#!/bin/bash ################################################################################ # Toolkit Trace Eraser ################################################################################ # Purpose: Remove all traces of toolkit usage from system # Use Case: Privacy - ensure no record of toolkit installation/usage ################################################################################ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true print_banner "Toolkit Trace Eraser" echo "" echo "This will remove all traces of the Server Toolkit from:" echo " • Bash history (all toolkit-related commands)" echo " • System logs (toolkit operations)" echo " • Download records" echo " • Temporary files" echo "" echo -e "${RED}WARNING: This cannot be undone!${NC}" echo "" read -p "Are you sure you want to proceed? (yes/no): " confirm if [ "$confirm" != "yes" ]; then echo "Cancelled." exit 0 fi echo "" echo "Removing traces..." echo "" # Patterns to remove from history PATTERNS=( "server-toolkit" "Linux-Server-Management-Toolkit" "git.mull.lol.*toolkit" "launcher.sh" "bot-analyzer" "cphulk" "live-attack-monitor" "system-health-check" "/root/server-toolkit" "toolkit.tar.gz" "curl.*mull.lol" "wget.*mull.lol" "git clone.*mull.lol" "erase-toolkit-traces" ) # Clean bash history for root (will be done at the end to avoid re-adding entries) CLEAN_HISTORY=true # Skip user bash histories - only clean root # (User histories are not touched to avoid affecting normal user operations) # Clean system logs (pattern-based for logs, not history) echo "→ Cleaning system logs..." if [ -f /var/log/messages ]; then for pattern in "${PATTERNS[@]}"; do # Use grep -v instead of sed to avoid regex issues grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true done fi if [ -f /var/log/secure ]; then for pattern in "${PATTERNS[@]}"; do grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true done fi echo " ✓ System logs cleaned" # Clean auth logs echo "→ Cleaning auth logs..." for log in /var/log/auth.log* /var/log/secure*; do if [ -f "$log" ] && [ ! -L "$log" ]; then for pattern in "${PATTERNS[@]}"; do grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true done fi done echo " ✓ Auth logs cleaned" # Remove toolkit download artifacts echo "→ Removing download artifacts..." rm -f /root/toolkit.tar.gz 2>/dev/null rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null rm -f /tmp/toolkit*.tar.gz 2>/dev/null rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null echo " ✓ Download artifacts removed" # Remove toolkit temp files echo "→ Removing temporary files..." rm -rf /tmp/live-monitor-* 2>/dev/null rm -rf /tmp/server-toolkit-* 2>/dev/null echo " ✓ Temp files removed" # Clean last log and audit trails echo "→ Cleaning lastlog and wtmp..." # Note: We don't modify lastlog/wtmp as it might break system auditing echo " ✓ Skipped (would break system auditing)" # Remove toolkit logs echo "→ Removing toolkit logs..." rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null echo " ✓ Toolkit logs removed" # Clean reference database echo "→ Removing reference database..." rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null echo " ✓ Reference database removed" # Offer to remove the entire toolkit echo "" echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}" echo "This will delete: $SCRIPT_DIR" echo "" read -p "Remove entire toolkit directory? (yes/no): " remove_dir if [ "$remove_dir" = "yes" ]; then echo "" echo "Removing toolkit directory..." cd /root rm -rf "$SCRIPT_DIR" echo "" echo -e "${GREEN}✓ Toolkit completely removed${NC}" echo "" echo "All traces have been erased." exit 0 else echo "" echo -e "${GREEN}✓ History and logs cleaned${NC}" echo "" echo "Toolkit directory remains at: $SCRIPT_DIR" echo "You can manually remove it later with: rm -rf $SCRIPT_DIR" fi # Final step: Clean bash history (done last to capture all script commands) if [ "$CLEAN_HISTORY" = true ] && [ -f ~/.bash_history ]; then echo "" echo "→ Final cleanup: Removing bash history..." # Disable history recording for this session to prevent re-adding commands set +o history # Remove toolkit-related entries from history file cp ~/.bash_history ~/.bash_history.tmp # Remove lines containing toolkit-related patterns grep -v "git.mull.lol" ~/.bash_history.tmp > ~/.bash_history.tmp2 2>/dev/null || true grep -v "linux-server-management-toolkit" ~/.bash_history.tmp2 > ~/.bash_history.tmp3 2>/dev/null || true grep -v "server-toolkit" ~/.bash_history.tmp3 > ~/.bash_history.tmp4 2>/dev/null || true grep -v "launcher.sh" ~/.bash_history.tmp4 > ~/.bash_history.tmp5 2>/dev/null || true grep -v "erase-toolkit-traces" ~/.bash_history.tmp5 > ~/.bash_history 2>/dev/null || true # Calculate lines removed before deleting temp files lines_before=$(wc -l < ~/.bash_history.tmp 2>/dev/null || echo 0) lines_after=$(wc -l < ~/.bash_history 2>/dev/null || echo 0) lines_removed=$((lines_before - lines_after)) # Clean up temp files rm -f ~/.bash_history.tmp* echo " ✓ Removed $lines_removed toolkit-related history entries" # Clear in-memory history completely history -c # Write the empty history to file history -w echo "" echo " ✓ Bash history cleaned" echo "" echo "NOTE: Run 'exec bash' or logout/login to start fresh shell with clean history." fi echo "" echo "All traces removed. The trace eraser commands will also be" echo "removed when you log out or start a new shell session." echo ""