« Removing EXIF data with find and jhead | Main | Fixing bad MSS discovery across iptables based firewalls »

February 10, 2009

Use molly-guard and stop rebooting the wrong server

Molly-guard is the unix admin analog to Gmail's .

Named after the physical molly-guard, the molly-guard command wraps various commands (by default the halt/reboot/shutdown/poweroff group) and performs various actions before calling them (by default, asking you which host this is). It's a life saver when you've nearly powered down the production database server in a $250/incident datacenter 2000km away thinking it was the print server in the other room.

I'm installing the package in Debian Etch, but there are packages for other Debian releases and, of course, Ubuntu. Normally you'd only need to do sudo apt-get install molly-guard, but Etch's version is very old. Grab from back-ports and install with dpkg.

  • wget http://www.mirrorservice.org/sites/backports.org/pool/main/m/molly-guard/molly-guard_0.4.4-2%7ebpo40%2b1_all.deb
  • sudo dpkg -i molly-guard_0.4.4-2~bpo40+1_all.deb

Now that it's installed, try it out (on a non production box). Here you can see it save me from rebooting the box enterprise that I thought was marathon. Obviously this is of no use if you thought that enterprise was the nethack server.

    Enterprise:~$ sudo reboot
    W: molly-guard: SSH session detected!
    Please type in hostname of the machine to reboot: marathon
    Good thing I asked; I won't reboot Enterprise ...
    W: aborting reboot due to 30-query-hostname exiting with code 1.
    Enterprise:~$

By default you're only protected on sessions that look like SSH sessions (have $SSH_CONNECTION set). If, like us, you use alot of virtual machines and RILOE cards, edit /etc/molly-guard/rc and uncomment ALWAYS_QUERY_HOSTNAME=true. Now you should be prompted for any interactive session.

Posted by spiffed at February 10, 2009 11:28 PM