Description
Linux Log Cleaner
This tool is used to remove log traces.
/var/log/btmp, /var/run/utmp, /var/log/wtmp, /var/log/lastlog.
CookBook
utmp
clear /var/run/utmp to hide your login info in command: w:
then we want to hide the user: macr0phag3:
result:
wtmp
clear /var/log/wtmp to hide your info in command: last.
just like utmp
btmp
clear /var/log/btmp to hide your info in command: lastb.
just like utmp
lastlog
tamper/clear the records in /var/log/lastlog.
you can use command: lastlog to check it out:
or just clear the record:
others
usage: LLC.py [-h] -l {0,1,2,3} [-u USERNAME] [-i IP] [-t TTYNAME] [-f FILENAME]
[-d] [-m] [-mtime MTIME] [-mstime MSTIME] [-mtty MTTY]
[-mip MIP]
optional arguments:
-h, --help 显示帮助信息
-l {0,1,2,3}, --log {0,1,2,3}
指定修改的日志文件。 0:btmp; [1:utmp]; 2:wtmp; 3:lastlog
-u USERNAME, --username USERNAME
根据用户名匹配记录
-i IP, --ip IP 根据 ip 匹配记录
-t TTYNAME, --ttyname TTYNAME
根据 tty 匹配记录
-f FILENAME, --filename FILENAME
如果日志文件不在正常的位置或者不是正常的名字,需要给出具体的路径(包括文件名)
-d, --debug 调试模式会输出一些详细的东西。
-m, --mode 默认为清空操作,加了此参数为修改操作(仅用于 lastlog)
-mtime MTIME **仅在操作 lastlog 时使用** 指定修改后的时间。时间格式为:"1997-01-01 08:00:00"
-mstime MSTIME **仅在操作 lastlog 时使用** 指定修改后的。时间格式为:时间戳
-mtty MTTY **仅在操作 lastlog 时使用** 指定修改后的 tty:pts/1
-mip MIP **仅在操作 lastlog 时使用** 指定修改后的 ip:192.168.1.1
just run python LLC.py -h
:P
Version
The latest version: 2018.10.30 10:41:03
Dependencies
-
Py 2 or 3
-
ROOT :P
TODO
-
help list. 2018.10.29 14:03 - fix the bug of lastlog. 2018.10.29 21:03
-
Printfunc. 2018.10.29 22:03 - colored. 2018.10.29 22:10 PM
- compatible with py3.x. 2018.10.30 10:38:36
- verbose level 2. 2018.10.31 14:47:59
- replace "" with [empty]. 2018.10.31 14:53:57
- add func: tamper lastlog time. 2018.10.31 20:16:25
- add verbos level 0. 2018.10.31 20:30:23
- README pics. 2018.10.31 22:03:49
- LOGO. 2018.10.31 22:25:00
- add logfile:
/var/log/btmp. 2018.11.2 13:45:04 - show record's time in log [0, 1, 2]. 2018.11.2 13:46:58