Skip to content

feat(security): add detection rules for destructive shell commands #1484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xieyxclack merged 9 commits into from
Mar 17, 2026
Merged

feat(security): add detection rules for destructive shell commands #1484

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
405f7ec
feat(security): add detection rules for destructive shell commands
pzlav Mar 14, 2026
3c75232
update description of TOOL_CMD_SYSTEM_TAMPERING
pzlav Mar 14, 2026
27f7545
adding word boundaries around the shell names
pzlav Mar 15, 2026
1222e82
-h replaced it with --merge and --keep
pzlav Mar 15, 2026
5451b13
improve mkfs detection to cover mke2fs alias
pzlav Mar 15, 2026
9bf45ee
improve pattern precision across shell detection rules
pzlav Mar 15, 2026
affe341
Update file header and refine shell command detection rules. Remove U…
pzlav Mar 16, 2026
e414890
update file header
pzlav Mar 16, 2026
62cdb7c
add word boundary to kill -9 -1 pattern
pzlav Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 102 additions & 0 deletions src/copaw/security/tool_guard/rules/dangerous_shell_commands.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,105 @@
- "\\bmv\\b"
description: "Shell command contains 'mv' which may move or overwrite files unexpectedly"
remediation: "Confirm with the user before moving or renaming files"

# ── Filesystem & Block Device Destruction ─────────────────────────────
- id: TOOL_CMD_FS_DESTRUCTION
tools: [execute_shell_command]
params: [command]
category: command_injection
severity: CRITICAL
patterns:
- "\\bmkfs\\b"
- "\\bdd\\s+.*of=\\/dev\\/"
- ">\\s*\\/dev\\/(sda|nvme|vd)"
description: "Detects low-level disk formatting or wiping commands"
remediation: "Block operation. Agents should not format or overwrite raw block devices."

# ── Git Data Loss ─────────────────────────────────────────────────────
- id: TOOL_CMD_GIT_DATA_LOSS
tools: [execute_shell_command]
params: [command]
category: command_injection
severity: HIGH
patterns:
- "\\bgit\\s+reset\\s+(--hard|-h\\b)"
- "\\bgit\\s+checkout\\s+(--\\s+\\.|\\.)"
- "\\bgit\\s+clean\\s+-[a-zA-Z]*f"
- "\\bgit\\s+push\\s+.*(--force|-f\\b)"
- "\\bgit\\s+stash\\s+(drop|clear)"
description: "Detects destructive Git operations that discard uncommitted work or rewrite remote history"
remediation: "Suggest using 'git stash' instead of reset/checkout, or 'git push --force-with-lease'."

# ── Denial of Service & Fork Bombs ────────────────────────────────────
- id: TOOL_CMD_DOS_FORK_BOMB
tools: [execute_shell_command]
params: [command]
category: resource_abuse
severity: CRITICAL
patterns:
- ":\\(\\)\\{\\s*:\\|:&\\s*\\};:"
- "\\bkill\\s+-9\\s+(-1|1\\b)"
description: "Detects classic Bash fork bombs and mass process termination"
remediation: "Block immediately. These commands will crash the host system."

# ── Network Loaders (Pipe to Shell) ───────────────────────────────────
- id: TOOL_CMD_PIPE_TO_SHELL
tools: [execute_shell_command]
params: [command]
category: code_execution
severity: CRITICAL
patterns:
- "(curl|wget)\\s+.*\\|\\s*(bash|sh|zsh|ash|dash)"
description: "Detects 'curl | bash' patterns used to download and immediately execute remote payloads"
remediation: "Confirm with user. Agents should inspect scripts before executing them."

# ── Reverse Shell & Network Tunnels ───────────────────────────────────
- id: TOOL_CMD_REVERSE_SHELL
tools: [execute_shell_command]
params: [command]
category: network_abuse
severity: CRITICAL
patterns:
- "\\/dev\\/(tcp|udp)\\/"
- "\\bnc\\s+.*-e\\s+"
- "\\bncat\\s+.*-e\\s+"
- "\\bsocat\\s+.*EXEC:"
description: "Detects attempts to establish reverse shells or unauthorized network tunnels"
remediation: "Block operation. Agents do not need to bind interactive shells to network sockets."

# ── Persistence & Privilege Escalation ────────────────────────────────
- id: TOOL_CMD_SYSTEM_TAMPERING
tools: [execute_shell_command]
params: [command]
category: sensitive_file_access
severity: HIGH
patterns:
- "\\bcrontab\\b"
- "authorized_keys"
- "\\/etc\\/sudoers"
- "\\/etc\\/crontab"
description: "Detects access to cron jobs, SSH keys, or sudo permissions (including reads and modifications)"
remediation: "Confirm with user. Treat any access to credential and scheduling files as sensitive and restrict when possible."

# ── Dangerous Permission Changes ──────────────────────────────────────
- id: TOOL_CMD_UNSAFE_PERMISSIONS
tools: [execute_shell_command]
params: [command]
category: privilege_escalation
severity: HIGH
patterns:
- "\\bchmod\\s+-[a-zA-Z]*R[a-zA-Z]*\\s+(777|a\\+rwx)\\s+\\/"
- "\\bchattr\\s+\\+i"
description: "Detects global permission downgrades (chmod 777) or setting immutable flags"
remediation: "Prompt for confirmation. Suggest least-privilege permission models."

# ── Obfuscation & Defense Evasion ─────────────────────────────────────
- id: TOOL_CMD_OBFUSCATED_EXEC
tools: [execute_shell_command]
params: [command]
category: code_execution
severity: HIGH
patterns:
- "\\bbase64\\s+(-d|--decode)\\s*\\|\\s*(bash|sh|zsh)"
description: "Detects execution of base64 encoded strings passed directly to a shell interpreter"
remediation: "Block execution. Agents should use plain text commands."
Loading