cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix additional 12 integer comparisons in bot-analyzer.sh

Browse Source 
Continue fixing integer comparison bugs across bot-analyzer.sh:
- Lines 977, 980, 983, 1182, 1259, 1317, 1368, 1455 (prev commit)
- Lines 1587, 1598, 1608 (threat score comparisons)
- Lines 1780, 1790 (domain health checks)
- Lines 2143, 2148, 2151, 2154, 2166 (attack scope determination)

Total: 37 integer comparisons fixed across all files
Remaining: 10 HIGH + 9 MEDIUM + 11 LOW = 30 issues

Note: bot-analyzer.sh is ~2800 lines, QA tool discovering issues incrementally
This commit is contained in:
cschantz
2025-12-03 20:01:43 -05:00
parent 86ed92e9e2
commit 17eaff6c12
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/bot-analyzer.sh
+10 -10
View File
@@ -1584,7 +1584,7 @@ generate_report() {
high_risk_count=$(awk -F'|' '$1 >= 60' "$TEMP_DIR/threat_scores.txt" | wc -l) high_risk_count=$(awk -F'|' '$1 >= 60' "$TEMP_DIR/threat_scores.txt" | wc -l)
fi fi
if [ $threat_score -ge 25 ] || [ $high_risk_count -ge 5 ]; then if [ "${threat_score:-0}" -ge 25 ] || [ "${high_risk_count:-0}" -ge 5 ]; then
print_alert "THREAT LEVEL: CRITICAL - Immediate action required" print_alert "THREAT LEVEL: CRITICAL - Immediate action required"
echo " Summary: Multiple attack vectors detected from $high_risk_count high-risk IPs" echo " Summary: Multiple attack vectors detected from $high_risk_count high-risk IPs"
echo "" echo ""
@@ -1595,7 +1595,7 @@ generate_report() {
echo " 4. 🔄 Update all CMS platforms and plugins urgently" echo " 4. 🔄 Update all CMS platforms and plugins urgently"
echo " 5. 🔐 Force password reset for admin accounts if login attempts detected" echo " 5. 🔐 Force password reset for admin accounts if login attempts detected"
echo " 6. Re-run this analysis in 1 hour to verify blocks are working" echo " 6. Re-run this analysis in 1 hour to verify blocks are working"
elif [ $threat_score -ge 12 ] || [ $high_risk_count -ge 2 ]; then elif [ "${threat_score:-0}" -ge 12 ] || [ "${high_risk_count:-0}" -ge 2 ]; then
print_warning "THREAT LEVEL: HIGH - Action recommended within 24 hours" print_warning "THREAT LEVEL: HIGH - Action recommended within 24 hours"
echo " Summary: Significant threat activity from $high_risk_count high-risk IPs" echo " Summary: Significant threat activity from $high_risk_count high-risk IPs"
echo "" echo ""
@@ -1605,7 +1605,7 @@ generate_report() {
echo " 3. Monitor logs closely for the next 24-48 hours" echo " 3. Monitor logs closely for the next 24-48 hours"
echo " 4. Consider implementing fail2ban or similar IDS" echo " 4. Consider implementing fail2ban or similar IDS"
echo " 5. Review and update security plugins/modules" echo " 5. Review and update security plugins/modules"
elif [ $threat_score -ge 5 ]; then elif [ "${threat_score:-0}" -ge 5 ]; then
print_warning "THREAT LEVEL: MODERATE - Routine security maintenance" print_warning "THREAT LEVEL: MODERATE - Routine security maintenance"
echo " Summary: Normal bot activity with some suspicious patterns" echo " Summary: Normal bot activity with some suspicious patterns"
echo "" echo ""
@@ -1777,7 +1777,7 @@ verify_domains_still_working() {
fi fi
done < "$TEMP_DIR/baseline_health.txt" done < "$TEMP_DIR/baseline_health.txt"
if [ $now_broken -gt 0 ]; then if [ "${now_broken:-0}" -gt 0 ]; then
echo "" echo ""
