We run commands to install, test or run some setup a lot and most times daily.
Some of these commands have security risks (malware), or sometimes you can accidentally run a command (typo) that is a security risk. Some commands make infrastructure changes that you need to pay attention to, or else it could all go wrong.
We all try to pay attention to things and take measures, but these things still happen, and sometimes, you don't even know the issues that can happen.
What do people do? What are the best practices? How do people solve this? Am I alone?
Top comments (4)
Follow the principle of least privilege to restrict your own power! Some commands should not be executable as a non-privileged user, so you have to use
sudo
and enter your password — two additional steps against accidentally doing something due to a typo. Of course you could still dosudo rm -rf /*
but it becomes less likely.Don't work on production systems and real user data, if you can code and test a fix or a feature in your local development environment instead. Work in small steps, use automated quality assurance tools and peer review processes.
Use a distinct computer or at least user account for work and leisure, so you won't install any untrusted games or visit dubious websites while logged into work accounts. If you're an employee, make sure to comply to your company's security guidelines and know who you can trust and talk to if something goes wrong.
Finally, you are not alone, and things can happen even if you are super careful. That's why there are insurance companies, data rescue services, and project managers who have learned and practiced how to talk to customers in difficult situations.
Yes this is very true. I guess i might be over thinking some of it. Thank you
At WorkTango, we are SOC2 Type II certified and are currently pursuing NIST 800-53 certification, which heavily influences our practices and procedures in regards to security. Some of the risk mitigation measures we take include:
Thanks the points. I already do a lot of these. Recently ran
terraform apply
and a lot of changes happen. Something like an AI based sudo would come in handy but probably over thinking it.