Author Topic: [Bash] Log wiping script  (Read 2260 times)

0 Members and 1 Guest are viewing this topic.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
[Bash] Log wiping script
« on: June 05, 2013, 02:15:02 am »
I wrote this little bash script awhile ago to wipe my logs on shutdown. However, there are a few log files in /var/log that I would rather not wipe clean.

Code: (bash) [Select]
#!/bin/sh

## Erase contents of all files in /var/log
find /var/log -type f -exec sh -c '> "{}"' \;

## Erase contents of bash history and shutdown
cat /dev/null > .bash_history
shutdown -h now

I don't really code in bash so I thought I would just ask. Can anyone think of a good way to achieve what I want with this but be able to avoid wiping select files?
« Last Edit: June 21, 2013, 10:23:22 pm by RedBullAddicted »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
Re: [Bash] Log wiping script
« Reply #1 on: June 05, 2013, 03:34:39 am »
It's not considered good practice to completely erase everything in /var/log to the best of my knowledge. Some programs may rely (I know MySQL does) on the logs and configs/cache stored there to work properly, or you'll get a stream of errors.

Rather it's recommended you use the logrotate tool and write directives on exactly what to do in the /etc/logrotate.conf file.

As for the Bash history, that's a nice approach. I have one myself set as a daily cron job.
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: [Bash] Log wiping script
« Reply #2 on: June 05, 2013, 06:34:21 am »
I agree that removing log files isn't such a good idea. At least on startup. If your going to do it, do it with system shutdown and have the option to not remove it.

Saying that because the log files, especially with a kernel update or other things that may mess up the video card or something vital, will give a hint with something that may have gone wrong. If you could see the log files with a system boot and other things loading you can spot what might needed to be rolled-back.

Like  mentioned above, at the least do it at system shutdown and have an option to not delete anything.
>>>import this
-----------------------------

Offline frog

  • Knight
  • **
  • Posts: 232
  • Cookies: 16
    • View Profile
Re: [Bash] Log wiping script
« Reply #3 on: June 05, 2013, 06:37:16 am »
To answer your question lucid, bash does have all sorts of cool conditional functions. File test operators -> http://tldp.org/LDP/abs/html/fto.html

Code: (bash) [Select]
if [ -e /var/log/auth.log ]; then
  cat /dev/null > /var/log/auth.log
fi

Edit: Since we're on the topic of bash, I thought I would drop a couple gems.

$! = last pid launched - good for killing programs launched in the background(&)
Code: (bash) [Select]
tor & # launch it
kill $! # kill it

$? - status of last command. 
Code: (bash) [Select]
ifconfig eth0 hw ether IN:VA:LI:DM:AC:AD # this command WILL fail
 
if [ $? -gt 0 ]; then # if it fails, spit out a msg
  echo "MAC change failed."
fi

$$ - pid of the script currently running
$# - number of arguments passed to the script

Also, redirect operators are nice. Look into those for sure. Use them with stdin, stdout, stderr, and /dev/null to control where your data goes.
« Last Edit: June 05, 2013, 07:07:27 am by frog »

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [Bash] Log wiping script
« Reply #4 on: June 05, 2013, 07:58:12 pm »
@techb - I do have it happen on shutdown. It only wipes files when I run the 'shutdown' command.

Thanks frog and vezzy for the ideas I'm sure I'll put them to good use.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline str0be

  • Serf
  • *
  • Posts: 42
  • Cookies: 8
  • <!-- hi
    • View Profile
Re: [Bash] Log wiping script
« Reply #5 on: June 10, 2013, 04:32:53 pm »

You could do something like this where "~/.ignore" contains a set of newline separated patterns to filter out.


logempty.sh
Code: (bash) [Select]
#!/bin/sh


IGNORE=~/.ignore
START=/var/log/


empty () {
    OLDIFS="$IFS"
    IFS='
'
    for F in $@; do
        echo "EMPTY: $F"
        # uncomment when happy with .ignore patterns
        #cat /dev/null > "$F"
    done
    IFS="$OLDIFS"
}


empty "$(find "$START" -type f | grep -v -f "$IGNORE")"


.ignore
Code: [Select]
/cups/
/upstart/
.*\.gz$


Anything more complicated and you'd be reinventing logrotate, etc. Another option is to modify the file attributes of each of the logs you want skipped.


Code: [Select]
chattr +a /var/log/logfile.log


That would make the file usable only in append mode. Not even root would be able to mv/rm it nor modify what's already in it. Your original script would just pass by these files with an error. This could mess up programs that expect to do more than just append to their logs though.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: [Bash] Log wiping script
« Reply #6 on: June 10, 2013, 08:28:29 pm »
I dont know if stealth is an issue, probably not on your own machine.
Just in case it might in some particular situation it might be an idea to first back up the log file and overwrite that before leaving.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline zoup

  • Serf
  • *
  • Posts: 29
  • Cookies: 3
  • I don't understand anything here !
    • View Profile
Re: [Bash] Log wiping script
« Reply #7 on: June 11, 2013, 12:07:14 am »
I have something similar for my box. It's some hammer and amboss method but it works.

Code: [Select]
~/.bashrc
shred /home/iamtotallystupidbutilikeit/.bash_history ; rm /home/iamtotallystupidbutilikeit/.bash_history

# ignore sudo commands
HISTIGNORE=sudo*:*0-link*

Offline Naer

  • /dev/null
  • *
  • Posts: 10
  • Cookies: 0
    • View Profile
Re: [Bash] Log wiping script
« Reply #8 on: July 14, 2013, 10:47:13 am »
Why don't you use ramfs? So you don't even need to worry about recovery things.