diff --git a/launcher.sh b/launcher.sh index 7988e45..9bc01cf 100755 --- a/launcher.sh +++ b/launcher.sh @@ -110,41 +110,177 @@ show_main_menu() { # SECURITY & MONITORING ############################################################################# -show_security_menu() { +############################################################################# +# SECURITY SUB-MENUS +############################################################################# + +# Threat Analysis Sub-Menu +show_threat_analysis_menu() { show_banner - echo -e "${GREEN}${BOLD}🛡️ Security & Monitoring${NC}" - echo "" - echo -e "${BOLD}Threat Analysis:${NC}" + echo -e "${GREEN}${BOLD}📊 Threat Analysis${NC}" echo "" echo -e " ${CYAN}1)${NC} 🤖 Bot & Traffic Analyzer - Full analysis (all logs)" echo -e " ${CYAN}2)${NC} 🤖 Quick Scan (1 hour) - Recent activity only" echo -e " ${CYAN}3)${NC} 📊 IP Reputation Manager - Query/manage IP database" - echo -e " ${CYAN}4)${NC} 🦠 Malware Scanner - ImunifyAV, ClamAV, Maldet" - echo -e " ${CYAN}17)${NC} 🔐 Suspicious Login Monitor - SSH/Panel login analysis" + echo -e " ${CYAN}4)${NC} 🔐 Suspicious Login Monitor - SSH/Panel login analysis" + echo -e " ${CYAN}5)${NC} 🦠 Malware Scanner - ImunifyAV, ClamAV, Maldet" echo "" - echo -e "${BOLD}Live Monitoring:${NC}" + echo -e " ${RED}0)${NC} Back to Security Menu" echo "" - echo -e " ${MAGENTA}5)${NC} 📡 Live Attack Monitor - Unified threat intelligence" - echo -e " ${MAGENTA}6)${NC} 🔐 SSH Attack Monitor - SSH brute force detection" - echo -e " ${MAGENTA}7)${NC} 🌐 Web Traffic Monitor - HTTP attack detection" - echo -e " ${MAGENTA}8)${NC} 🔥 Firewall Activity Monitor - CSF/iptables monitoring" + echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}" + echo -n "Select option: " +} + +handle_threat_analysis_menu() { + while true; do + show_threat_analysis_menu + read -r choice + + case $choice in + 1) run_module "security" "bot-analyzer.sh" ;; + 2) run_module "security" "bot-analyzer.sh" -H 1 ;; + 3) run_module "security" "ip-reputation-manager.sh" ;; + 4) run_module "security" "suspicious-login-monitor.sh" ;; + 5) run_module "security" "malware-scanner.sh" ;; + 0) return ;; + *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; + esac + done +} + +# Live Monitoring Sub-Menu +show_live_monitoring_menu() { + show_banner + echo -e "${MAGENTA}${BOLD}🔴 Live Monitoring${NC}" echo "" - echo -e "${BOLD}Log Viewers:${NC}" + echo -e " ${MAGENTA}1)${NC} 📡 Live Attack Monitor - Unified threat intelligence" + echo -e " ${MAGENTA}2)${NC} 🔐 SSH Attack Monitor - SSH brute force detection" + echo -e " ${MAGENTA}3)${NC} 🌐 Web Traffic Monitor - HTTP attack detection" + echo -e " ${MAGENTA}4)${NC} 🔥 Firewall Activity Monitor - CSF/iptables monitoring" echo "" - echo -e " ${CYAN}9)${NC} Tail Apache Access Log - Live web access" - echo -e " ${CYAN}10)${NC} Tail Apache Error Log - Live web errors" - echo -e " ${CYAN}11)${NC} Tail Mail Log - Live email activity" - echo -e " ${CYAN}12)${NC} Tail Security Log - Live auth attempts" + echo -e " ${RED}0)${NC} Back to Security Menu" echo "" - echo -e "${BOLD}Security Actions:${NC}" + echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}" + echo -n "Select option: " +} + +handle_live_monitoring_menu() { + while true; do + show_live_monitoring_menu + read -r choice + + case $choice in + 1) run_module "security" "live-attack-monitor.sh" ;; + 2) run_module "security" "ssh-attack-monitor.sh" ;; + 3) run_module "security" "web-traffic-monitor.sh" ;; + 4) run_module "security" "firewall-activity-monitor.sh" ;; + 0) return ;; + *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; + esac + done +} + +# Log Viewers Sub-Menu +show_log_viewers_menu() { + show_banner + echo -e "${BLUE}${BOLD}📋 Log Viewers${NC}" echo "" - echo -e " ${YELLOW}13)${NC} 🔒 Enable cPHulk Protection - Brute force protection" - echo -e " ${YELLOW}14)${NC} ⚙️ Optimize CT_LIMIT - Connection tracking tuning" - echo -e " ${YELLOW}16)${NC} 🤖 Block Malicious Bots - User-Agent blocking (Apache)" + echo -e " ${BLUE}1)${NC} 🌐 Apache Access Log - Live web access" + echo -e " ${BLUE}2)${NC} ❌ Apache Error Log - Live web errors" + echo -e " ${BLUE}3)${NC} 📧 Mail Log - Live email activity" + echo -e " ${BLUE}4)${NC} 🔐 Security Log - Live auth attempts" echo "" - echo -e "${BOLD}Analysis Tools:${NC}" + echo -e " ${RED}0)${NC} Back to Security Menu" echo "" - echo -e " ${GREEN}15)${NC} 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)" + echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}" + echo -n "Select option: " +} + +handle_log_viewers_menu() { + while true; do + show_log_viewers_menu + read -r choice + + case $choice in + 1) run_module "security" "tail-apache-access.sh" ;; + 2) run_module "security" "tail-apache-error.sh" ;; + 3) run_module "security" "tail-mail-log.sh" ;; + 4) run_module "security" "tail-secure-log.sh" ;; + 0) return ;; + *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; + esac + done +} + +# Security Actions Sub-Menu +show_security_actions_menu() { + show_banner + echo -e "${YELLOW}${BOLD}🔒 Security Actions${NC}" + echo "" + echo -e " ${YELLOW}1)${NC} 🔒 Enable cPHulk Protection - Brute force protection" + echo -e " ${YELLOW}2)${NC} ⚙️ Optimize CT_LIMIT - Connection tracking tuning" + echo -e " ${YELLOW}3)${NC} 🤖 Block Malicious Bots - User-Agent blocking (Apache)" + echo "" + echo -e " ${RED}0)${NC} Back to Security Menu" + echo "" + echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}" + echo -n "Select option: " +} + +handle_security_actions_menu() { + while true; do + show_security_actions_menu + read -r choice + + case $choice in + 1) run_module "security" "enable-cphulk.sh" ;; + 2) run_module "security" "optimize-ct-limit.sh" ;; + 3) run_module "security" "bot-blocker.sh" ;; + 0) return ;; + *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; + esac + done +} + +# System Diagnostics Sub-Menu +show_system_diagnostics_menu() { + show_banner + echo -e "${GREEN}${BOLD}🛠️ System Diagnostics${NC}" + echo "" + echo -e " ${GREEN}1)${NC} 🛡️ Historical Attack Analysis - Scan past logs (ET Open)" + echo "" + echo -e " ${RED}0)${NC} Back to Security Menu" + echo "" + echo -e "${CYAN}──────────────────────────────────────────────────────────────${NC}" + echo -n "Select option: " +} + +handle_system_diagnostics_menu() { + while true; do + show_system_diagnostics_menu + read -r choice + + case $choice in + 1) bash "$BASE_DIR/tools/analyze-historical-attacks.sh" ;; + 0) return ;; + *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; + esac + done +} + +############################################################################# +# MAIN SECURITY MENU +############################################################################# + +show_security_menu() { + show_banner + echo -e "${GREEN}${BOLD}🛡️ Security & Monitoring${NC}" + echo "" + echo -e " ${CYAN}1)${NC} 📊 Threat Analysis → Analyze threats & reputation" + echo -e " ${MAGENTA}2)${NC} 🔴 Live Monitoring → Real-time attack detection" + echo -e " ${BLUE}3)${NC} 📋 Log Viewers → Tail system/security logs" + echo -e " ${YELLOW}4)${NC} 🔒 Security Actions → Hardening & protection" + echo -e " ${GREEN}5)${NC} 🛠️ System Diagnostics → Analyze past attacks" echo "" echo -e " ${RED}0)${NC} Back to Main Menu" echo "" @@ -158,23 +294,11 @@ handle_security_menu() { read -r choice case $choice in - 1) run_module "security" "bot-analyzer.sh" ;; - 2) run_module "security" "bot-analyzer.sh" -H 1 ;; - 3) run_module "security" "ip-reputation-manager.sh" ;; - 4) run_module "security" "malware-scanner.sh" ;; - 5) run_module "security" "live-attack-monitor.sh" ;; - 6) run_module "security" "ssh-attack-monitor.sh" ;; - 7) run_module "security" "web-traffic-monitor.sh" ;; - 8) run_module "security" "firewall-activity-monitor.sh" ;; - 9) run_module "security" "tail-apache-access.sh" ;; - 10) run_module "security" "tail-apache-error.sh" ;; - 11) run_module "security" "tail-mail-log.sh" ;; - 12) run_module "security" "tail-secure-log.sh" ;; - 13) run_module "security" "enable-cphulk.sh" ;; - 14) run_module "security" "optimize-ct-limit.sh" ;; - 15) bash "$BASE_DIR/tools/analyze-historical-attacks.sh" ;; - 16) run_module "security" "bot-blocker.sh" ;; - 17) run_module "security" "suspicious-login-monitor.sh" ;; + 1) handle_threat_analysis_menu ;; + 2) handle_live_monitoring_menu ;; + 3) handle_log_viewers_menu ;; + 4) handle_security_actions_menu ;; + 5) handle_system_diagnostics_menu ;; 0) return ;; *) echo -e "${RED}Invalid option${NC}"; sleep 1 ;; esac