the process of escalating your request. In the mean time, if you could make sure your system is connected to Active Directory by following the steps below, it will ensure that our solution can be deployed as quickly as possible.”