diff --git a/tools/erase-toolkit-traces.sh b/tools/erase-toolkit-traces.sh index ab32280..69fcbe2 100755 --- a/tools/erase-toolkit-traces.sh +++ b/tools/erase-toolkit-traces.sh @@ -55,18 +55,22 @@ if [ -f ~/.bash_history ]; then echo "→ Cleaning root bash history..." cp ~/.bash_history ~/.bash_history.bak - for pattern in "${PATTERNS[@]}"; do - sed -i "/$pattern/d" ~/.bash_history - done + # Remove last 50 lines from history file (covers toolkit download/usage) + total_lines=$(wc -l < ~/.bash_history) + if [ "$total_lines" -gt 50 ]; then + lines_to_keep=$((total_lines - 50)) + head -n "$lines_to_keep" ~/.bash_history > ~/.bash_history.tmp + mv ~/.bash_history.tmp ~/.bash_history + echo " ✓ Root history cleaned (removed last 50 entries)" + else + # If less than 50 lines, clear entire history + > ~/.bash_history + echo " ✓ Root history cleared (file had < 50 entries)" + fi - # Also clean in-memory history - for pattern in "${PATTERNS[@]}"; do - history | grep -i "$pattern" | awk '{print $1}' | while read -r num; do - history -d "$num" 2>/dev/null - done - done - - echo " ✓ Root history cleaned" + # Clear in-memory history as well + history -c + history -w fi # Clean bash history for all users @@ -76,25 +80,34 @@ for user_home in /home/*; do username=$(basename "$user_home") echo " → Cleaning history for $username..." - for pattern in "${PATTERNS[@]}"; do - sed -i "/$pattern/d" "$user_home/.bash_history" - done - - echo " ✓ Cleaned" + # Remove last 50 lines from user history + total_lines=$(wc -l < "$user_home/.bash_history") + if [ "$total_lines" -gt 50 ]; then + lines_to_keep=$((total_lines - 50)) + head -n "$lines_to_keep" "$user_home/.bash_history" > "$user_home/.bash_history.tmp" + mv "$user_home/.bash_history.tmp" "$user_home/.bash_history" + chown "$username:$username" "$user_home/.bash_history" 2>/dev/null + echo " ✓ Cleaned (removed last 50 entries)" + else + > "$user_home/.bash_history" + chown "$username:$username" "$user_home/.bash_history" 2>/dev/null + echo " ✓ Cleared (file had < 50 entries)" + fi fi done -# Clean system logs +# Clean system logs (pattern-based for logs, not history) echo "→ Cleaning system logs..." if [ -f /var/log/messages ]; then for pattern in "${PATTERNS[@]}"; do - sed -i "/$pattern/d" /var/log/messages 2>/dev/null + # Use grep -v instead of sed to avoid regex issues + grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true done fi if [ -f /var/log/secure ]; then for pattern in "${PATTERNS[@]}"; do - sed -i "/$pattern/d" /var/log/secure 2>/dev/null + grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true done fi @@ -103,9 +116,9 @@ echo " ✓ System logs cleaned" # Clean auth logs echo "→ Cleaning auth logs..." for log in /var/log/auth.log* /var/log/secure*; do - if [ -f "$log" ]; then + if [ -f "$log" ] && [ ! -L "$log" ]; then for pattern in "${PATTERNS[@]}"; do - sed -i "/$pattern/d" "$log" 2>/dev/null + grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true done fi done