diff --git a/launcher.sh b/launcher.sh index f46ecd6..2267e83 100755 --- a/launcher.sh +++ b/launcher.sh @@ -123,27 +123,26 @@ show_security_menu() { echo "" echo -e "${BOLD}Live Monitoring:${NC}" echo "" - echo -e " ${MAGENTA}5)${NC} 📡 Live Attack Monitor - Unified threat intelligence (STABLE)" - echo -e " ${MAGENTA}6)${NC} 📡 Live Attack Monitor v2.0 - Refactored version (BETA) 🚀" - echo -e " ${MAGENTA}7)${NC} 🔐 SSH Attack Monitor - SSH brute force detection" - echo -e " ${MAGENTA}8)${NC} 🌐 Web Traffic Monitor - HTTP attack detection" - echo -e " ${MAGENTA}9)${NC} 🔥 Firewall Activity Monitor - CSF/iptables monitoring" + echo -e " ${MAGENTA}5)${NC} 📡 Live Attack Monitor - Unified threat intelligence" + echo -e " ${MAGENTA}6)${NC} 🔐 SSH Attack Monitor - SSH brute force detection" + echo -e " ${MAGENTA}7)${NC} 🌐 Web Traffic Monitor - HTTP attack detection" + echo -e " ${MAGENTA}8)${NC} 🔥 Firewall Activity Monitor - CSF/iptables monitoring" echo "" echo -e "${BOLD}Log Viewers:${NC}" echo "" - echo -e " ${CYAN}10)${NC} Tail Apache Access Log - Live web access" - echo -e " ${CYAN}11)${NC} Tail Apache Error Log - Live web errors" - echo -e " ${CYAN}12)${NC} Tail Mail Log - Live email activity" - echo -e " ${CYAN}13)${NC} Tail Security Log - Live auth attempts" + echo -e " ${CYAN}9)${NC} Tail Apache Access Log - Live web access" + echo -e " ${CYAN}10)${NC} Tail Apache Error Log - Live web errors" + echo -e " ${CYAN}11)${NC} Tail Mail Log - Live email activity" + echo -e " ${CYAN}12)${NC} Tail Security Log - Live auth attempts" echo "" echo -e "${BOLD}Security Actions:${NC}" echo "" - echo -e " ${YELLOW}14)${NC} 🔒 Enable cPHulk Protection - Brute force protection" - echo -e " ${YELLOW}15)${NC} ⚙️ Optimize CT_LIMIT - Connection tracking tuning" + echo -e " ${YELLOW}13)${NC} 🔒 Enable cPHulk Protection - Brute force protection" + echo -e " ${YELLOW}14)${NC} ⚙️ Optimize CT_LIMIT - Connection tracking tuning" echo "" echo -e "${BOLD}Analysis Tools:${NC}" echo "" - echo -e " ${GREEN}16)${NC} 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)" + echo -e " ${GREEN}15)${NC} 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)" echo "" echo -e " ${RED}0)${NC} Back to Main Menu" echo "" @@ -162,17 +161,16 @@ handle_security_menu() { 3) run_module "security" "ip-reputation-manager.sh" ;; 4) run_module "security" "malware-scanner.sh" ;; 5) run_module "security" "live-attack-monitor.sh" ;; - 6) run_module "security" "live-attack-monitor-v2.sh" ;; - 7) run_module "security" "ssh-attack-monitor.sh" ;; - 8) run_module "security" "web-traffic-monitor.sh" ;; - 9) run_module "security" "firewall-activity-monitor.sh" ;; - 10) run_module "security" "tail-apache-access.sh" ;; - 11) run_module "security" "tail-apache-error.sh" ;; - 12) run_module "security" "tail-mail-log.sh" ;; - 13) run_module "security" "tail-secure-log.sh" ;; - 14) run_module "security" "enable-cphulk.sh" ;; - 15) run_module "security" "optimize-ct-limit.sh" ;; - 16) bash "$BASE_DIR/tools/analyze-historical-attacks.sh" ;; + 6) run_module "security" "ssh-attack-monitor.sh" ;; + 7) run_module "security" "web-traffic-monitor.sh" ;; + 8) run_module "security" "firewall-activity-monitor.sh" ;; + 9) run_module "security" "tail-apache-access.sh" ;; + 10) run_module "security" "tail-apache-error.sh" ;; + 11) run_module "security" "tail-mail-log.sh" ;; + 12) run_module "security" "tail-secure-log.sh" ;; + 13) run_module "security" "enable-cphulk.sh" ;; + 14) run_module "security" "optimize-ct-limit.sh" ;; + 15) bash "$BASE_DIR/tools/analyze-historical-attacks.sh" ;; 0) return ;; *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; esac diff --git a/lib/email-functions.sh b/lib/email-functions.sh new file mode 100755 index 0000000..d84b47d --- /dev/null +++ b/lib/email-functions.sh @@ -0,0 +1,293 @@ +#!