Erase Linux IP Logs

[Asphyxia]

This will nuke your logs, but that is okay if you don't want logs.

rm -rf /var/log

 

[ehthe]

There are certain software that are not gonna be happy when you delete their log while they are running x)

 

[Asphyxia]

I strongly believe that every program should continue functioning even without logs. It is bad coding practice to make something fail simply due to a log file being thrown away. I would primarily expect this to be used on a system where you really just don't want logs there.
Good point though ehthe, people should take your comment as a warning.

 

[rofl cake]

Theres generally no problem in nuking your logs directory. However theres rare instances where particular programs can't run/cause crashes/even errors. They're workarounds despite nuking your logs. I found an interesting discussion about apache not running after nuking the logs directory:

maybe you can delete all your log files, but you might have problems if you delete the /var/log subdirectories. I deleted all my log files and their directories (rm -r /var/log/*) and it broke my apache2 functionality. Apparently apache doesn't/can't recreate the log directories and therefore can't write log files and that apparently can cause it to fail.

Source:

http://askubuntu.com/questions/171678/ubuntu-can-i-delete-var-log-files-due-to-low-root-space

Solution:

As the apache errors indicate, it wasn't starting because there was no /var/log/apache2/ directory due to my deleting everything in my /var/log directory while trying to debug an unrelated problem. I recreated the /var/log/apache2/ directories to get rid of the last two errors, and added 'ServerName localhost' to my /etc/apache2/apache2.conf file per these instructions: to get rid of the first error.

Source:

http://askubuntu.com/questions/256013/could-not-reliably-determine-the-servers-fully-qualified-domain-name

 

[Bluscream]

nano /home/clean.sh

#!/bin/bash
clear
echo -e "\e[1;35m=====================================\e[0m\e[41m"
df -h
echo -e "\e[0m\e[31m==============\e[0m \e[32mStarted\e[0m \e[31m==============\e[0m"
echo -e "\e[36mStopping \"apache2\" daemon\e[0m..."
/etc/init.d/./apache2 stop
echo -e "\e[36mPurging \"var/log\" directory\e[0m..."
rm -rf /var/log/*
echo -e "\e[36mRecreating \"var/log\apache2\" directory\e[0m..."
mkdir /var/log/apache2
echo -e "\e[36mStarting \"apache2\" daemon\e[0m..."
/etc/init.d/./apache2 start
echo -e "\e[36mPurging \"tmp\" directory\e[0m..."
rm -rf /tmp/*
echo -e "\e[36mEmpty Trashbin\e[0m..."
rm -rf ~/.local/share/Trash/info/ && rm -r ~/.local/share/Trash/files/
echo -e "\e[36mPurging linux mail inbox\e[0m..."
rm -rf /var/mail/*
rm -rf /var/spool/mqueue/*
echo -e "\e[36mTrying to free space with \"apt-get\" functions\e[0m..."
apt-get clean
apt-get autoclean
apt-get autoremove
apt-get install localepurge
echo -e "\e[31m==============\e[0m \e[32mFinished\e[0m \e[31m==============\e[0m\e[42m\e[30m"
df -h
echo -e "\e[0m\e[1;35m=====================================\e[0m"
exit

crontab -e

add

*/120 * * * * /home/clean.sh

Spoiler: Example Output

I should call ot linux CCleaner, lol

 

[Asphyxia]

Perfect example of fail code. I wonder if NGINX suffers from the same failure?

 

[TexxhornTV]

File size limit exceeded 0%
Stupid Script!

 

[Bluscream]

File size limit exceeded 0%
Stupid Script!

User Error.

 

[TexxhornTV]

Your Script decrase maximum file limit And u say Usererror haha ;SD

 

[Bluscream]

Your Script decrase maximum file limit And u say Usererror haha ;SD

My script does not decreases anything exept used disk space.

 

[bl4uni]

Does this affect a running teamspeak3 Server?

 

[shockli]

Does this affect a running teamspeak3 Server?

No. Unless you store your ts3 server inside /var/ which I hope you don't.

 

[Qraktzyl]

Also, if you want logs but do not want them to take a huge space on your hard drive, install logwatch!

 

[sysz0r]

Cleaning logs by logrotate and remove the old logs.

logrotate --force /etc/logrotate.conf
find /var/log/ -name '*[0-5]*' -exec rm {} \;
find /var/log/ -name '*.gz' -exec rm {} \;
find /var/log/ -name '*.old' -exec rm {} \;

Only works on non systemd/systemd-journal logging system.

 

[shockli]

Cleaning logs by logrotate and remove the old logs.

logrotate --force /etc/logrotate.conf
find /var/log/ -name '*[0-5]*' -exec rm {} \;
find /var/log/ -name '*.gz' -exec rm {} \;

Logrotate is actually an excellent suggestion, as it is something that does not appear suspicious if it's being used. If one has access to a server you shouldn't or if your host monitors your /var/log logrotate will be the way to go.

 

[snakespeare]

This is a fun thread. Here are the things that you want to absolutely nuke. It's usually okay if you symlink them to /dev/null to prevent them from actually logging shit after you nuke them. Lots of rootkit have complicated ways of doing this... most of them are retarded. You can be pretty safe from leaving much of a trail on most linux systems with simple bash this one-liner.

for logfile in /root/.bash_history /root/.python_history /var/log/wtmp /var/run/utmp /var/log/lastlog /var/log/auth.log; do rm -f $logfile; ln -s /dev/null $logfile; done

This will hide you from utmp as well Which is nice because when a sysadmin runs something like the w command, they won't see you. This does not include shit like running servers (nginx, apache2, sshd, etc).. so you can just include whatever log files you want to the front of the one-liner to include them to the logs you wish to nuke and prevent from being written to