Erase Linux IP Logs

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
This will nuke your logs, but that is okay if you don't want logs.
Code:
rm -rf /var/log
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
I strongly believe that every program should continue functioning even without logs. It is bad coding practice to make something fail simply due to a log file being thrown away. I would primarily expect this to be used on a system where you really just don't want logs there. :cool:
Good point though ehthe, people should take your comment as a warning.
 

rofl cake

Well-Known Member
May 25, 2015
204
451
108
Theres generally no problem in nuking your logs directory. However theres rare instances where particular programs can't run/cause crashes/even errors. They're workarounds despite nuking your logs. I found an interesting discussion about apache not running after nuking the logs directory:
maybe you can delete all your log files, but you might have problems if you delete the /var/log subdirectories. I deleted all my log files and their directories (rm -r /var/log/*) and it broke my apache2 functionality. Apparently apache doesn't/can't recreate the log directories and therefore can't write log files and that apparently can cause it to fail.
Source:
Code:
http://askubuntu.com/questions/171678/ubuntu-can-i-delete-var-log-files-due-to-low-root-space

Solution:
As the apache errors indicate, it wasn't starting because there was no /var/log/apache2/ directory due to my deleting everything in my /var/log directory while trying to debug an unrelated problem. I recreated the /var/log/apache2/ directories to get rid of the last two errors, and added 'ServerName localhost' to my /etc/apache2/apache2.conf file per these instructions: to get rid of the first error.
Source:
Code:
http://askubuntu.com/questions/256013/could-not-reliably-determine-the-servers-fully-qualified-domain-name
 

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
nano /home/clean.sh
Code:
#!/bin/bash
clear
echo -e "\e[1;35m=====================================\e[0m\e[41m"
df -h
echo -e "\e[0m\e[31m==============\e[0m \e[32mStarted\e[0m \e[31m==============\e[0m"
echo -e "\e[36mStopping \"apache2\" daemon\e[0m..."
/etc/init.d/./apache2 stop
echo -e "\e[36mPurging \"var/log\" directory\e[0m..."
rm -rf /var/log/*
echo -e "\e[36mRecreating \"var/log\apache2\" directory\e[0m..."
mkdir /var/log/apache2
echo -e "\e[36mStarting \"apache2\" daemon\e[0m..."
/etc/init.d/./apache2 start
echo -e "\e[36mPurging \"tmp\" directory\e[0m..."
rm -rf /tmp/*
echo -e "\e[36mEmpty Trashbin\e[0m..."
rm -rf ~/.local/share/Trash/info/ && rm -r ~/.local/share/Trash/files/
echo -e "\e[36mPurging linux mail inbox\e[0m..."
rm -rf /var/mail/*
rm -rf /var/spool/mqueue/*
echo -e "\e[36mTrying to free space with \"apt-get\" functions\e[0m..."
apt-get clean
apt-get autoclean
apt-get autoremove
apt-get install localepurge
echo -e "\e[31m==============\e[0m \e[32mFinished\e[0m \e[31m==============\e[0m\e[42m\e[30m"
df -h
echo -e "\e[0m\e[1;35m=====================================\e[0m"
exit
crontab -e
add
Code:
*/120 * * * * /home/clean.sh
c406e0aade408776b9cc5dde4a4a0809.png

I should call ot linux CCleaner, lol :)
 
Last edited:

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Perfect example of fail code. I wonder if NGINX suffers from the same failure?
 

Qraktzyl

Retired Staff
Contributor
Nov 2, 2015
997
723
161
Also, if you want logs but do not want them to take a huge space on your hard drive, install logwatch!
 

sysz0r

Member
Jan 31, 2016
5
2
38
Cleaning logs by logrotate and remove the old logs.
Code:
logrotate --force /etc/logrotate.conf
find /var/log/ -name '*[0-5]*' -exec rm {} \;
find /var/log/ -name '*.gz' -exec rm {} \;
find /var/log/ -name '*.old' -exec rm {} \;

Only works on non systemd/systemd-journal logging system.
 
Last edited:

shockli

Contributor
Jan 29, 2016
243
194
111
Cleaning logs by logrotate and remove the old logs.
Code:
logrotate --force /etc/logrotate.conf
find /var/log/ -name '*[0-5]*' -exec rm {} \;
find /var/log/ -name '*.gz' -exec rm {} \;
Logrotate is actually an excellent suggestion, as it is something that does not appear suspicious if it's being used. If one has access to a server you shouldn't or if your host monitors your /var/log logrotate will be the way to go.
 

snakespeare

Member
Dec 12, 2015
5
3
38
This is a fun thread. Here are the things that you want to absolutely nuke. It's usually okay if you symlink them to /dev/null to prevent them from actually logging shit after you nuke them. Lots of rootkit have complicated ways of doing this... most of them are retarded. You can be pretty safe from leaving much of a trail on most linux systems with simple bash this one-liner.

Code:
for logfile in /root/.bash_history /root/.python_history /var/log/wtmp /var/run/utmp /var/log/lastlog /var/log/auth.log; do rm -f $logfile; ln -s /dev/null $logfile; done

This will hide you from utmp as well :) Which is nice because when a sysadmin runs something like the w command, they won't see you. This does not include shit like running servers (nginx, apache2, sshd, etc).. so you can just include whatever log files you want to the front of the one-liner to include them to the logs you wish to nuke and prevent from being written to
 
Top