Add trace eraser tool for privacy

- New tool: erase-toolkit-traces.sh removes all toolkit traces
- Cleans bash history for all users
- Removes toolkit mentions from system logs
- Deletes download artifacts and temp files
- Optional: complete toolkit directory removal
- Added to main menu as option 10

tools/erase-toolkit-traces.sh

@@ -0,0 +1,173 @@
+#!/bin/bash
+
+################################################################################
+# Toolkit Trace Eraser
+################################################################################
+# Purpose: Remove all traces of toolkit usage from system
+# Use Case: Privacy - ensure no record of toolkit installation/usage
+################################################################################
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true
+
+print_banner "Toolkit Trace Eraser"
+
+echo ""
+echo "This will remove all traces of the Server Toolkit from:"
+echo "  • Bash history (all toolkit-related commands)"
+echo "  • System logs (toolkit operations)"
+echo "  • Download records"
+echo "  • Temporary files"
+echo ""
+echo -e "${RED}WARNING: This cannot be undone!${NC}"
+echo ""
+read -p "Are you sure you want to proceed? (yes/no): " confirm
+
+if [ "$confirm" != "yes" ]; then
+    echo "Cancelled."
+    exit 0
+fi
+
+echo ""
+echo "Removing traces..."
+echo ""
+
+# Patterns to remove from history
+PATTERNS=(
+    "server-toolkit"
+    "Linux-Server-Management-Toolkit"
+    "git.mull.lol.*toolkit"
+    "launcher.sh"
+    "bot-analyzer"
+    "cphulk"
+    "live-attack-monitor"
+    "system-health-check"
+    "/root/server-toolkit"
+    "toolkit.tar.gz"
+    "curl.*mull.lol"
+    "wget.*mull.lol"
+    "git clone.*mull.lol"
+    "erase-toolkit-traces"
+)
+
+# Clean bash history for root
+if [ -f ~/.bash_history ]; then
+    echo "→ Cleaning root bash history..."
+    cp ~/.bash_history ~/.bash_history.bak
+
+    for pattern in "${PATTERNS[@]}"; do
+        sed -i "/$pattern/d" ~/.bash_history
+    done
+
+    # Also clean in-memory history
+    for pattern in "${PATTERNS[@]}"; do
+        history | grep -i "$pattern" | awk '{print $1}' | while read -r num; do
+            history -d "$num" 2>/dev/null
+        done
+    done
+
+    echo "  ✓ Root history cleaned"
+fi
+
+# Clean bash history for all users
+echo "→ Checking user histories..."
+for user_home in /home/*; do
+    if [ -f "$user_home/.bash_history" ]; then
+        username=$(basename "$user_home")
+        echo "  → Cleaning history for $username..."
+
+        for pattern in "${PATTERNS[@]}"; do
+            sed -i "/$pattern/d" "$user_home/.bash_history"
+        done
+
+        echo "    ✓ Cleaned"
+    fi
+done
+
+# Clean system logs
+echo "→ Cleaning system logs..."
+if [ -f /var/log/messages ]; then
+    for pattern in "${PATTERNS[@]}"; do
+        sed -i "/$pattern/d" /var/log/messages 2>/dev/null
+    done
+fi
+
+if [ -f /var/log/secure ]; then
+    for pattern in "${PATTERNS[@]}"; do
+        sed -i "/$pattern/d" /var/log/secure 2>/dev/null
+    done
+fi
+
+echo "  ✓ System logs cleaned"
+
+# Clean auth logs
+echo "→ Cleaning auth logs..."
+for log in /var/log/auth.log* /var/log/secure*; do
+    if [ -f "$log" ]; then
+        for pattern in "${PATTERNS[@]}"; do
+            sed -i "/$pattern/d" "$log" 2>/dev/null
+        done
+    fi
+done
+echo "  ✓ Auth logs cleaned"
+
+# Remove toolkit download artifacts
+echo "→ Removing download artifacts..."
+rm -f /root/toolkit.tar.gz 2>/dev/null
+rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
+rm -f /tmp/toolkit*.tar.gz 2>/dev/null
+rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
+echo "  ✓ Download artifacts removed"
+
+# Remove toolkit temp files
+echo "→ Removing temporary files..."
+rm -rf /tmp/live-monitor-* 2>/dev/null
+rm -rf /tmp/server-toolkit-* 2>/dev/null
+echo "  ✓ Temp files removed"
+
+# Clean last log and audit trails
+echo "→ Cleaning lastlog and wtmp..."
+# Note: We don't modify lastlog/wtmp as it might break system auditing
+echo "  ✓ Skipped (would break system auditing)"
+
+# Remove toolkit logs
+echo "→ Removing toolkit logs..."
+rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null
+rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null
+echo "  ✓ Toolkit logs removed"
+
+# Clean reference database
+echo "→ Removing reference database..."
+rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null
+rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null
+echo "  ✓ Reference database removed"
+
+# Offer to remove the entire toolkit
+echo ""
+echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}"
+echo "This will delete: $SCRIPT_DIR"
+echo ""
+read -p "Remove entire toolkit directory? (yes/no): " remove_dir
+
+if [ "$remove_dir" = "yes" ]; then
+    echo ""
+    echo "Removing toolkit directory..."
+    cd /root
+    rm -rf "$SCRIPT_DIR"
+    echo ""
+    echo -e "${GREEN}✓ Toolkit completely removed${NC}"
+    echo ""
+    echo "All traces have been erased."
+    exit 0
+else
+    echo ""
+    echo -e "${GREEN}✓ History and logs cleaned${NC}"
+    echo ""
+    echo "Toolkit directory remains at: $SCRIPT_DIR"
+    echo "You can manually remove it later with: rm -rf $SCRIPT_DIR"
+fi
+
+echo ""
+echo "Note: Active shell sessions may still have history in memory."
+echo "Consider logging out and back in for complete cleanup."
+echo ""