/bin/bash + +################################################################################ +# Email Functions Library +################################################################################ +# Shared functions for email troubleshooting modules +################################################################################ + +# Detect MTA (Mail Transfer Agent) +detect_mta() { + if command -v exim &>/dev/null; then + echo "exim" + elif command -v postfix &>/dev/null || [ -f /etc/postfix/main.cf ]; then + echo "postfix" + elif command -v sendmail &>/dev/null; then + echo "sendmail" + else + echo "unknown" + fi +} + +# Get mail log path based on system +get_mail_log_path() { + local control_panel=$(detect_control_panel 2>/dev/null || echo "unknown") + + # Try common log locations in order of likelihood + if [ "$control_panel" = "cpanel" ]; then + if [ -f /var/log/exim_mainlog ]; then + echo "/var/log/exim_mainlog" + elif [ -f /var/log/exim/mainlog ]; then + echo "/var/log/exim/mainlog" + fi + elif [ "$control_panel" = "plesk" ]; then + if [ -f /var/log/maillog ]; then + echo "/var/log/maillog" + fi + else + # Standalone or other + if [ -f /var/log/mail.log ]; then + echo "/var/log/mail.log" + elif [ -f /var/log/maillog ]; then + echo "/var/log/maillog" + elif [ -f /var/log/exim_mainlog ]; then + echo "/var/log/exim_mainlog" + fi + fi +} + +# Get mailbox base path +get_mailbox_base_path() { + local control_panel=$(detect_control_panel 2>/dev/null || echo "unknown") + + case "$control_panel" in + cpanel) + echo "/home" + ;; + plesk) + echo "/var/qmail/mailnames" + ;; + *) + # Try common locations + if [ -d /home/vmail ]; then + echo "/home/vmail" + elif [ -d /var/mail ]; then + echo "/var/mail" + else + echo "/home" + fi + ;; + esac +} + +# Validate email address format +validate_email() { + local email="$1" + if [[ "$email" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + return 0 + else + return 1 + fi +} + +# Extract domain from email address +get_email_domain() { + local email="$1" + echo "${email##*@}" +} + +# Extract local part from email address +get_email_local() { + local email="$1" + echo "${email%%@*}" +} + +# Convert bytes to human-readable format +format_size() { + local bytes="$1" + + if [ "$bytes" -lt 1024 ]; then + echo "${bytes}B" + elif [ "$bytes" -lt 1048576 ]; then + echo "$((bytes / 1024))KB" + elif [ "$bytes" -lt 1073741824 ]; then + echo "$((bytes / 1048576))MB" + else + echo "$((bytes / 1073741824))GB" + fi +} + +# Check if MTA service is running +check_mta_running() { + local mta=$(detect_mta) + + case "$mta" in + exim) + if systemctl is-active --quiet exim 2>/dev/null || service exim status &>/dev/null; then + return 0 + fi + ;; + postfix) + if systemctl is-active --quiet postfix 2>/dev/null || service postfix status &>/dev/null; then + return 0 + fi + ;; + sendmail) + if systemctl is-active --quiet sendmail 2>/dev/null || service sendmail status &>/dev/null; then + return 0 + fi + ;; + esac + + return 1 +} + +# Get MTA version +get_mta_version() { + local mta=$(detect_mta) + + case "$mta" in + exim) + exim -bV 2>/dev/null | head -1 | awk '{print $3}' + ;; + postfix) + postconf