#!/bin/bash ################################################################################ # Toolkit Trace Eraser ################################################################################ # Purpose: Remove all traces of toolkit usage from system # Use Case: Privacy - ensure no record of toolkit installation/usage ################################################################################ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true print_banner "Toolkit Trace Eraser" echo "" echo "This will remove all traces of the Server Toolkit from:" echo " • Bash history (all toolkit-related commands)" echo " • System logs (toolkit operations)" echo " • Download records" echo " • Temporary files" echo "" echo -e "${RED}WARNING: This cannot be undone!${NC}" echo "" read -p "Are you sure you want to proceed? (yes/no): " confirm if [ "$confirm" != "yes" ]; then echo "Cancelled." exit 0 fi echo "" echo "Removing traces..." echo "" # Patterns to remove from history PATTERNS=( "server-toolkit" "Linux-Server-Management-Toolkit" "git.mull.lol.*toolkit" "launcher.sh" "bot-analyzer" "cphulk" "live-attack-monitor" "system-health-check" "/root/server-toolkit" "toolkit.tar.gz" "curl.*mull.lol" "wget.*mull.lol" "git clone.*mull.lol" "erase-toolkit-traces" ) # Clean bash history for root (will be done at the end to avoid re-adding entries) CLEAN_HISTORY=true # Skip user bash histories - only clean root # (User histories are not touched to avoid affecting normal user operations) # Clean system logs (pattern-based for logs, not history) echo "→ Cleaning system logs..." if [ -f /var/log/messages ]; then for pattern in "${PATTERNS[@]}"; do # Use grep -v instead of sed to avoid regex issues grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true done fi if [ -f /var/log/secure ]; then for pattern in "${PATTERNS[@]}"; do grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true done fi echo " ✓ System logs cleaned" # Clean auth logs echo "→ Cleaning auth logs..." for log in /var/log/auth.log* /var/log/secure*; do if [ -f "$log" ] && [ ! -L "$log" ]; then for pattern in "${PATTERNS[@]}"; do grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true done fi done echo " ✓ Auth logs cleaned" # Remove toolkit download artifacts echo "→ Removing download artifacts..." rm -f /root/toolkit.tar.gz 2>/dev/null rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null rm -f /tmp/toolkit*.tar.gz 2>/dev/null rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null echo " ✓ Download artifacts removed" # Remove toolkit temp files echo "→ Removing temporary files..." rm -rf /tmp/live-monitor-* 2>/dev/null rm -rf /tmp/server-toolkit-* 2>/dev/null echo " ✓ Temp files removed" # Clean last log and audit trails echo "→ Cleaning lastlog and wtmp..." # Note: We don't modify lastlog/wtmp as it might break system auditing echo " ✓ Skipped (would break system auditing)" # Remove toolkit logs echo "→ Removing toolkit logs..." rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null echo " ✓ Toolkit logs removed" # Clean reference database echo "→ Removing reference database..." rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null echo " ✓ Reference database removed" # Offer to remove the entire toolkit echo "" echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}" echo "This will delete: $SCRIPT_DIR" echo "" read -p "Remove entire toolkit directory? (yes/no): " remove_dir if [ "$remove_dir" = "yes" ]; then echo "" echo "Removing toolkit directory..." cd /root rm -rf "$SCRIPT_DIR" echo "" echo -e "${GREEN}✓ Toolkit completely removed${NC}" echo "" echo "All traces have been erased." exit 0 else echo "" echo -e "${GREEN}✓ History and logs cleaned${NC}" echo "" echo "Toolkit directory remains at: $SCRIPT_DIR" echo "You can manually remove it later with: rm -rf $SCRIPT_DIR" fi # Final step: Clean bash history (done last to capture all script commands) if [ "$CLEAN_HISTORY" = true ] && [ -f ~/.bash_history ]; then echo "" echo "→ Final cleanup: Removing bash history..." # Disable history recording for this session to prevent re-adding commands set +o history # Clean in-memory history first using history -d (most reliable method) echo " → Cleaning in-memory history..." GREP_PATTERN="git\.mull\.lol|linux-server-management-toolkit|server-toolkit|launcher\.sh|erase-toolkit-traces" # Get list of history entry numbers to delete (reverse order to maintain numbering) entries_to_delete=$(history | grep -E "$GREP_PATTERN" | awk '{print $1}' | sort -rn) entries_count=$(echo "$entries_to_delete" | grep -c '^' 2>/dev/null || echo 0) # Delete each matching entry from in-memory history for entry_num in $entries_to_delete; do history -d "$entry_num" 2>/dev/null || true done echo " ✓ Removed $entries_count toolkit-related entries from in-memory history" # Write cleaned in-memory history back to file history -w echo " ✓ Cleaned history written to file" echo " ✓ In-memory history reloaded from cleaned file" echo "" echo "NOTE: Other active terminal sessions may still have old history in memory." echo " Run 'exec bash' or 'history -c && history -r' in those terminals," echo " or simply logout/login to start completely fresh." fi echo "" echo "All traces removed. The trace eraser commands will also be" echo "removed when you log out or start a new shell session." echo ""