Linux Log Eraser is a bash script which erases almost all your logs from the log files on a Linux machine.
This can be useful for an attacker to wipe out the traces before logging out of the
compromised Linux machine.
1. Upload both, the linux_log_eraser.sh and log_files.sh on target server
2. Fire the linux_log_eraser script. Take care that you must be root (either UID=0 or EUID=0) to execute the script
3. Use parameter -i, and pass the IP address you are worried about in log files:
./linux_log_eraser -i 192.168.1.1
4. The above command will scan all the log files for that particular IP and will let you know all the log files having trace of that IP
5. Open up log_files.sh file. Cross check which log file, reported in step 4, is not in the list. Do add the log file/files
6. Running the step 3 command would also let you know the top 20 IP’s in the log files having most occurrences
7. Choose any suitable IP from the top 20 IP’s as a spoof IP…..and you are ready to proceed with other options of script