cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Linux-Server-Management-Too…/tools/erase-toolkit-traces.sh
T
cschantz cd079bd7b6 Fix HIGH priority issues: paths, globs, deps, wordsplit 
- Fixed 3 unquoted path expansions in cleanup-toolkit-data.sh
  (lines 175, 192-193: quoted $pattern in ls/rm commands)

- Fixed 3 unquoted globs in erase/malware-scanner scripts
  (erase-toolkit-traces.sh lines 103-104, malware-scanner.sh line 229)

- Added system-detect.sh sourcing to email-functions.sh
  (fixes 5 HIGH priority DEP warnings for detect_control_panel)

- Fixed 2 WORDSPLIT issues in mysql-analyzer.sh
  (lines 137, 362: changed from for loops to while read loops
   to safely handle database/table names with spaces)
2026-01-02 17:21:19 -05:00

202 lines
6.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
################################################################################
# Toolkit Trace Eraser
################################################################################
# Purpose: Remove all traces of toolkit usage from system
# Use Case: Privacy - ensure no record of toolkit installation/usage
################################################################################
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true
print_banner "Toolkit Trace Eraser"
# Check if running in auto mode (from launcher exit)
if [ "$TRACE_ERASER_AUTO" != "yes" ]; then
echo ""
echo "This will remove all traces of the Server Toolkit from:"
echo " • Bash history (all toolkit-related commands)"
echo " • System logs (toolkit operations)"
echo " • Download records"
echo " • Temporary files"
echo ""
echo -e "${RED}WARNING: This cannot be undone!${NC}"
echo ""
read -p "Are you sure you want to proceed? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Cancelled."
exit 0
fi
fi
# Only show progress if not in auto mode
if [ "$TRACE_ERASER_AUTO" != "yes" ]; then
echo ""
echo "Removing traces..."
echo ""
fi
# Patterns to remove from history
PATTERNS=(
"server-toolkit"
"Linux-Server-Management-Toolkit"
"git.mull.lol.*toolkit"
"launcher.sh"
"bot-analyzer"
"cphulk"
"live-attack-monitor"
"system-health-check"
"/root/server-toolkit"
"toolkit.tar.gz"
"curl.*mull.lol"
"wget.*mull.lol"
"git clone.*mull.lol"
"erase-toolkit-traces"
)
# Clean bash history for root (will be done at the end to avoid re-adding entries)
CLEAN_HISTORY=true
# Skip user bash histories - only clean root
# (User histories are not touched to avoid affecting normal user operations)
# Clean system logs (pattern-based for logs, not history)
echo "→ Cleaning system logs..."
if [ -f /var/log/messages ]; then
for pattern in "${PATTERNS[@]}"; do
# Use grep -v instead of sed to avoid regex issues
grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true
done
fi
if [ -f /var/log/secure ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true
done
fi
echo " ✓ System logs cleaned"
# Clean auth logs
echo "→ Cleaning auth logs..."
for log in /var/log/auth.log* /var/log/secure*; do
if [ -f "$log" ] && [ ! -L "$log" ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true
done
fi
done
echo " ✓ Auth logs cleaned"
# Remove toolkit download artifacts
echo "→ Removing download artifacts..."
rm -f /root/toolkit.tar.gz 2>/dev/null
rm -f /root/"Linux-Server-Management-Toolkit"*.tar.gz 2>/dev/null
rm -f /tmp/"toolkit"*.tar.gz 2>/dev/null
rm -f /tmp/"Linux-Server-Management-Toolkit"*.tar.gz 2>/dev/null
echo " ✓ Download artifacts removed"
# Remove toolkit temp files
echo "→ Removing temporary files..."
rm -rf /tmp/"live-monitor-"* 2>/dev/null
rm -rf /tmp/"server-toolkit-"* 2>/dev/null
echo " ✓ Temp files removed"
# Clean last log and audit trails
echo "→ Cleaning lastlog and wtmp..."
# Note: We don't modify lastlog/wtmp as it might break system auditing
echo " ✓ Skipped (would break system auditing)"
# Remove toolkit logs
echo "→ Removing toolkit logs..."
rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null
rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null
echo " ✓ Toolkit logs removed"
# Clean reference database
echo "→ Removing reference database..."
rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null
rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null
echo " ✓ Reference database removed"
# Clean bash history BEFORE asking about directory removal
# (This ensures history is cleaned even if user removes toolkit directory)
CLEAN_HISTORY=true
if [ "$CLEAN_HISTORY" = true ] && [ -f ~/.bash_history ]; then
echo ""
echo "→ Final cleanup: Removing bash history..."
# Disable history recording AND appending for this session
set +o history
shopt -u histappend 2>/dev/null || true
echo " → Cleaning history file..."
GREP_PATTERN="git\.mull\.lol|linux-server-management-toolkit|server-toolkit|launcher\.sh|erase-toolkit-traces"
# Clean the history file directly
if [ -f ~/.bash_history ]; then
cp ~/.bash_history ~/.bash_history.bak.$$
lines_before=$(wc -l < ~/.bash_history.bak.$$ 2>/dev/null || echo 0)
grep -Ev "$GREP_PATTERN" ~/.bash_history.bak.$$ > ~/.bash_history 2>/dev/null || true
lines_after=$(wc -l < ~/.bash_history 2>/dev/null || echo 0)
lines_removed=$((lines_before - lines_after))
rm -f ~/.bash_history.bak.$$
echo " ✓ Removed $lines_removed entries from history file"
fi
# Clear current session's history completely to prevent re-adding on exit
echo " → Clearing current session history..."
history -c
# Unset HISTFILE to prevent this session from writing on exit
unset HISTFILE
echo " ✓ Current session history cleared and disabled"
echo ""
echo -e "${YELLOW}IMPORTANT: Exit this shell immediately after cleanup${NC}"
echo "Type: exit"
echo "Then start a fresh shell to see cleaned history."
fi
# Offer to remove the entire toolkit (AFTER history cleaning)
if [ "$TRACE_ERASER_AUTO" = "yes" ]; then
# Auto mode: quick cleanup, minimal output
cd /root 2>/dev/null
[ -n "$SCRIPT_DIR" ] && rm -rf "$SCRIPT_DIR" 2>/dev/null
clear
echo ""
echo -e "${GREEN}✓ All traces removed${NC}"
echo ""
else
# Manual mode: ask user
echo ""
echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}"
echo "This will delete: $SCRIPT_DIR"
echo ""
read -p "Remove entire toolkit directory? (yes/no): " remove_dir
if [ "$remove_dir" = "yes" ]; then
echo ""
echo "Removing toolkit directory..."
cd /root
[ -n "$SCRIPT_DIR" ] && rm -rf "$SCRIPT_DIR"
echo ""
echo -e "${GREEN}✓ Toolkit completely removed${NC}"
echo ""
echo "All traces have been erased."
else
echo ""
echo -e "${GREEN}✓ History and logs cleaned${NC}"
echo ""
echo "Toolkit directory remains at: $SCRIPT_DIR"
echo "You can manually remove it later with: [ -n \"\$SCRIPT_DIR\" ] && rm -rf \"\$SCRIPT_DIR\""
fi
echo ""
echo "All traces removed. The trace eraser commands will also be"
echo "removed when you log out or start a new shell session."
echo ""
fi
Reference in New Issue View Git Blame Copy Permalink