b0nd
06-20-2011, 02:33 PM
Dear Friends,
Here comes v1.0 of it and shall be the final at the moment. I've included almost all of the features I planned for this project, so shall not be releasing further versions in near future.
http://img1.imagehousing.com/38/8d7e69498b751ce86fd75119a8ffbdc5.png
Features:
1. The script is capable of searching for IP provided by user in all log files. Accordingly, user can instruct the script to remove the traces of that IP. The script does check zipped log files as well (.gz) but doesn't have feature yet to remove the traces from zipped files.
http://img1.imagehousing.com/14/643f93880d62c21bca5ec66e0fb6ee12.png
2. The script is capable of scanning all log files and present the user with top 20 IP's in log files with most occurrences. Any suitable one from this list shall be a good option for spoofing users original IP
http://img1.imagehousing.com/64/987eed47505e05f7672038c15c3efb97.png
3. The script is capable of removing almost all traces of user's IP address, and the user-name from all log files. Where ever deletion of entries is not possible, spoofing of IP and user-name takes over
4. The script is capable of removing the entries of users web-backdoor shell from log files
5. The script is capable of finding probable back doors planted by other attackers on the same Linux server
http://img1.imagehousing.com/28/a9e578b3c954ae17bcda3bb25e71e69c.png
6. The script maintains the time stamping of log files
7. At the end, the script recommends essentials steps to avoid commands getting logged into linux history
Remove the .txt extension from "linux_log_eraser-v1.0.sh.txt" and "log_files.sh.txt" files before using.
And uncomment the needed log files in log_files.sh file
Thanks to everyone for their support and the special one to Hackuin for taking the pain to go through the earlier versions of script and provide good/necessary feedback's
Here comes v1.0 of it and shall be the final at the moment. I've included almost all of the features I planned for this project, so shall not be releasing further versions in near future.
http://img1.imagehousing.com/38/8d7e69498b751ce86fd75119a8ffbdc5.png
Features:
1. The script is capable of searching for IP provided by user in all log files. Accordingly, user can instruct the script to remove the traces of that IP. The script does check zipped log files as well (.gz) but doesn't have feature yet to remove the traces from zipped files.
http://img1.imagehousing.com/14/643f93880d62c21bca5ec66e0fb6ee12.png
2. The script is capable of scanning all log files and present the user with top 20 IP's in log files with most occurrences. Any suitable one from this list shall be a good option for spoofing users original IP
http://img1.imagehousing.com/64/987eed47505e05f7672038c15c3efb97.png
3. The script is capable of removing almost all traces of user's IP address, and the user-name from all log files. Where ever deletion of entries is not possible, spoofing of IP and user-name takes over
4. The script is capable of removing the entries of users web-backdoor shell from log files
5. The script is capable of finding probable back doors planted by other attackers on the same Linux server
http://img1.imagehousing.com/28/a9e578b3c954ae17bcda3bb25e71e69c.png
6. The script maintains the time stamping of log files
7. At the end, the script recommends essentials steps to avoid commands getting logged into linux history
Remove the .txt extension from "linux_log_eraser-v1.0.sh.txt" and "log_files.sh.txt" files before using.
And uncomment the needed log files in log_files.sh file
Thanks to everyone for their support and the special one to Hackuin for taking the pain to go through the earlier versions of script and provide good/necessary feedback's