cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add IP reputation tracking for ET Open detections + historical analyzer to menu

Browse Source 
IP Reputation Tracking:
- ET attack scores now properly boost IP threat scores
- When ET detects attack (score 85-100), adds to IP's cumulative score
- Example: IP at score 50 + ET attack 95 = total 100 (capped)
- Tracks across multiple requests from same IP
- Higher scores = faster blocking/banning

How it works:
1. ET detection runs: analyze_http_log_line() returns score
2. Score added to IP's existing threat score in IP_DATA array
3. Display shows boosted score
4. Auto-block triggers at combined score ≥90

Menu Integration:
- Added option 15 to Security menu
- 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)
- Launches: tools/analyze-historical-attacks.sh
- Features:
  - Scan last 7/30/custom days
  - Analyze specific log files
  - Generate comprehensive reports
  - Top attackers, signatures, attack types
  - Supports compressed logs (gzip, bzip2)

Testing:
 Syntax validated
 Tracking logic verified (50 + 95 = 100)
 Menu navigation works
 Historical analyzer accessible

Now when IPs attack repeatedly:
- First attack: Score increases by attack severity
- Subsequent attacks: Scores accumulate
- Persistent attackers: Reach blocking threshold faster
- Dashboard shows current cumulative score
This commit is contained in:
cschantz
2025-12-13 02:21:28 -05:00
parent ad5587c89e
commit 1f8e3e2ca8
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
launcher.sh
+5
View File
@@ -141,6 +141,10 @@ show_security_menu() {
echo -e " ${YELLOW}13)${NC} 🔒 Enable cPHulk Protection - Brute force protection"
echo -e " ${YELLOW}14)${NC} ⚙️ Optimize CT_LIMIT - Connection tracking tuning"
echo ""
echo -e "${BOLD}Analysis Tools:${NC}"
echo ""
echo -e " ${GREEN}15)${NC} 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)"
echo ""
echo -e " ${RED}0)${NC} Back to Main Menu"
echo ""
echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}"
@@ -167,6 +171,7 @@ handle_security_menu() {
12) run_module "security" "tail-secure-log.sh" ;;
13) run_module "security" "enable-cphulk.sh" ;;
14) run_module "security" "optimize-ct-limit.sh" ;;
15) bash "$SCRIPT_DIR/tools/analyze-historical-attacks.sh" ;;
0) return ;;
*) echo -e "${RED}Invalid option${NC}"; sleep 1 ;;
esac