cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix final 10 HIGH integer comparisons in live-attack-monitor and ip-reputation-manager

Browse Source 
FIXES:
live-attack-monitor.sh:
- Line 1805: $hits → ${hits:-0} (SSH bruteforce first hit check)
- Line 1859: $score → ${score:-0} (cap at 100)
- Line 2195: $hits → ${hits:-0} (Email bruteforce first hit check)
- Line 2239: $score → ${score:-0} (cap at 100)
- Line 2314: $hits → ${hits:-0} (FTP bruteforce first hit check)
- Line 2358: $score → ${score:-0} (cap at 100)
- Line 2435: $is_new_attack → ${is_new_attack:-0} (DB attack check)
- Line 2479: $score → ${score:-0} (cap at 100)

ip-reputation-manager.sh:
- Line 156: $hit_count → ${hit_count:-0}
- Line 158: $hit_count → ${hit_count:-0}

IMPACT:
- Prevents errors in threat scoring calculations
- Safe defaults for all attack pattern detection
- More robust live monitoring

QA STATUS AFTER THIS COMMIT:
- Security modules: ALL HIGH issues FIXED ✓
- 10 HIGH issues remain in backup/maintenance modules
- Total issues: 30 (0 CRITICAL, 10 HIGH, 9 MEDIUM, 11 LOW)
This commit is contained in:
cschantz
2025-12-03 20:12:20 -05:00
parent 32f7e43d7a
commit 3698c05b8e
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/ip-reputation-manager.sh
+2 -2
View File
@@ -153,9 +153,9 @@ view_top_active() {
# Color code by hit count # Color code by hit count
local color="$NC" local color="$NC"
if [ $hit_count -gt 10000 ]; then if [ "${hit_count:-0}" -gt 10000 ]; then
color="$RED$BOLD" color="$RED$BOLD"
elif [ $hit_count -gt 1000 ]; then elif [ "${hit_count:-0}" -gt 1000 ]; then
color="$YELLOW" color="$YELLOW"
fi fi
modules/security/live-attack-monitor.sh
+8 -8
View File
@@ -1802,7 +1802,7 @@ monitor_ssh_attacks() {
# Progressive scoring for bruteforce: Each attempt adds points # Progressive scoring for bruteforce: Each attempt adds points
# First attempt: 10 pts, subsequent attempts: +8 pts each # First attempt: 10 pts, subsequent attempts: +8 pts each
if [ $hits -eq 1 ]; then if [ "${hits:-0}" -eq 1 ]; then
score=10 score=10
else else
score=$((score + 8)) score=$((score + 8))
@@ -1856,7 +1856,7 @@ monitor_ssh_attacks() {
fi fi
# Cap at 100 # Cap at 100
[ $score -gt 100 ] && score=100 [ "${score:-0}" -gt 100 ] && score=100
# Update ip_data file directly (subshells can't access IP_DATA array) # Update ip_data file directly (subshells can't access IP_DATA array)
local ip_file="$TEMP_DIR/ip_${ip//\./_}" local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2192,7 +2192,7 @@ monitor_email_attacks() {
fi fi
# Progressive scoring: Each email bruteforce attempt adds points # Progressive scoring: Each email bruteforce attempt adds points
if [ $hits -eq 1 ]; then if [ "${hits:-0}" -eq 1 ]; then
score=10 score=10
else else
score=$((score + 8)) score=$((score + 8))
@@ -2236,7 +2236,7 @@ monitor_email_attacks() {
block_reasons="${block_reasons}${context_reason}" block_reasons="${block_reasons}${context_reason}"
fi fi
[ $score -gt 100 ] && score=100 [ "${score:-0}" -gt 100 ] && score=100
# Update ip_data file directly (subshells can't access IP_DATA array) # Update ip_data file directly (subshells can't access IP_DATA array)
local ip_file="$TEMP_DIR/ip_${ip//\./_}" local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2311,7 +2311,7 @@ monitor_ftp_attacks() {
fi fi
# Progressive scoring: Each FTP bruteforce attempt adds points # Progressive scoring: Each FTP bruteforce attempt adds points
if [ $hits -eq 1 ]; then if [ "${hits:-0}" -eq 1 ]; then
score=10 score=10
else else
score=$((score + 8)) score=$((score + 8))
@@ -2355,7 +2355,7 @@ monitor_ftp_attacks() {
block_reasons="${block_reasons}${context_reason}" block_reasons="${block_reasons}${context_reason}"
fi fi
[ $score -gt 100 ] && score=100 [ "${score:-0}" -gt 100 ] && score=100
# Update ip_data file directly (subshells can't access IP_DATA array) # Update ip_data file directly (subshells can't access IP_DATA array)
local ip_file="$TEMP_DIR/ip_${ip//\./_}" local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2432,7 +2432,7 @@ monitor_database_attacks() {
fi fi
# Progressive scoring: First DB attack = 15pts, each additional = 12pts # Progressive scoring: First DB attack = 15pts, each additional = 12pts
if [ $is_new_attack -eq 1 ]; then if [ "${is_new_attack:-0}" -eq 1 ]; then
score=$((score + 15)) score=$((score + 15))
else else
score=$((score + 12)) score=$((score + 12))
@@ -2476,7 +2476,7 @@ monitor_database_attacks() {
block_reasons="${block_reasons}${context_reason}" block_reasons="${block_reasons}${context_reason}"
fi fi
[ $score -gt 100 ] && score=100 [ "${score:-0}" -gt 100 ] && score=100
# Update ip_data file directly (subshells can't access IP_DATA array) # Update ip_data file directly (subshells can't access IP_DATA array)
local ip_file="$TEMP_DIR/ip_${ip//\./_}" local ip_file="$TEMP_DIR/ip_${ip//\./_}"