Add cleanup script for IP reputation and toolkit data

Created comprehensive cleanup tool to remove all server-specific data
before transferring toolkit to another server.

NEW FILE:
- modules/maintenance/cleanup-toolkit-data.sh
  * Removes IP reputation database (/var/lib/server-toolkit/)
  * Cleans all temporary analysis files (/tmp/*bot*, *500-tracker*, etc.)
  * Removes generated reports
  * Clears cache and session data
  * Optional log file removal
  * Shows summary of items removed and space freed
  * Safety confirmation required before cleanup

UPDATED:
- launcher.sh
  * Added cleanup script to Backup & Recovery menu (option 9)
  * Placed in "Data Management" section
  * Clearly marked with trash icon to indicate destructive operation

PURPOSE:
This ensures the IP reputation database and other server-specific data
are not transferred when moving the toolkit between servers. Each server
should build its own IP reputation database based on its own traffic and
attack patterns.

USE CASES:
✓ Moving toolkit to different server
✓ Starting fresh analysis
✓ Removing server-specific data before sharing toolkit
✓ Regular maintenance/cleanup

WHAT GETS CLEANED:
- /var/lib/server-toolkit/ip-reputation/ (IP reputation database)
- /tmp/bot_analysis_* (bot analyzer temp files)
- /tmp/500-tracker-* (error tracker temp files)
- /tmp/live-monitor-* (live monitoring temp files)
- /tmp/*_report_*.txt (generated reports)
- /var/cache/server-toolkit/ (cached data)
- Session/lock files
- Optional: execution logs

launcher.sh

@@ -559,6 +559,10 @@ show_backup_menu() {
     echo -e "  ${YELLOW}7)${NC} Backup Verification         - Test backup integrity"
     echo -e "  ${YELLOW}8)${NC} Off-site Sync               - Sync to remote storage"
     echo ""
+    echo -e "${BOLD}Data Management:${NC}"
+    echo ""
+    echo -e "  ${RED}9)${NC} 🗑️  Cleanup Toolkit Data      - Remove IP reputation & temp files"
+    echo ""
     echo -e "  ${RED}0)${NC} Back to Main Menu"
     echo ""
     echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}"
@@ -1320,6 +1324,7 @@ handle_backup_menu() {
             6) run_module "backup" "log-archive.sh" ;;
             7) run_module "backup" "backup-verification.sh" ;;
             8) run_module "backup" "offsite-sync.sh" ;;
+            9) run_module "maintenance" "cleanup-toolkit-data.sh" ;;
             0) return ;;
             *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;;
         esac

