Skip to content

Instantly share code, notes, and snippets.

@ideadude
Last active January 10, 2024 22:14
Show Gist options
  • Save ideadude/af1041e756725e896d305d5850fa0785 to your computer and use it in GitHub Desktop.
Save ideadude/af1041e756725e896d305d5850fa0785 to your computer and use it in GitHub Desktop.
Scrub emails out of an access log and note affected emails in scrubbed_text.txt
##
# Clean passwords out of access logs.
# Be sure to update the LOG_FILE line to match the location of your log file.
# This will edit your log files. You can back it up and then delete the backup if this works.
# This will also create a file scrubbed_emails.txt with a list of affected emails.
# This requires that both the password and password2 fields be in the logs.
# If you don't have password2 fields, edit the script to use the field that comes after password in your logs.
##
#!/bin/bash
LOG_FILE="access.log" # Replace with your actual log file name
EMAIL_LOG_FILE="scrubbed_emails.txt"
# Ensure the email log file exists
touch $EMAIL_LOG_FILE
# Process each line
while IFS= read -r line; do
if echo "$line" | grep -q "checkout_levels.*password="; then
# Extract the email and password
email=$(echo $line | grep -oP 'bemail=\K[^&\s]*')
password=$(echo $line | grep -oP 'password=\K(.*?)(?=&password2=)')
password2=$(echo $line | grep -oP 'password2=\K(.*?)(?=&bemail=)')
# Append the email to the email log file
echo $email >> $EMAIL_LOG_FILE
# Replace the line in the log file
escaped_password=$(echo $password | sed 's/[]\/$*.^|[]/\\&/g')
escaped_password2=$(echo $password2 | sed 's/[]\/$*.^[]/\\&/g')
find_string="password=$escaped_password&password2=$escaped_password2"
replace_string="password=SCRUBBED&password2=SCRUBBED"
sed -i "s~$find_string~$replace_string~g" $LOG_FILE
fi
done < "$LOG_FILE"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment