cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1385d857264d8387655a6e2432b909c0a606c26d
Linux-Server-Management-Too…/tools/erase-toolkit-traces.sh
T
cschantz 32984cd62a Add leading space tip to trace eraser 
Changes:
- Add tip about using leading space to prevent history recording
- Shows example with space before curl command
- Explains HISTCONTROL=ignorespace behavior

Best Practice:
 curl -sL https://git.mull.lol/.../tar.gz | tar xz
 ↑ Leading space prevents command from being saved to history

Works on most systems where HISTCONTROL includes ignorespace
2025-11-11 17:34:14 -05:00

193 lines
6.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
################################################################################
# Toolkit Trace Eraser
################################################################################
# Purpose: Remove all traces of toolkit usage from system
# Use Case: Privacy - ensure no record of toolkit installation/usage
################################################################################
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true
print_banner "Toolkit Trace Eraser"
echo ""
echo "This will remove all traces of the Server Toolkit from:"
echo " • Bash history (all toolkit-related commands)"
echo " • System logs (toolkit operations)"
echo " • Download records"
echo " • Temporary files"
echo ""
echo -e "${YELLOW}TIP: Prevent history recording in the first place!${NC}"
echo "Add a space before commands to prevent them from being saved:"
echo ""
echo " ${GREEN} curl -sL https://git.mull.lol/.../archive/main.tar.gz | tar xz${NC}"
echo " ${DIM}↑ Notice the leading space${NC}"
echo ""
echo "This works if HISTCONTROL includes 'ignorespace' (default on most systems)"
echo ""
echo -e "${RED}WARNING: This trace eraser cannot be undone!${NC}"
echo ""
read -p "Are you sure you want to proceed? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Cancelled."
exit 0
fi
echo ""
echo "Removing traces..."
echo ""
# Patterns to remove from history
PATTERNS=(
"server-toolkit"
"Linux-Server-Management-Toolkit"
"git.mull.lol.*toolkit"
"launcher.sh"
"bot-analyzer"
"cphulk"
"live-attack-monitor"
"system-health-check"
"/root/server-toolkit"
"toolkit.tar.gz"
"curl.*mull.lol"
"wget.*mull.lol"
"git clone.*mull.lol"
"erase-toolkit-traces"
)
# Clean bash history for root (will be done at the end to avoid re-adding entries)
CLEAN_HISTORY=true
# Skip user bash histories - only clean root
# (User histories are not touched to avoid affecting normal user operations)
# Clean system logs (pattern-based for logs, not history)
echo "→ Cleaning system logs..."
if [ -f /var/log/messages ]; then
for pattern in "${PATTERNS[@]}"; do
# Use grep -v instead of sed to avoid regex issues
grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true
done
fi
if [ -f /var/log/secure ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true
done
fi
echo " ✓ System logs cleaned"
# Clean auth logs
echo "→ Cleaning auth logs..."
for log in /var/log/auth.log* /var/log/secure*; do
if [ -f "$log" ] && [ ! -L "$log" ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true
done
fi
done
echo " ✓ Auth logs cleaned"
# Remove toolkit download artifacts
echo "→ Removing download artifacts..."
rm -f /root/toolkit.tar.gz 2>/dev/null
rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
rm -f /tmp/toolkit*.tar.gz 2>/dev/null
rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
echo " ✓ Download artifacts removed"
# Remove toolkit temp files
echo "→ Removing temporary files..."
rm -rf /tmp/live-monitor-* 2>/dev/null
rm -rf /tmp/server-toolkit-* 2>/dev/null
echo " ✓ Temp files removed"
# Clean last log and audit trails
echo "→ Cleaning lastlog and wtmp..."
# Note: We don't modify lastlog/wtmp as it might break system auditing
echo " ✓ Skipped (would break system auditing)"
# Remove toolkit logs
echo "→ Removing toolkit logs..."
rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null
rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null
echo " ✓ Toolkit logs removed"
# Clean reference database
echo "→ Removing reference database..."
rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null
rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null
echo " ✓ Reference database removed"
# Clean bash history BEFORE asking about directory removal
# (This ensures history is cleaned even if user removes toolkit directory)
CLEAN_HISTORY=true
if [ "$CLEAN_HISTORY" = true ] && [ -f ~/.bash_history ]; then
echo ""
echo "→ Final cleanup: Removing bash history..."
# Disable history recording AND appending for this session
set +o history
shopt -u histappend 2>/dev/null || true
echo " → Cleaning history file..."
GREP_PATTERN="git\.mull\.lol|linux-server-management-toolkit|server-toolkit|launcher\.sh|erase-toolkit-traces"
# Clean the history file directly
if [ -f ~/.bash_history ]; then
cp ~/.bash_history ~/.bash_history.bak.$$
lines_before=$(wc -l < ~/.bash_history.bak.$$ 2>/dev/null || echo 0)
grep -Ev "$GREP_PATTERN" ~/.bash_history.bak.$$ > ~/.bash_history 2>/dev/null || true
lines_after=$(wc -l < ~/.bash_history 2>/dev/null || echo 0)
lines_removed=$((lines_before - lines_after))
rm -f ~/.bash_history.bak.$$
echo " ✓ Removed $lines_removed entries from history file"
fi
# Clear current session's history completely to prevent re-adding on exit
echo " → Clearing current session history..."
history -c
# Unset HISTFILE to prevent this session from writing on exit
unset HISTFILE
echo " ✓ Current session history cleared and disabled"
echo ""
echo -e "${YELLOW}IMPORTANT: Exit this shell immediately after cleanup${NC}"
echo "Type: exit"
echo "Then start a fresh shell to see cleaned history."
fi
# Offer to remove the entire toolkit (AFTER history cleaning)
echo ""
echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}"
echo "This will delete: $SCRIPT_DIR"
echo ""
read -p "Remove entire toolkit directory? (yes/no): " remove_dir
if [ "$remove_dir" = "yes" ]; then
echo ""
echo "Removing toolkit directory..."
cd /root
rm -rf "$SCRIPT_DIR"
echo ""
echo -e "${GREEN}✓ Toolkit completely removed${NC}"
echo ""
echo "All traces have been erased."
else
echo ""
echo -e "${GREEN}✓ History and logs cleaned${NC}"
echo ""
echo "Toolkit directory remains at: $SCRIPT_DIR"
echo "You can manually remove it later with: rm -rf $SCRIPT_DIR"
fi
echo ""
echo "All traces removed. The trace eraser commands will also be"
echo "removed when you log out or start a new shell session."
echo ""
Reference in New Issue View Git Blame Copy Permalink