I'm a system integrator(evidently noob), and today i've made my first scan with rkhunter, a tool that look into the system for check the presence of rootkits.
After that scan i -foolishly- decided to remove the files inside /tmp/ directory, because rkhunter made some warning related to files inside it.
The sequence of commands i gave was :
cd /tmp/
ls
cd tracker-lese/
ls
ls -la
cd ..
rm * .
ls -la
rm -fr * /tmp/
Explaination : I was root, i mooved inside /tmp/ directory, i listed the content, I tryed to understand what was the content of tracker-lese/ directory, i went back to the /tmp/ directory, /!\ i did a rm * . that i beleaved it did nothing(but maybe is where im missing understanding), and then i did a forced, recursive rm
After that impulsive operation , system began having troubles, and after reboot i could not login into the machine anymore.
Edit:
output of the command ls -ld /tmp/
drwxr-xr-x 6 root root 4096 Apr 8 19:19 /tmp/
Best Answer
The arguments you gave to
rmtold it to remove everything in the current directory except from hidden files (*) as well as the /tmp directory with all contents (/tmp/).To know what the consequences of that command may have been, we need to know two things. Which user did you run the command as, and what was the current directory.
If you executed the command from your home directory, and you were not logged in as root, the damage would be limited to losing contents of your home directory. In that case you could create a new user or copy over the standard contents for a new home directory from
/etc/skel.If you ran the command as root, you would not only have removed all contents of /tmp but the /tmp directory as well. That could cause many applications to fail. You can create a new /tmp directory by running
mkdir -m 1777 /tmpas root. What other damage you would have done by running that rm command as root depends on what your current directory was.