Fix 10 more HIGH integer comparisons in live-attack-monitor.sh

FIXES:
- Line 321-323: $hits → ${hits:-0} (2 instances)
- Line 332: $score → ${score:-0} (negative check)
- Line 341: $score → ${score:-0} (cap at 100)
- Line 358: $removed → ${removed:-0}
- Line 366: $score → ${score:-0}
- Line 1242: $needs_config → ${needs_config:-0}
- Line 1270: $recommendations → ${recommendations:-0}
- Line 1377: $failed → ${failed:-0}
- Line 1517: $applied → ${applied:-0}

IMPACT:
- Prevents errors when variables are empty/unset
- Safe defaults for all score calculations
- More robust error handling in live monitoring

QA STATUS:
- Fixed 10 more HIGH issues
- 10 HIGH issues remain (live-attack-monitor + ip-reputation-manager)
- Continuing systematic bug fixes

modules/security/live-attack-monitor.sh

@@ -318,9 +318,9 @@ update_ip_intelligence() {
     # Request volume scoring
     if [ "${hits:-0}" -gt 100 ]; then
         score=$((score + 5))
-    elif [ $hits -gt 50 ]; then
+    elif [ "${hits:-0}" -gt 50 ]; then
         score=$((score + 3))
-    elif [ $hits -gt 20 ]; then
+    elif [ "${hits:-0}" -gt 20 ]; then
         score=$((score + 1))
     fi
 
@@ -329,7 +329,7 @@ update_ip_intelligence() {
         legit|ai|monitor)
             # Legitimate bots - reduce score
             score=$((score - 5))
-            [ $score -lt 0 ] && score=0
+            [ "${score:-0}" -lt 0 ] && score=0
             ;;
         suspicious)
             # Suspicious bots - increase score
@@ -338,7 +338,7 @@ update_ip_intelligence() {
     esac
 
     # Cap at 100
-    [ $score -gt 100 ] && score=100
+    [ "${score:-0}" -gt 100 ] && score=100
 
     # Check if we're tracking too many IPs (memory protection)
     if [ ${#IP_DATA[@]} -ge $MAX_TRACKED_IPS ]; then
@@ -355,7 +355,7 @@ update_ip_intelligence() {
         for remove_ip in "${to_remove[@]}"; do
             unset IP_DATA[$remove_ip]
             ((removed++))
-            [ $removed -ge 100 ] && break
+            [ "${removed:-0}" -ge 100 ] && break
         done
     fi
 
@@ -363,7 +363,7 @@ update_ip_intelligence() {
     IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
 
     # Update IP reputation DB in background (if score > 0)
-    if [ $score -gt 0 ]; then
+    if [ "${score:-0}" -gt 0 ]; then
         (update_ip_reputation "$ip" 1 "$score" 0 "Live monitor: $new_attacks" >/dev/null 2>&1) &
     fi
 }
@@ -1239,7 +1239,7 @@ draw_quick_actions() {
         fi
 
         # Only show recommendation if something needs fixing
-        if [ $needs_config -eq 1 ]; then
+        if [ "${needs_config:-0}" -eq 1 ]; then
             echo -e "${HIGH_COLOR}  ⚠️  DDoS/SYN Flood Detected - Firewall Protection Recommended${NC}"
             echo -e "${MEDIUM_COLOR}     → Press 'c' for Security Hardening menu${NC}"
             recommendations=1
@@ -1267,7 +1267,7 @@ draw_quick_actions() {
         fi
     fi
 
-    if [ $recommendations -eq 0 ]; then
+    if [ "${recommendations:-0}" -eq 0 ]; then
         echo ""
     fi
 
@@ -1374,7 +1374,7 @@ show_blocking_menu() {
         echo ""
         echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
         echo "✓ Successfully blocked: $blocked IPs"
-        [ $failed -gt 0 ] && echo "✗ Failed to block: $failed IPs"
+        [ "${failed:-0}" -gt 0 ] && echo "✗ Failed to block: $failed IPs"
         echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
         read -p "Press Enter to continue..."
     elif [[ "$choice" =~ ^[0-9]+$ ]] && [ "$choice" -ge 1 ] && [ "$choice" -le ${#blockable_list[@]} ]; then
@@ -1514,7 +1514,7 @@ show_security_hardening_menu() {
             ((applied++))
 
             echo ""
-            if [ $applied -gt 0 ]; then
+            if [ "${applied:-0}" -gt 0 ]; then
                 echo "✓ Applied $applied security fix(es)"
             else
                 echo "✓ All security settings already optimized"