cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CRITICAL FIX: Prevent main loop from overwriting subprocess updates

Browse Source 
Problem:
- IPs reaching Score:100 but STILL not being auto-blocked
- write_ip_data_to_file was working correctly in subprocesses
- BUT main loop was OVERWRITING entire ip_data file every 2 seconds
- Line 3539 used ">" which truncates the file
- Auto-mitigation engine reads stale data from parent's IP_DATA array
- Parent's IP_DATA doesn't have subprocess updates (subshell isolation)

Example:
1. HTTP subprocess: IP reaches score=100, writes to file
2. 2 seconds later: Main loop OVERWRITES file with parent's IP_DATA
3. Auto-mitigation reads file: Score shows 0 or old value
4. IP never blocked!

Root Cause:
The original fix (write_ip_data_to_file) was correct, but the main
loop's periodic file write was destroying those updates.

Solution:
- Main loop now MERGES data instead of overwriting
- Reads existing file (contains fresh subprocess updates)
- Adds only NEW IPs from parent process
- Writes back existing entries (subprocess data takes priority)
- Uses flock to prevent race conditions
- Atomic replacement with .new file

This preserves subprocess updates while still allowing parent
process to add IPs it discovers.

Result:
- Subprocess updates (Score:100) now PERSIST
- Auto-mitigation engine sees correct scores
- IPs with score >= 80 will be blocked within 10 seconds

Testing:
Before: Score:100 shown but IP never blocked
After:  Score:100 → INSTANT_BLOCK within 10 seconds
This commit is contained in:
cschantz
2026-01-06 18:25:41 -05:00
parent 49b0bf3a90
commit 4b6e655123
1 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/live-attack-monitor-v2.sh
+25 -1
View File
@@ -3532,11 +3532,35 @@ while true; do
draw_quick_actions
# Write IP_DATA to ip_data file for auto-mitigation engine
# NOTE: Subprocesses use write_ip_data_to_file() for real-time updates
# This merges parent process data without overwriting subprocess updates
{
flock -w 2 200 || exit 1
# Read existing file (contains subprocess updates)
declare -A existing_ips
if [ -f "$TEMP_DIR/ip_data" ]; then
while IFS='=' read -r ip data; do
[ -n "$ip" ] && existing_ips[$ip]="$data"
done < "$TEMP_DIR/ip_data"
fi
# Merge parent's IP_DATA with existing (subprocess updates take priority)
for ip in "${!IP_DATA[@]}"; do
# Only write if not already in file (subprocess updates are fresher)
if [ -z "${existing_ips[$ip]}" ]; then
echo "$ip=${IP_DATA[$ip]}"
fi
done
} > "$TEMP_DIR/ip_data" 2>/dev/null
# Write back existing entries (from subprocesses)
for ip in "${!existing_ips[@]}"; do
echo "$ip=${existing_ips[$ip]}"
done
} > "$TEMP_DIR/ip_data.new" 2>/dev/null 200>"$TEMP_DIR/ip_data.lock"
mv "$TEMP_DIR/ip_data.new" "$TEMP_DIR/ip_data" 2>/dev/null
# Update total blocks from file
if [ -f "$TEMP_DIR/total_blocks" ]; then