Coder Social home page Coder Social logo

hidemyass's Introduction

hidemyass

'##::::'##:'####:'########::'########:'##::::'##:'##:::'##::::'###:::::'######:::'######::
 ##:::: ##:. ##:: ##.... ##: ##.....:: ###::'###:. ##:'##::::'## ##:::'##... ##:'##... ##:
 ##:::: ##:: ##:: ##:::: ##: ##::::::: ####'####::. ####::::'##:. ##:: ##:::..:: ##:::..::
 #########:: ##:: ##:::: ##: ######::: ## ### ##:::. ##::::'##:::. ##:. ######::. ######::
 ##.... ##:: ##:: ##:::: ##: ##...:::: ##. #: ##:::: ##:::: #########::..... ##::..... ##:
 ##:::: ##:: ##:: ##:::: ##: ##::::::: ##:.:: ##:::: ##:::: ##.... ##:'##::: ##:'##::: ##:
 ##:::: ##:'####: ########:: ########: ##:::: ##:::: ##:::: ##:::: ##:. ######::. ######::
..:::::..::....::........:::........::..:::::..:::::..:::::..:::::..:::......::::......:::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
轻轻地我走了     正如给我轻轻地来                  
        我轻轻地挥手     作别西边的云彩            
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

hidemyass is a tool for wiping access log when you really wanna hide yourself from admin. We're modifying those systemlogs very carefully by removing one single log record instead of the whole log file. Also, the file permission, owner/group and ctime/atime are kept as the old file.

Usage

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
轻轻地我走了     正如给我轻轻地来                  
        我轻轻地挥手     作别西边的云彩            
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Usage: ./hidemyass [ENTRIES] [FILTERS] ACTIONS        
ENTRIES:                                
  -u, --utmp=utmp_file                
      specify the path to utmp file, which is /var/run/utmp by default 
      utmp file is read by 'who','w' and other commands 
  -w, --wtmp=wtmp_file                
      specify the path to wtmp file, which is /var/log/wtmp by default 
      wtmp is read by 'last' and other commands
  -b, --btmp=btmp_file                
      specify the path to btmp file, which is /var/log/btmp by default 
      btmp is read by 'lastb' and other commands
      for some systems the bad login attempts are written to 
      /var/log/auth.log or /var/log/secure instead of btmp
  -l, --lastlog=lastlog_file          
      specify the path to lastlog file, which is /var/log/lastlog by default 
      lastlog is read by 'lastlog' and other commands
      note the only valid FILTERS for lastlog is username(-n)
FILTERS:                                
  -n, --name=username                   
      filter log record by username 
  -a, --address=host                    
      filter log record by host ip address  
  -t, --time=time                       
      filter log record by time (YYYY:MM:DD:HH:MM:SS) 
ACTIONS: 
  -p, --print                           
      print records for specified ENTRIES 
  -c, --confirm                           
      confirm the action(s) that clear or tamper records for specified ENTRIES with FILTERS
      usually you need permission doing this 
  -h, --help                            
      show this message and exit

Examples

print utmp records:

./hidemyass -u -p

print utmp records in another path

./hidemyass --utmp=/var/adm/utmpx -p

print all records

./hidemyass -uwbl -p

modify lastlog record for user root to time 2017/04/01 13:26:00

[sudo] ./hidemyass -l -n root -t 2017:04:01:13:26:00 -c

clean all tmpx records that from ip 220.181.57.217:

[sudo] ./hidemyass -uwb -a 220.181.57.217 -c

TODO

some other logs to clean

  • /var/log/auth.log
  • /var/log/secure
  • /var/log/faillog
  • /var/log/maillog

Since you could modify system log, that usually means you have already got privilege escalation. As a result, you may want to clear other logs too, such as /var/log/kern.log, /var/log/syslog, /var/log/dmesg, /var/log/messages and some application crash logs.

For all log locations, please check about your rsyslogd's config (usually in /etc/rsyslog.conf).

hidemyass's People

Contributors

evilpan avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.