linux日志清除脚本（擦屁股必备）

 使用方法：

$0 options

 

options有：

-h 帮助

-i [ip]       查找在全部的日志文件特别IP_ADDRESS和搜索排名前20位的IP在日志文件中记录。

-d [ip]      从日志文件中删除IP

-s [虚假IP]       骗ip，当不能删除的时候

-u [用户名]      删除用户记录

-w [shell的web路径]   清除shell大小马的访问日志

-f                                       （不建议使用，fuck的意思，清空全部日志）

-e “文件扩展名”            查找其余后门

-r [路径]                           从哪开始查找，控制范围的

 

—————————————————————————

Ex: $0 -h
* To show this help message

Ex: $0 -i 192.168.1.7
* To search 192.168.1.7 in all logs files. Basically finding which logs files have trace of it, and
* In addition to that, search all log files (/var/log/*) and show Top 20 most logged IP’s in log files.
* They could be good choices for spoofing

Ex: $0 -d 192.168.1.7 -s 10.1.1.7 -u “cracker”
* To delete lines containing 192.168.1.7 and|or user_name “cracker” from ASCII files, and
* To spoof 192.168.1.7 in non-ASCII files by 10.1.1.7 and user_name “cracker” by “root”

Ex: $0 -d 192.168.1.7 -s 10.1.1.7 -u “cracker” -w “/var/www/xyz.com/uploads/c99.php”
* To delete lines containing 192.168.1.7 and|or user_name “cracker” and|or web_shell_path from ASCII files, and
* To spoof 192.168.1.7 in non-ASCII files by 10.1.1.7 and user_name “cracker” by “root”

Ex: $0 -f
* To erase all log files listed in log_files.sh completely (not recommended)

Ex: $0 -e “php txt asp” -r /var/www
* To search for probable web backdoors planted on system. Once found, it is recommended to verify the result
* The current example searches for files having extensions php or txt or asp in /var/www and subdirectories
* Extensions and web_root_directory are customizable

http://www.3hack.com/498.html

 

http://www.3hack.com/wp-content/uploads/2011/06/Linux-Log-Eraser-1.0.zip