diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh index 5997341..9019bc0 100755 --- a/modules/security/bot-analyzer.sh +++ b/modules/security/bot-analyzer.sh @@ -1584,7 +1584,7 @@ generate_report() { high_risk_count=$(awk -F'|' '$1 >= 60' "$TEMP_DIR/threat_scores.txt" | wc -l) fi - if [ $threat_score -ge 25 ] || [ $high_risk_count -ge 5 ]; then + if [ "${threat_score:-0}" -ge 25 ] || [ "${high_risk_count:-0}" -ge 5 ]; then print_alert "THREAT LEVEL: CRITICAL - Immediate action required" echo " Summary: Multiple attack vectors detected from $high_risk_count high-risk IPs" echo "" @@ -1595,7 +1595,7 @@ generate_report() { echo " 4. 🔄 Update all CMS platforms and plugins urgently" echo " 5. 🔐 Force password reset for admin accounts if login attempts detected" echo " 6. Re-run this analysis in 1 hour to verify blocks are working" - elif [ $threat_score -ge 12 ] || [ $high_risk_count -ge 2 ]; then + elif [ "${threat_score:-0}" -ge 12 ] || [ "${high_risk_count:-0}" -ge 2 ]; then print_warning "THREAT LEVEL: HIGH - Action recommended within 24 hours" echo " Summary: Significant threat activity from $high_risk_count high-risk IPs" echo "" @@ -1605,7 +1605,7 @@ generate_report() { echo " 3. Monitor logs closely for the next 24-48 hours" echo " 4. Consider implementing fail2ban or similar IDS" echo " 5. Review and update security plugins/modules" - elif [ $threat_score -ge 5 ]; then + elif [ "${threat_score:-0}" -ge 5 ]; then print_warning "THREAT LEVEL: MODERATE - Routine security maintenance" echo " Summary: Normal bot activity with some suspicious patterns" echo "" @@ -1777,7 +1777,7 @@ verify_domains_still_working() { fi done < "$TEMP_DIR/baseline_health.txt" - if [ $now_broken -gt 0 ]; then + if [ "${now_broken:-0}" -gt 0 ]; then echo "" print_alert "WARNING: $now_broken domain(s) stopped working after your changes!" echo "" @@ -1787,7 +1787,7 @@ verify_domains_still_working() { echo " 3. Check CSF deny list: csf -g" echo " 4. Consider reverting changes if issues persist" echo "" - elif [ $changes_detected -eq 0 ]; then + elif [ "${changes_detected:-0}" -eq 0 ]; then print_success "All domains still working normally" else print_success "Some status changes detected but no domains broken" @@ -2140,18 +2140,18 @@ generate_recommendations() { local primary_target="" local primary_target_percentage=0 - if [ $affected_domains -eq 1 ] && [ $total_domains -gt 1 ]; then + if [ "${affected_domains:-0}" -eq 1 ] && [ "${total_domains:-0}" -gt 1 ]; then attack_scope="single_domain" primary_target=$(head -1 "$TEMP_DIR/domain_high_risk_ips.txt" 2>/dev/null | cut -d'|' -f1) # Calculate what % of high-risk IPs are targeting this domain local domain_risk_count=$(head -1 "$TEMP_DIR/domain_high_risk_ips.txt" 2>/dev/null | cut -d'|' -f2) - if [ $total_high_risk_ips -gt 0 ]; then + if [ "${total_high_risk_ips:-0}" -gt 0 ]; then primary_target_percentage=$(awk "BEGIN {printf \"%.0f\", ($domain_risk_count / $total_high_risk_ips) * 100}") fi - elif [ $affected_domains -gt 1 ] && [ $total_domains -gt 1 ]; then + elif [ "${affected_domains:-0}" -gt 1 ] && [ "${total_domains:-0}" -gt 1 ]; then # Check if one domain is getting most of the traffic local top_domain_count=$(head -1 "$TEMP_DIR/domain_threats_sorted.txt" 2>/dev/null | cut -d'|' -f5) - if [ "$top_domain_count" -gt 0 ] && [ $total_high_risk_ips -gt 0 ]; then + if [ "${top_domain_count:-0}" -gt 0 ] && [ "${total_high_risk_ips:-0}" -gt 0 ]; then local top_percentage=$(awk "BEGIN {printf \"%.0f\", ($top_domain_count / $total_high_risk_ips) * 100}") if [ "$top_percentage" -ge 75 ]; then attack_scope="primary_target" @@ -2163,7 +2163,7 @@ generate_recommendations() { else attack_scope="server_wide" fi - elif [ $affected_domains -eq $total_domains ] && [ $total_domains -gt 1 ]; then + elif [ "${affected_domains:-0}" -eq "${total_domains:-0}" ] && [ "${total_domains:-0}" -gt 1 ]; then attack_scope="server_wide" elif [ $total_domains -eq 1 ]; then attack_scope="single_server"