mail_version 2>/dev/null | awk '{print $3}' + ;; + sendmail) + sendmail -d0.1 2>&1 | head -1 | awk '{print $2}' + ;; + *) + echo "unknown" + ;; + esac +} + +# Get mail queue count +get_queue_count() { + local mta=$(detect_mta) + + case "$mta" in + exim) + exim -bpc 2>/dev/null || echo "0" + ;; + postfix) + postqueue -p 2>/dev/null | tail -1 | awk '{print $5}' | tr -d '(' | tr -d ')' + ;; + *) + echo "0" + ;; + esac +} + +# Check DNS record +check_dns_record() { + local domain="$1" + local record_type="$2" # A, MX, TXT, etc. + + if command -v dig &>/dev/null; then + dig +short "$domain" "$record_type" 2>/dev/null + elif command -v host &>/dev/null; then + host -t "$record_type" "$domain" 2>/dev/null | grep -v "has no" | awk '{print $NF}' + elif command -v nslookup &>/dev/null; then + nslookup -type="$record_type" "$domain" 2>/dev/null | grep -A10 "answer:" | grep -v "answer:" + fi +} + +# Get server's primary IP +get_primary_ip() { + # Try multiple methods + local ip="" + + # Method 1: hostname -i + ip=$(hostname -I 2>/dev/null | awk '{print $1}') + + # Method 2: ip route + if [ -z "$ip" ]; then + ip=$(ip route get 8.8.8.8 2>/dev/null | awk '{print $7; exit}') + fi + + # Method 3: ifconfig + if [ -z "$ip" ]; then + ip=$(ifconfig 2>/dev/null | grep 'inet ' | grep -v '127.0.0.1' | head -1 | awk '{print $2}' | cut -d: -f2) + fi + + echo "$ip" +} + +# Check if IP is valid format +is_valid_ip() { + local ip="$1" + if [[ "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + return 0 + else + return 1 + fi +} + +# Get reverse DNS (PTR) for IP +get_reverse_dns() { + local ip="$1" + + if command -v dig &>/dev/null; then + dig +short -x "$ip" 2>/dev/null | sed 's/\.$//' + elif command -v host &>/dev/null; then + host "$ip" 2>/dev/null | grep "pointer" | awk '{print $NF}' | sed 's/\.$//' + fi +} + +# Send test email +send_test_email() { + local to="$1" + local subject="${2:-Test Email from Server Toolkit}" + local body="${3:-This is a test email sent from the Server Toolkit.}" + local from="${4:-root@$(hostname)}" + + if command -v mail &>/dev/null; then + echo "$body" | mail -s "$subject" -r "$from" "$to" + return $? + elif command -v sendmail &>/dev/null; then + { + echo "From: $from" + echo "To: $to" + echo "Subject: $subject" + echo "" + echo "$body" + } | sendmail -t + return $? + else + return 1 + fi +} + +# Parse email from Exim log line +parse_exim_email() { + local log_line="$1" + # Extract email addresses from various Exim log formats + echo "$log_line" | grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | head -1 +} + +# Get date range for log analysis (default: last 24 hours) +get_log_date_range() { + local hours="${1:-24}" + date -d "$hours hours ago" "+%Y-%m-%d %H:%M:%S" +} + +# Count messages by sender +count_by_sender() { + local log_file="$1" + local min_date="${2:-}" + + if [ -n "$min_date" ]; then + awk -v min_date="$min_date" '$0 >= min_date' "$log_file" | \ + grep "<=" | \ + grep -oE '\<[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\>' | \ + sort | uniq -c | sort -rn + else + grep "<=" "$log_file" | \ + grep -oE '\<[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\>' | \ + sort | uniq -c | sort -rn + fi +} + +# Export to detect_control_panel if not already available +if ! type detect_control_panel &>/dev/null; then + detect_control_panel() { + if [ -f /usr/local/cpanel/version ]; then + echo "cpanel" + elif [ -f /usr/local/psa/version ]; then + echo "plesk" + else + echo "standalone" + fi + } +fi