cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b3e03c5b0d59fca878f60f1b7e5b175084546b60
Linux-Server-Management-Too…/tools/erase-toolkit-traces.sh
T
cschantz b3e03c5b0d Add file-based history cleaning to trace eraser 
Changes:
- Clean ~/.bash_history file directly after in-memory cleaning
- Handles commands from other terminal sessions
- Ensures complete cleanup even if history not yet written

Issue:
- history -d only cleans current session's in-memory history
- Commands from other sessions remain in ~/.bash_history file
- User's curl command persisted because it was from different session

Solution:
- After history -w, also grep -Ev on the history file
- Removes toolkit commands regardless of which session added them

Tested:
✓ Pattern matches user's curl command format
✓ Extracts correct entry numbers
2025-11-11 17:15:54 -05:00

204 lines
6.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
################################################################################
# Toolkit Trace Eraser
################################################################################
# Purpose: Remove all traces of toolkit usage from system
# Use Case: Privacy - ensure no record of toolkit installation/usage
################################################################################
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true
print_banner "Toolkit Trace Eraser"
echo ""
echo "This will remove all traces of the Server Toolkit from:"
echo " • Bash history (all toolkit-related commands)"
echo " • System logs (toolkit operations)"
echo " • Download records"
echo " • Temporary files"
echo ""
echo -e "${RED}WARNING: This cannot be undone!${NC}"
echo ""
read -p "Are you sure you want to proceed? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Cancelled."
exit 0
fi
echo ""
echo "Removing traces..."
echo ""
# Patterns to remove from history
PATTERNS=(
"server-toolkit"
"Linux-Server-Management-Toolkit"
"git.mull.lol.*toolkit"
"launcher.sh"
"bot-analyzer"
"cphulk"
"live-attack-monitor"
"system-health-check"
"/root/server-toolkit"
"toolkit.tar.gz"
"curl.*mull.lol"
"wget.*mull.lol"
"git clone.*mull.lol"
"erase-toolkit-traces"
)
# Clean bash history for root (will be done at the end to avoid re-adding entries)
CLEAN_HISTORY=true
# Skip user bash histories - only clean root
# (User histories are not touched to avoid affecting normal user operations)
# Clean system logs (pattern-based for logs, not history)
echo "→ Cleaning system logs..."
if [ -f /var/log/messages ]; then
for pattern in "${PATTERNS[@]}"; do
# Use grep -v instead of sed to avoid regex issues
grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true
done
fi
if [ -f /var/log/secure ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true
done
fi
echo " ✓ System logs cleaned"
# Clean auth logs
echo "→ Cleaning auth logs..."
for log in /var/log/auth.log* /var/log/secure*; do
if [ -f "$log" ] && [ ! -L "$log" ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true
done
fi
done
echo " ✓ Auth logs cleaned"
# Remove toolkit download artifacts
echo "→ Removing download artifacts..."
rm -f /root/toolkit.tar.gz 2>/dev/null
rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
rm -f /tmp/toolkit*.tar.gz 2>/dev/null
rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
echo " ✓ Download artifacts removed"
# Remove toolkit temp files
echo "→ Removing temporary files..."
rm -rf /tmp/live-monitor-* 2>/dev/null
rm -rf /tmp/server-toolkit-* 2>/dev/null
echo " ✓ Temp files removed"
# Clean last log and audit trails
echo "→ Cleaning lastlog and wtmp..."
# Note: We don't modify lastlog/wtmp as it might break system auditing
echo " ✓ Skipped (would break system auditing)"
# Remove toolkit logs
echo "→ Removing toolkit logs..."
rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null
rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null
echo " ✓ Toolkit logs removed"
# Clean reference database
echo "→ Removing reference database..."
rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null
rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null
echo " ✓ Reference database removed"
# Offer to remove the entire toolkit
echo ""
echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}"
echo "This will delete: $SCRIPT_DIR"
echo ""
read -p "Remove entire toolkit directory? (yes/no): " remove_dir
if [ "$remove_dir" = "yes" ]; then
echo ""
echo "Removing toolkit directory..."
cd /root
rm -rf "$SCRIPT_DIR"
echo ""
echo -e "${GREEN}✓ Toolkit completely removed${NC}"
echo ""
echo "All traces have been erased."
exit 0
else
echo ""
echo -e "${GREEN}✓ History and logs cleaned${NC}"
echo ""
echo "Toolkit directory remains at: $SCRIPT_DIR"
echo "You can manually remove it later with: rm -rf $SCRIPT_DIR"
fi
# Final step: Clean bash history (done last to capture all script commands)
if [ "$CLEAN_HISTORY" = true ] && [ -f ~/.bash_history ]; then
echo ""
echo "→ Final cleanup: Removing bash history..."
# Disable history recording for this session to prevent re-adding commands
set +o history
# Clean in-memory history first using history -d (most reliable method)
echo " → Cleaning in-memory history..."
GREP_PATTERN="git\.mull\.lol|linux-server-management-toolkit|server-toolkit|launcher\.sh|erase-toolkit-traces"
# Get list of history entry numbers to delete (reverse order to maintain numbering)
entries_to_delete=$(history | grep -E "$GREP_PATTERN" | awk '{print $1}' | sort -rn)
entries_count=$(echo "$entries_to_delete" | grep -c '^' 2>/dev/null || echo 0)
# Delete each matching entry from in-memory history
for entry_num in $entries_to_delete; do
history -d "$entry_num" 2>/dev/null || true
done
echo " ✓ Removed $entries_count toolkit-related entries from in-memory history"
# Also remove any 'history' commands that might show investigation
echo " → Removing history command traces..."
history_entries=$(history | grep -E '^\s*[0-9]+\s+.*history' | awk '{print $1}' | sort -rn)
history_count=$(echo "$history_entries" | grep -c '^' 2>/dev/null || echo 0)
for entry_num in $history_entries; do
history -d "$entry_num" 2>/dev/null || true
done
if [ "$history_count" -gt 0 ]; then
echo " ✓ Removed $history_count history command entries"
fi
# Write cleaned in-memory history back to file
history -w
echo " ✓ Cleaned history written to file"
# Also clean the history file directly (in case commands are from other sessions)
echo " → Cleaning history file for commands from other sessions..."
if [ -f ~/.bash_history ]; then
cp ~/.bash_history ~/.bash_history.bak.$$
grep -Ev "$GREP_PATTERN" ~/.bash_history.bak.$$ > ~/.bash_history 2>/dev/null || true
rm -f ~/.bash_history.bak.$$
echo " ✓ History file cleaned"
fi
echo " ✓ In-memory history reloaded from cleaned file"
echo ""
echo "NOTE: Other active terminal sessions may still have old history in memory."
echo " Run 'exec bash' or 'history -c && history -r' in those terminals,"
echo " or simply logout/login to start completely fresh."
fi
echo ""
echo "All traces removed. The trace eraser commands will also be"
echo "removed when you log out or start a new shell session."
echo ""
Reference in New Issue View Git Blame Copy Permalink