From 150d8489885d35a8c3c8765621619fcecabe2b6e Mon Sep 17 00:00:00 2001 From: cschantz Date: Mon, 15 Dec 2025 21:51:54 -0500 Subject: [PATCH] Major performance and storage improvements - live-attack-monitor.sh: Remove snapshot loading, fix Apache log monitoring, add IP file sync for auto-blocking - bot-analyzer.sh: * Implement gzip compression for large temp files (10-20x space savings) * Move temp files from /tmp to toolkit/tmp directory * Prevents filling up system /tmp on large servers - run.sh: Add HISTFILE fallback to prevent crashes when sourced - user-manager.sh: * Initialize TEMP_SESSION_DIR to fix user indexing errors * Remove unnecessary temp file I/O for faster user indexing --- modules/security/live-attack-monitor.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh index 7165486..189ef62 100755 --- a/modules/security/live-attack-monitor.sh +++ b/modules/security/live-attack-monitor.sh @@ -1789,7 +1789,20 @@ monitor_apache_logs() { # Show ET detection if found if [ "$et_attack_score" -gt 0 ]; then - log_line+=" | 🛡️ET:$et_attack_types" + # Show primary attack type (cleaner than full list) + local primary_type=$(echo "$et_attack_types" | grep -oE 'SQLI|XSS|CMD|TRAVERSAL|WEBSHELL|RCE|UPLOAD|CVE' | head -1) + if [ -z "$primary_type" ]; then + primary_type=$(echo "$et_attack_types" | cut -d',' -f1) + fi + log_line+=" | 🛡️ET:$primary_type" + + # Show signature names (the key improvement!) + if [ -n "$et_signatures" ]; then + # Limit to first 3 signatures to keep display clean + local sig_display=$(echo "$et_signatures" | tr ',' '\n' | head -3 | tr '\n' ',' | sed 's/,$//') + log_line+=" | Sigs:$sig_display" + fi + # Show rate info if elevated if [ "$et_rate_score" -gt 0 ]; then log_line+=" | 🌊Rate:+$et_rate_score"