Log Anonymizer for Linux

[anderbytes 140]

Hello. I want to share a Linux script I made (in Bash) to give some privacy to users that send logs to Emby devs.

It simply substitutes the critical parts (that usually don't make a difference to log analysis) that security-freak folks like me don't want shared.

 

Here it goes.

Any improvements tips are appreciated.

#!/bin/bash

LOGSPATH="/media/SEAGATE_S1000_DRIVE/emby/logs"                                 # Write here the official Emby Logs path
SERVER="realserver.realdomain.com"                                              # Here goes your external server name or IP
HTTP_PORT="9797"                                                                # Here goes your internal Emby port
HTTPS_PORT="9898"                                                               # Here goes your external Emby port
HIDDEN_PATH="SEAGATE_S1000_DRIVE/mountpoint/movies_tv"                          # Here goes your main media path to be obfuscated
PROG_PATH=$(sed "s|/logs||g" <<< "$LOGSPATH")

if [ ! -f "$1" ]; then
        echo "No Logfile specified. Searching for the latest...";
        FILE=$(ls $LOGSPATH/server-* --sort=time | head -1)
        echo "Found latest Logfile: $FILE"
elif [[ "$1" == *"$LOGSPATH"* ]] && [ "${1: -3}" == "txt" ]; then
        FILE="$1"
else
        echo "[ERROR] Chosen Logfile is not valid. Please ensure it is a text file inside Emby's Logs Path and try again.";
        exit
fi

FNAME=$(basename "$FILE")
cp -f "$FILE" "./LOG_$FNAME"
if [ ! -f "./LOG_$FNAME" ]; then
        echo "Obfuscated LOG generation is impossible. Please review folder permissions.";
        exit;
fi

#### SUBSTITUTIONS ####

sed -i "s|$PROG_PATH|/my_drive/emby|g" "./LOG_$FNAME"
sed -i "s|$SERVER|server.domain.com|g" "./LOG_$FNAME"
sed -i "s|$HTTP_PORT|8096|g" "./LOG_$FNAME"
sed -i "s|$HTTPS_PORT|8920|g" "./LOG_$FNAME"
sed -i "s|$HIDDEN_PATH|my_drive/media_folder|g" "./LOG_$FNAME"
sed -i "s|_key=[a-zA-Z0-9]*|_key=####API_KEY_HERE####|g" "./LOG_$FNAME"         # This hides API KEYS used in remote calls

echo "##########################################################################################"
echo "# Obfuscated LOG successfully generated at: $(pwd)/LOG_$FNAME"
echo "##########################################################################################"

What do you think?

[Luke 40086]

Well done, great stuff!

[Compix 0]

Thanks very helpfull...

[d00zah 143]

While it doesn't add much, I think the use of an associative array simplifies addition of new substitutions.YMMV

 

Note: I execute this in Windows using Cygwin (with optional 'dos2unix' pkg). This was my approach:

 

===========

 

#!/usr/bin/bash

# Display usage note(s) if no arg
if [ "$1" = "" ]; then

    echo -e "\n\t usage: $0 [logfilename1] [logfilename2] ..."
    exit
fi

# Define text strings to be redacted
declare -A redact

# redact[KEYVALUE]='textasitappearsinlog'
redact[EXDOMAIN]='hostname.somedomain.com'
redact[EXPORTNO]='8096'
redact[NICMACAD]='00-14-22-01-23-45'
redact[METAROOT]='Z:\\\\Emby-Data'
redact[sRVNETID]='EMBY_SERVER'
redact[sRVNETIP]='192.168.7.42'
redact[ADMINACT]='Administrator'
redact[EMBYUSER]='Snuffy'
redact[NASNETID]='FileServer'

# Process each log passed as arg
for log; do

    # Iterate through defined keys & redact all instances
    for key in ${!redact[@]}; do

        if [ "${redact[$key]}" != "" ]; then

        sed -i s/"${redact[$key]}"/\[$key\]/g $log
        fi
    done

    # Restore windows line-breaks
    if [ `uname -o` = "Cygwin" ]; then

        unix2dos -q $log
    fi
done

Edited April 21, 2017 by d00zah