cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e441649846ba224dc668119ce014084a65ef73bc
Linux-Server-Management-Too…/tools/erase-toolkit-traces.sh
T
cschantz e441649846 Make user history cleaning optional in trace eraser 
User bash history cleaning is now optional with a prompt, since most users only work as root.

Changes:
• Added user count detection
• Prompts: "Clean user bash histories too? (y/n) [n]"
• Default is "no" (skip user histories)
• If no users exist, automatically skips
• Only cleans root history by default (faster, covers 99% of use cases)

This makes the script faster and more sensible for typical usage where only root is used to run the toolkit.
2025-11-10 22:20:11 -05:00

205 lines
6.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
################################################################################
# Toolkit Trace Eraser
################################################################################
# Purpose: Remove all traces of toolkit usage from system
# Use Case: Privacy - ensure no record of toolkit installation/usage
################################################################################
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh" 2>/dev/null || true
print_banner "Toolkit Trace Eraser"
echo ""
echo "This will remove all traces of the Server Toolkit from:"
echo " • Bash history (all toolkit-related commands)"
echo " • System logs (toolkit operations)"
echo " • Download records"
echo " • Temporary files"
echo ""
echo -e "${RED}WARNING: This cannot be undone!${NC}"
echo ""
read -p "Are you sure you want to proceed? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Cancelled."
exit 0
fi
echo ""
echo "Removing traces..."
echo ""
# Patterns to remove from history
PATTERNS=(
"server-toolkit"
"Linux-Server-Management-Toolkit"
"git.mull.lol.*toolkit"
"launcher.sh"
"bot-analyzer"
"cphulk"
"live-attack-monitor"
"system-health-check"
"/root/server-toolkit"
"toolkit.tar.gz"
"curl.*mull.lol"
"wget.*mull.lol"
"git clone.*mull.lol"
"erase-toolkit-traces"
)
# Clean bash history for root
if [ -f ~/.bash_history ]; then
echo "→ Cleaning root bash history..."
cp ~/.bash_history ~/.bash_history.bak
# Remove last 50 lines from history file (covers toolkit download/usage)
total_lines=$(wc -l < ~/.bash_history)
if [ "$total_lines" -gt 50 ]; then
lines_to_keep=$((total_lines - 50))
head -n "$lines_to_keep" ~/.bash_history > ~/.bash_history.tmp
mv ~/.bash_history.tmp ~/.bash_history
echo " ✓ Root history cleaned (removed last 50 entries)"
else
# If less than 50 lines, clear entire history
> ~/.bash_history
echo " ✓ Root history cleared (file had < 50 entries)"
fi
# Clear in-memory history as well
history -c
history -w
fi
# Clean bash history for all users (optional - skip if only root is used)
echo "→ Checking user histories..."
user_count=0
for user_home in /home/*; do
[ -d "$user_home" ] && user_count=$((user_count + 1))
done
if [ "$user_count" -eq 0 ]; then
echo " ✓ No user accounts found (skipped)"
else
echo " Found $user_count user account(s)"
echo ""
read -p " Clean user bash histories too? (y/n) [n]: " clean_users
if [ "$clean_users" = "y" ] || [ "$clean_users" = "Y" ]; then
for user_home in /home/*; do
if [ -f "$user_home/.bash_history" ]; then
username=$(basename "$user_home")
echo " → Cleaning history for $username..."
# Remove last 50 lines from user history
total_lines=$(wc -l < "$user_home/.bash_history")
if [ "$total_lines" -gt 50 ]; then
lines_to_keep=$((total_lines - 50))
head -n "$lines_to_keep" "$user_home/.bash_history" > "$user_home/.bash_history.tmp"
mv "$user_home/.bash_history.tmp" "$user_home/.bash_history"
chown "$username:$username" "$user_home/.bash_history" 2>/dev/null
echo " ✓ Cleaned (removed last 50 entries)"
else
> "$user_home/.bash_history"
chown "$username:$username" "$user_home/.bash_history" 2>/dev/null
echo " ✓ Cleared (file had < 50 entries)"
fi
fi
done
else
echo " ✓ Skipped user histories (only root cleaned)"
fi
fi
echo ""
# Clean system logs (pattern-based for logs, not history)
echo "→ Cleaning system logs..."
if [ -f /var/log/messages ]; then
for pattern in "${PATTERNS[@]}"; do
# Use grep -v instead of sed to avoid regex issues
grep -v "$pattern" /var/log/messages > /var/log/messages.tmp 2>/dev/null && mv /var/log/messages.tmp /var/log/messages || true
done
fi
if [ -f /var/log/secure ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" /var/log/secure > /var/log/secure.tmp 2>/dev/null && mv /var/log/secure.tmp /var/log/secure || true
done
fi
echo " ✓ System logs cleaned"
# Clean auth logs
echo "→ Cleaning auth logs..."
for log in /var/log/auth.log* /var/log/secure*; do
if [ -f "$log" ] && [ ! -L "$log" ]; then
for pattern in "${PATTERNS[@]}"; do
grep -v "$pattern" "$log" > "${log}.tmp" 2>/dev/null && mv "${log}.tmp" "$log" || true
done
fi
done
echo " ✓ Auth logs cleaned"
# Remove toolkit download artifacts
echo "→ Removing download artifacts..."
rm -f /root/toolkit.tar.gz 2>/dev/null
rm -f /root/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
rm -f /tmp/toolkit*.tar.gz 2>/dev/null
rm -f /tmp/Linux-Server-Management-Toolkit*.tar.gz 2>/dev/null
echo " ✓ Download artifacts removed"
# Remove toolkit temp files
echo "→ Removing temporary files..."
rm -rf /tmp/live-monitor-* 2>/dev/null
rm -rf /tmp/server-toolkit-* 2>/dev/null
echo " ✓ Temp files removed"
# Clean last log and audit trails
echo "→ Cleaning lastlog and wtmp..."
# Note: We don't modify lastlog/wtmp as it might break system auditing
echo " ✓ Skipped (would break system auditing)"
# Remove toolkit logs
echo "→ Removing toolkit logs..."
rm -f "$SCRIPT_DIR/logs/"*.log 2>/dev/null
rm -f "$SCRIPT_DIR/"*_report_*.txt 2>/dev/null
echo " ✓ Toolkit logs removed"
# Clean reference database
echo "→ Removing reference database..."
rm -f "$SCRIPT_DIR/.sysref" 2>/dev/null
rm -f "$SCRIPT_DIR/.sysref.timestamp" 2>/dev/null
echo " ✓ Reference database removed"
# Offer to remove the entire toolkit
echo ""
echo -e "${YELLOW}Final step: Remove toolkit directory?${NC}"
echo "This will delete: $SCRIPT_DIR"
echo ""
read -p "Remove entire toolkit directory? (yes/no): " remove_dir
if [ "$remove_dir" = "yes" ]; then
echo ""
echo "Removing toolkit directory..."
cd /root
rm -rf "$SCRIPT_DIR"
echo ""
echo -e "${GREEN}✓ Toolkit completely removed${NC}"
echo ""
echo "All traces have been erased."
exit 0
else
echo ""
echo -e "${GREEN}✓ History and logs cleaned${NC}"
echo ""
echo "Toolkit directory remains at: $SCRIPT_DIR"
echo "You can manually remove it later with: rm -rf $SCRIPT_DIR"
fi
echo ""
echo "Note: Active shell sessions may still have history in memory."
echo "Consider logging out and back in for complete cleanup."
echo ""
Reference in New Issue View Git Blame Copy Permalink