modules/maintenance/cleanup-toolkit-data.sh

@@ -0,0 +1,243 @@
+#!/bin/bash
+
+################################################################################
+# Server Toolkit Data Cleanup
+################################################################################
+# Purpose: Remove all toolkit-generated data (for wiping before system transfer)
+# Use Case: When moving toolkit to another server or fresh start
+#
+# What gets cleaned:
+# - IP reputation database
+# - Temporary analysis files
+# - Cached data
+# - Generated reports
+# - Session data
+################################################################################
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+source "$SCRIPT_DIR/lib/common-functions.sh"
+
+# Require root
+if [ "$EUID" -ne 0 ]; then
+    print_error "This script must be run as root"
+    exit 1
+fi
+
+print_banner "Server Toolkit Data Cleanup"
+
+echo ""
+echo -e "${YELLOW}${BOLD}⚠️  WARNING ⚠️${NC}"
+echo ""
+echo "This will remove ALL data collected by the Server Toolkit:"
+echo ""
+echo "  • IP reputation database (/var/lib/server-toolkit/)"
+echo "  • Temporary analysis files (/tmp/)"
+echo "  • Generated reports"
+echo "  • Cached data"
+echo "  • Session files"
+echo ""
+echo -e "${RED}This action CANNOT be undone!${NC}"
+echo ""
+echo "Use this when:"
+echo "  ✓ Moving toolkit to a different server"
+echo "  ✓ Starting fresh analysis"
+echo "  ✓ Removing server-specific data before sharing"
+echo ""
+echo -e "${CYAN}────────────────────────────────────────────────────────────${NC}"
+echo ""
+read -p "Type 'yes' to confirm cleanup: " confirm
+
+if [ "$confirm" != "yes" ]; then
+    echo ""
+    print_error "Cleanup cancelled"
+    exit 0
+fi
+
+echo ""
+echo "Starting cleanup..."
+echo ""
+
+# Track what was cleaned
+cleaned_count=0
+cleaned_size=0
+
+# Function to safely remove directory/file and track size
+safe_remove() {
+    local path="$1"
+    local description="$2"
+
+    if [ -e "$path" ]; then
+        # Calculate size before removing
+        if [ -d "$path" ]; then
+            size=$(du -sb "$path" 2>/dev/null | awk '{print $1}' || echo "0")
+        else
+            size=$(stat -c%s "$path" 2>/dev/null || echo "0")
+        fi
+
+        # Remove
+        rm -rf "$path" 2>/dev/null
+
+        if [ $? -eq 0 ]; then
+            cleaned_size=$((cleaned_size + size))
+            ((cleaned_count++))
+            echo -e "  ${GREEN}✓${NC} Removed: $description"
+            return 0
+        else
+            echo -e "  ${RED}✗${NC} Failed to remove: $description"
+            return 1
+        fi
+    else
+        echo -e "  ${DIM}○${NC} Not found: $description (already clean)"
+        return 0
+    fi
+}
+
+echo -e "${BOLD}IP Reputation Database:${NC}"
+safe_remove "/var/lib/server-toolkit/ip-reputation" "IP reputation database"
+safe_remove "/var/lib/server-toolkit" "Toolkit data directory"
+echo ""
+
+echo -e "${BOLD}Temporary Analysis Files:${NC}"
+# Bot analyzer temp files
+for pattern in /tmp/bot_analysis_* /tmp/*_bot_*.txt; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        rm -f $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: Bot analysis temp files"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+# 500 error tracker temp files
+for pattern in /tmp/500-tracker-* /tmp/*500*.txt; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        rm -rf $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: 500 error tracker temp files"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+# Live monitoring temp files
+for pattern in /tmp/live-monitor-* /tmp/*monitor*.tmp; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        rm -rf $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: Live monitoring temp files"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+# Error analyzer temp files
+for pattern in /tmp/error_analysis_* /tmp/*error*.tmp; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        rm -f $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: Error analyzer temp files"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+# Generic toolkit temp files
+for pattern in /tmp/toolkit_* /tmp/server-toolkit*; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        rm -rf $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: Generic toolkit temp files"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+echo ""
+
+echo -e "${BOLD}Generated Reports:${NC}"
+# Look for common report locations
+for pattern in /tmp/*_report_*.txt /tmp/*_analysis_*.txt /root/*toolkit*.txt /root/*_report*.txt; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        count=$(ls $pattern 2>/dev/null | wc -l)
+        rm -f $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: $count report file(s)"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+echo ""
+
+echo -e "${BOLD}Cache and Session Data:${NC}"
+# Cached analysis data
+if [ -d "/var/cache/server-toolkit" ]; then
+    safe_remove "/var/cache/server-toolkit" "Toolkit cache directory"
+fi
+
+# Session/lock files
+for pattern in /var/run/server-toolkit* /var/lock/server-toolkit*; do
+    if ls $pattern 2>/dev/null | grep -q .; then
+        rm -f $pattern 2>/dev/null
+        echo -e "  ${GREEN}✓${NC} Removed: Session/lock files"
+        ((cleaned_count++))
+        break
+    fi
+done
+
+echo ""
+
+echo -e "${BOLD}Log Files (Optional):${NC}"
+echo -n "Remove toolkit execution logs? (yes/no) [no]: "
+read remove_logs
+remove_logs="${remove_logs:-no}"
+
+if [ "$remove_logs" = "yes" ]; then
+    for pattern in /var/log/server-toolkit*.log; do
+        if ls $pattern 2>/dev/null | grep -q .; then
+            count=$(ls $pattern 2>/dev/null | wc -l)
+            rm -f $pattern 2>/dev/null
+            echo -e "  ${GREEN}✓${NC} Removed: $count log file(s)"
+            ((cleaned_count++))
+            break
+        fi
+    done
+else
+    echo -e "  ${DIM}○${NC} Logs kept (skipped)"
+fi
+
+echo ""
+echo -e "${CYAN}────────────────────────────────────────────────────────────${NC}"
+echo ""
+
+# Convert size to human readable
+if [ $cleaned_size -lt 1024 ]; then
+    size_human="${cleaned_size}B"
+elif [ $cleaned_size -lt 1048576 ]; then
+    size_human="$((cleaned_size / 1024))KB"
+elif [ $cleaned_size -lt 1073741824 ]; then
+    size_human="$((cleaned_size / 1048576))MB"
+else
+    size_human="$((cleaned_size / 1073741824))GB"
+fi
+
+echo -e "${GREEN}${BOLD}✓ Cleanup Complete!${NC}"
+echo ""
+echo "Summary:"
+echo "  Items removed: $cleaned_count"
+echo "  Space freed:   $size_human"
+echo ""
+echo "The toolkit is now clean and ready for:"
+echo "  • Transfer to another server"
+echo "  • Fresh analysis start"
+echo "  • Sharing without server-specific data"
+echo ""
+
+# Verify critical directories are gone
+missing=0
+[ -d "/var/lib/server-toolkit" ] && { echo -e "${YELLOW}Warning: /var/lib/server-toolkit still exists${NC}"; ((missing++)); }
+[ -d "/tmp/live-monitor-current" ] && { echo -e "${YELLOW}Warning: /tmp/live-monitor-current still exists${NC}"; ((missing++)); }
+
+if [ $missing -gt 0 ]; then
+    echo ""
+    echo -e "${YELLOW}Some directories could not be removed (may be in use)${NC}"
+    echo "Try stopping any running toolkit scripts and run cleanup again."
+fi
+
+echo ""
+press_enter