diff --git a/launcher.sh b/launcher.sh index a2b0da3..dd04a16 100755 --- a/launcher.sh +++ b/launcher.sh @@ -115,6 +115,7 @@ show_main_menu() { echo "" echo -e " ${YELLOW}8)${NC} 🗑️ Cleanup / Reset - Clear all learned data" echo -e " ${YELLOW}9)${NC} ⚙️ Configuration" + echo -e " ${RED}10)${NC} 🔥 Erase All Traces - Remove toolkit from history/logs" echo "" echo -e " ${RED}0)${NC} Exit" echo "" @@ -1317,6 +1318,7 @@ main() { 7) handle_reporting_menu ;; 8) cleanup_all_data ;; 9) edit_config ;; + 10) bash "$BASE_DIR/tools/erase-toolkit-traces.sh" ;; 0) echo "" echo -e "${GREEN}Thanks for using Server Management Toolkit!${NC}" diff --git a/tools/erase-toolkit-traces.sh b/tools/erase-toolkit-traces.sh new file mode 100755 index 0000000..ab32280 --- /dev/null +++ b/tools/erase-toolkit-traces.sh @@ -0,0 +1,173 @@ +#!/bin/bash + +################################################################################ +# Toolkit Trace Eraser +################################################################################ +# Purpose: Remove all traces of toolkit usage from system +# Use Case: Privacy - ensure no record of toolkit installation/usage +################################################################################ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true + +print_banner "Toolkit Trace Eraser" + +echo "" +echo "This will remove all traces of the Server Toolkit from:" +echo " • Bash history (all toolkit-related commands)" +echo " • System logs (toolkit operations)" +echo " • Download records" +echo " • Temporary files" +echo "" +echo -e "${RED}WARNING: This cannot be undone!${NC}" +echo "" +read -p "Are you sure you want to proceed? (yes/no): " confirm + +if [ "$confirm" != "yes" ]; then + echo "Cancelled." + exit 0 +fi + +echo "" +echo "Removing traces..." +echo "" + +# Patterns to remove from history +PATTERNS=( + "server-toolkit" + "Linux-Server-Management-Toolkit" + "git.mull.lol.*toolkit" + "launcher.sh" + "bot-analyzer" + "cphulk" + "live-attack-monitor" + "system-health-check" + "/root/server-toolkit" + "toolkit.tar.gz" + "curl.*mull.lol" + "wget.*mull.lol" + "git clone.*mull.lol" + "erase-toolkit-traces" +) + +# Clean bash history for root +if [ -f ~/.bash_history ]; then + echo "→ Cleaning root bash history..." + cp ~/.bash_history ~/.bash_history.bak + + for pattern in "${PATTERNS[@]}"; do + sed -i "/$pattern/d" ~/.bash_history + done + + # Also clean in-memory history + for pattern in "${PATTERNS[@]}"; do + history | grep -i "$pattern" | awk '{print $1}' | while read -r num; do + history -d "$num" 2>/dev/null + done + done + + echo " ✓ Root history cleaned" +fi + +# Clean bash history for all users +echo "→ Checking user histories..." +for user_home in /home/*; do + if [ -f "$user_home/.bash_history" ]; then + username=$(basename "$user_home") + echo " → Cleaning history for $username..." + + for pattern in "${PATTERNS[@]}"; do + sed -i "/$pattern/d" "$user_home/.bash_history" + done + + echo " ✓ Cleaned" + fi +done + +# Clean system logs +echo "→ Cleaning system logs..." +if [ -f /var/log/messages ]; then + for pattern in "${PATTERNS[@]}"; do + sed -i "/$pattern/d" /var/log/messages 2>/dev/null + done +fi + +if [ -f /var/log/secure ]; then + for pattern in "${PATTERNS[@]}"; do + sed -i "/$pattern/d" /var/log/secure 2>/dev/null + done +fi + +echo " ✓ System logs cleaned" + +# Clean auth logs +echo "→ Cleaning auth logs..." +for log in /var/log/auth.log* /var/log/secure*; do + if [ -f "$log" ]; then + for pattern in "${PATTERNS[@]}"; do + sed -i "/$pattern/d" "$log" 2>/dev/null + done + fi +done +echo " ✓ Auth logs cleaned" + +# Remove toolkit download artifacts +echo "→ Removing download artifacts..." +rm -f /root/toolkit.tar.gz 2>/dev/null +rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null +rm -f /tmp/toolkit*.tar.gz 2>/dev/null +rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null +echo " ✓ Download artifacts removed" + +# Remove toolkit temp files +echo "→ Removing temporary files..." +rm -rf /tmp/live-monitor-* 2>/dev/null +rm -rf /tmp/server-toolkit-* 2>/dev/null +echo " ✓ Temp files removed" + +# Clean last log and audit trails +echo "→ Cleaning lastlog and wtmp..." +# Note: We don't modify lastlog/wtmp as it might break system auditing +echo " ✓ Skipped (would break system auditing)" + +# Remove toolkit logs +echo "→ Removing toolkit logs..." +rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null +rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null +echo " ✓ Toolkit logs removed" + +# Clean reference database +echo "→ Removing reference database..." +rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null +rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null +echo " ✓ Reference database removed" + +# Offer to remove the entire toolkit +echo "" +echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}" +echo "This will delete: $SCRIPT_DIR" +echo "" +read -p "Remove entire toolkit directory? (yes/no): " remove_dir + +if [ "$remove_dir" = "yes" ]; then + echo "" + echo "Removing toolkit directory..." + cd /root + rm -rf "$SCRIPT_DIR" + echo "" + echo -e "${GREEN}✓ Toolkit completely removed${NC}" + echo "" + echo "All traces have been erased." + exit 0 +else + echo "" + echo -e "${GREEN}✓ History and logs cleaned${NC}" + echo "" + echo "Toolkit directory remains at: $SCRIPT_DIR" + echo "You can manually remove it later with: rm -rf $SCRIPT_DIR" +fi + +echo "" +echo "Note: Active shell sessions may still have history in memory." +echo "Consider logging out and back in for complete cleanup." +echo ""