Listen to this Post
Linux offers powerful tools to manipulate system behavior in creative ways. While this method isn’t practical for real security, it demonstrates Linux’s flexibility. Here’s how to implement a playful (but non-destructive) way to disrupt an unwanted session using whoami.
Original Read on Medium
You Should Know:
Step 1: Modify the `whoami` Command
The idea is to override the default `whoami` command to terminate a session when executed.
sudo nano /usr/bin/whoami
Replace its content with:
!/bin/bash kill -9 $$
Make it executable:
sudo chmod +x /usr/bin/whoami
Now, running `whoami` will kill the current shell session.
Step 2: Alternative Approach (Less Destructive)
Instead of killing the session, log the unauthorized access attempt:
!/bin/bash echo "Unauthorized session attempt by $(id -un) at $(date)" >> /var/log/hacker.log exit 1
Step 3: Restore Original `whoami`
To revert, reinstall the `coreutils` package:
sudo apt-get install --reinstall coreutils Debian/Ubuntu sudo yum reinstall coreutils CentOS/RHEL
Additional Security Commands
- Check active sessions:
w who last
-
Kill a specific session:
pkill -9 -t pts/1 Replace pts/1 with the target TTY
-
Monitor suspicious logins:
tail -f /var/log/auth.log grep "Failed password" /var/log/auth.log
What Undercode Say
While this trick is more humorous than practical, it highlights Linux’s ability to customize system behavior. For real security:
– Use fail2ban to block brute-force attacks.
– Restrict SSH access with `AllowUsers` in /etc/ssh/sshd_config.
– Monitor logs with `auditd` or syslog-ng.
Always test modifications in a safe environment before deploying them.
Expected Output:
A terminated shell session or logged unauthorized access attempt in /var/log/hacker.log.
Reference: Medium
References:
Reported By: Activity 7318622742184894465 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