print_alert "WARNING: $now_broken domain(s) stopped working after your changes!" print_alert "WARNING: $now_broken domain(s) stopped working after your changes!"
echo "" echo ""
@@ -1787,7 +1787,7 @@ verify_domains_still_working() {
echo " 3. Check CSF deny list: csf -g" echo " 3. Check CSF deny list: csf -g"
echo " 4. Consider reverting changes if issues persist" echo " 4. Consider reverting changes if issues persist"
echo "" echo ""
elif [ $changes_detected -eq 0 ]; then elif [ "${changes_detected:-0}" -eq 0 ]; then
print_success "All domains still working normally" print_success "All domains still working normally"
else else
print_success "Some status changes detected but no domains broken" print_success "Some status changes detected but no domains broken"
@@ -2140,18 +2140,18 @@ generate_recommendations() {
local primary_target="" local primary_target=""
local primary_target_percentage=0 local primary_target_percentage=0
if [ $affected_domains -eq 1 ] && [ $total_domains -gt 1 ]; then if [ "${affected_domains:-0}" -eq 1 ] && [ "${total_domains:-0}" -gt 1 ]; then
attack_scope="single_domain" attack_scope="single_domain"
primary_target=$(head -1 "$TEMP_DIR/domain_high_risk_ips.txt" 2>/dev/null | cut -d'|' -f1) primary_target=$(head -1 "$TEMP_DIR/domain_high_risk_ips.txt" 2>/dev/null | cut -d'|' -f1)
# Calculate what % of high-risk IPs are targeting this domain # Calculate what % of high-risk IPs are targeting this domain
local domain_risk_count=$(head -1 "$TEMP_DIR/domain_high_risk_ips.txt" 2>/dev/null | cut -d'|' -f2) local domain_risk_count=$(head -1 "$TEMP_DIR/domain_high_risk_ips.txt" 2>/dev/null | cut -d'|' -f2)
if [ $total_high_risk_ips -gt 0 ]; then if [ "${total_high_risk_ips:-0}" -gt 0 ]; then
primary_target_percentage=$(awk "BEGIN {printf \"%.0f\", ($domain_risk_count / $total_high_risk_ips) * 100}") primary_target_percentage=$(awk "BEGIN {printf \"%.0f\", ($domain_risk_count / $total_high_risk_ips) * 100}")
fi fi
elif [ $affected_domains -gt 1 ] && [ $total_domains -gt 1 ]; then elif [ "${affected_domains:-0}" -gt 1 ] && [ "${total_domains:-0}" -gt 1 ]; then
# Check if one domain is getting most of the traffic # Check if one domain is getting most of the traffic
local top_domain_count=$(head -1 "$TEMP_DIR/domain_threats_sorted.txt" 2>/dev/null | cut -d'|' -f5) local top_domain_count=$(head -1 "$TEMP_DIR/domain_threats_sorted.txt" 2>/dev/null | cut -d'|' -f5)
if [ "$top_domain_count" -gt 0 ] && [ $total_high_risk_ips -gt 0 ]; then if [ "${top_domain_count:-0}" -gt 0 ] && [ "${total_high_risk_ips:-0}" -gt 0 ]; then
local top_percentage=$(awk "BEGIN {printf \"%.0f\", ($top_domain_count / $total_high_risk_ips) * 100}") local top_percentage=$(awk "BEGIN {printf \"%.0f\", ($top_domain_count / $total_high_risk_ips) * 100}")
if [ "$top_percentage" -ge 75 ]; then if [ "$top_percentage" -ge 75 ]; then
attack_scope="primary_target" attack_scope="primary_target"
@@ -2163,7 +2163,7 @@ generate_recommendations() {
else else
attack_scope="server_wide" attack_scope="server_wide"
fi fi
elif [ $affected_domains -eq $total_domains ] && [ $total_domains -gt 1 ]; then elif [ "${affected_domains:-0}" -eq "${total_domains:-0}" ] && [ "${total_domains:-0}" -gt 1 ]; then
attack_scope="server_wide" attack_scope="server_wide"
elif [ $total_domains -eq 1 ]; then elif [ $total_domains -eq 1 ]; then
attack_scope="single_server" attack_scope="single_server"