cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CRITICAL FIX: Repair broken awk string concatenation in fingerprinting functions

Browse Source 
TWO CRITICAL BUGS FIXED:

1. calculate_bot_fingerprint() - Line 1309:
   BROKEN: printf '...' > tmpdir "/bot_fingerprints.txt"
   FIXED: Created fingerprint_file variable in BEGIN block
   Issue: Awk string concatenation in redirection doesn't work with space

2. analyze_domain_targeting_percentage() - Line 1382:
   BROKEN: awk -F'|' '...' -v tmpdir (wrong flag position)
   FIXED: awk -F'|' -v tmpdir '...' (flags before script)
   Issue: AWK requires -v flags BEFORE the script, not after
   Removed unused domain_file variable assignment

These bugs prevented fingerprinting functions from writing output files,
causing script to fail at 'Calculating threat scores...' phase.
This commit is contained in:
Developer
2026-04-23 22:15:37 -04:00
parent b0873bbf13
commit 55dc21f6e5
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/bot-analyzer.sh
+5 -5
View File
@@ -1219,6 +1219,7 @@ calculate_bot_fingerprint() {
awk -F'|' -v tmpdir="$TEMP_DIR" ' awk -F'|' -v tmpdir="$TEMP_DIR" '
BEGIN { BEGIN {
# Initialize tracking arrays # Initialize tracking arrays
fingerprint_file = tmpdir "/bot_fingerprints.txt"
} }
{ {
ip = $1 ip = $1
@@ -1306,10 +1307,10 @@ calculate_bot_fingerprint() {
# Output fingerprint for high-confidence bots (score >= 60) # Output fingerprint for high-confidence bots (score >= 60)
if (score >= 60) { if (score >= 60) {
printf "%s|%d|%d\n", ip, score, signal_count > tmpdir "/bot_fingerprints.txt" printf "%s|%d|%d\n", ip, score, signal_count > fingerprint_file
} }
} }
close(tmpdir "/bot_fingerprints.txt") close(fingerprint_file)
} }
' < "$TEMP_DIR/parsed_logs.txt" 2>/dev/null || true ' < "$TEMP_DIR/parsed_logs.txt" 2>/dev/null || true
@@ -1356,7 +1357,7 @@ analyze_domain_targeting_percentage() {
# Also create per-domain attack type breakdown # Also create per-domain attack type breakdown
# Format: domain|attack_type|ip|count # Format: domain|attack_type|ip|count
if [ -f "$TEMP_DIR/attack_vectors_raw.txt" ]; then if [ -f "$TEMP_DIR/attack_vectors_raw.txt" ]; then
awk -F'|' ' awk -F'|' -v tmpdir="$TEMP_DIR" '
{ {
ip = $1 ip = $1
domain = $2 domain = $2
@@ -1368,7 +1369,6 @@ analyze_domain_targeting_percentage() {
} }
END { END {
for (domain in attack_data) { for (domain in attack_data) {
domain_file = tmpdir "/domain_attacks_" domain ".txt"
for (attack_type in attack_data[domain]) { for (attack_type in attack_data[domain]) {
total = attack_totals[domain][attack_type] total = attack_totals[domain][attack_type]
for (ip in attack_data[domain][attack_type]) { for (ip in attack_data[domain][attack_type]) {
@@ -1378,7 +1378,7 @@ analyze_domain_targeting_percentage() {
} }
} }
} }
' -v tmpdir="$TEMP_DIR" < "$TEMP_DIR/attack_vectors_raw.txt" ' < "$TEMP_DIR/attack_vectors_raw.txt"
fi fi
print_success "Domain attack pattern analysis complete" print_success "Domain attack pattern analysis complete"