linux日誌清除腳本（擦屁股必備）

 使用方法：

$0 options

 

options有：

-h 幫助

-i [ip]       查找在全部的日誌文件特別IP_ADDRESS和搜索排名前20位的IP在日誌文件中記錄。

-d [ip]      從日誌文件中刪除IP

-s [虛假IP]       騙ip，當不能刪除的時候

-u [用戶名]      刪除用戶記錄

-w [shell的web路徑]   清除shell大小馬的訪問日誌

-f                                       （不建議使用，fuck的意思，清空全部日誌）

-e 「文件擴展名」            查找其餘後門

-r [路徑]                           從哪開始查找，控制範圍的

 

—————————————————————————

Ex: $0 -h
* To show this help message

Ex: $0 -i 192.168.1.7
* To search 192.168.1.7 in all logs files. Basically finding which logs files have trace of it, and
* In addition to that, search all log files (/var/log/*) and show Top 20 most logged IP’s in log files.
* They could be good choices for spoofing

Ex: $0 -d 192.168.1.7 -s 10.1.1.7 -u 「cracker」
* To delete lines containing 192.168.1.7 and|or user_name 「cracker」 from ASCII files, and
* To spoof 192.168.1.7 in non-ASCII files by 10.1.1.7 and user_name 「cracker」 by 「root」

Ex: $0 -d 192.168.1.7 -s 10.1.1.7 -u 「cracker」 -w 「/var/www/xyz.com/uploads/c99.php」
* To delete lines containing 192.168.1.7 and|or user_name 「cracker」 and|or web_shell_path from ASCII files, and
* To spoof 192.168.1.7 in non-ASCII files by 10.1.1.7 and user_name 「cracker」 by 「root」

Ex: $0 -f
* To erase all log files listed in log_files.sh completely (not recommended)

Ex: $0 -e 「php txt asp」 -r /var/www
* To search for probable web backdoors planted on system. Once found, it is recommended to verify the result
* The current example searches for files having extensions php or txt or asp in /var/www and subdirectories
* Extensions and web_root_directory are customizable

http://www.3hack.com/498.html

 

http://www.3hack.com/wp-content/uploads/2011/06/Linux-Log-Eraser-1.0.zip