#!/bin/bash ################################################################################ # Toolkit Trace Eraser ################################################################################ # Purpose: Remove all traces of toolkit usage from system # Use Case: Privacy - ensure no record of toolkit installation/usage ################################################################################ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true print_banner "Toolkit Trace Eraser" # Check if running in auto mode (from launcher exit) if [ "$TRACE_ERASER_AUTO" != "yes" ]; then echo "" echo "This will remove all traces of the Server Toolkit from:" echo " • Bash history (all toolkit-related commands)" echo " • System logs (toolkit operations)" echo " • Download records" echo " • Temporary files" echo "" echo -e "${RED}WARNING: This cannot be undone!${NC}" echo "" read -p "Are you sure you want to proceed? (yes/no): " confirm if [ "$confirm" != "yes" ]; then echo "Cancelled." exit 0 fi fi # Only show progress if not in auto mode if [ "$TRACE_ERASER_AUTO" != "yes" ]; then echo "" echo "Removing traces..." echo "" fi # Patterns to remove from history PATTERNS=( "server-toolkit" "Linux-Server-Management-Toolkit" "git.mull.lol.*toolkit" "launcher.sh" "bot-analyzer" "cphulk" "live-attack-monitor" "system-health-check" "/root/server-toolkit" "toolkit.tar.gz" "curl.*mull.lol" "wget.*mull.lol" "git clone.*mull.lol" "erase-toolkit-traces" ) # Clean bash history for root (will be done at the end to avoid re-adding entries) CLEAN_HISTORY=true # Skip user bash histories - only clean root # (User histories are not touched to avoid affecting normal user operations) # Clean system logs (pattern-based for logs, not history) echo "→ Cleaning system logs..." if [ -f /var/log/messages ]; then for pattern in "${PATTERNS[@]}"; do # Use grep -v instead of sed to avoid regex issues grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true done fi if [ -f /var/log/secure ]; then for pattern in "${PATTERNS[@]}"; do grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true done fi echo " ✓ System logs cleaned" # Clean auth logs echo "→ Cleaning auth logs..." for log in /var/log/auth.log* /var/log/secure*; do if [ -f "$log" ] && [ ! -L "$log" ]; then for pattern in "${PATTERNS[@]}"; do grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true done fi done echo " ✓ Auth logs cleaned" # Remove toolkit download artifacts echo "→ Removing download artifacts..." rm -f /root/toolkit.tar.gz 2>/dev/null rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null rm -f /tmp/toolkit*.tar.gz 2>/dev/null rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null echo " ✓ Download artifacts removed" # Remove toolkit temp files echo "→ Removing temporary files..." rm -rf /tmp/live-monitor-* 2>/dev/null rm -rf /tmp/server-toolkit-* 2>/dev/null echo " ✓ Temp files removed" # Clean last log and audit trails echo "→ Cleaning lastlog and wtmp..." # Note: We don't modify lastlog/wtmp as it might break system auditing echo " ✓ Skipped (would break system auditing)" # Remove toolkit logs echo "→ Removing toolkit logs..." rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null echo " ✓ Toolkit logs removed" # Clean reference database echo "→ Removing reference database..." rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null echo " ✓ Reference database removed" # Clean bash history BEFORE asking about directory removal # (This ensures history is cleaned even if user removes toolkit directory) CLEAN_HISTORY=true if [ "$CLEAN_HISTORY" = true ] && [ -f ~/.bash_history ]; then echo "" echo "→ Final cleanup: Removing bash history..." # Disable history recording AND appending for this session set +o history shopt -u histappend 2>/dev/null || true echo " → Cleaning history file..." GREP_PATTERN="git\.mull\.lol|linux-server-management-toolkit|server-toolkit|launcher\.sh|erase-toolkit-traces" # Clean the history file directly if [ -f ~/.bash_history ]; then cp ~/.bash_history ~/.bash_history.bak.$$ lines_before=$(wc -l < ~/.bash_history.bak.$$ 2>/dev/null || echo 0) grep -Ev "$GREP_PATTERN" ~/.bash_history.bak.$$ > ~/.bash_history 2>/dev/null || true lines_after=$(wc -l < ~/.bash_history 2>/dev/null || echo 0) lines_removed=$((lines_before - lines_after)) rm -f ~/.bash_history.bak.$$ echo " ✓ Removed $lines_removed entries from history file" fi # Clear current session's history completely to prevent re-adding on exit echo " → Clearing current session history..." history -c # Unset HISTFILE to prevent this session from writing on exit unset HISTFILE echo " ✓ Current session history cleared and disabled" echo "" echo -e "${YELLOW}IMPORTANT: Exit this shell immediately after cleanup${NC}" echo "Type: exit" echo "Then start a fresh shell to see cleaned history." fi # Offer to remove the entire toolkit (AFTER history cleaning) if [ "$TRACE_ERASER_AUTO" = "yes" ]; then # Auto mode: quick cleanup, minimal output cd /root 2>/dev/null rm -rf "$SCRIPT_DIR" 2>/dev/null clear echo "" echo -e "${GREEN}✓ All traces removed${NC}" echo "" else # Manual mode: ask user echo "" echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}" echo "This will delete: $SCRIPT_DIR" echo "" read -p "Remove entire toolkit directory? (yes/no): " remove_dir if [ "$remove_dir" = "yes" ]; then echo "" echo "Removing toolkit directory..." cd /root rm -rf "$SCRIPT_DIR" echo "" echo -e "${GREEN}✓ Toolkit completely removed${NC}" echo "" echo "All traces have been erased." else echo "" echo -e "${GREEN}✓ History and logs cleaned${NC}" echo "" echo "Toolkit directory remains at: $SCRIPT_DIR" echo "You can manually remove it later with: rm -rf $SCRIPT_DIR" fi echo "" echo "All traces removed. The trace eraser commands will also be" echo "removed when you log out or start a new shell session." echo "" fi