diff --git a/launcher.sh b/launcher.sh index 0cfa08e..a0962ab 100755 --- a/launcher.sh +++ b/launcher.sh @@ -28,6 +28,7 @@ CONFIG_DIR="$BASE_DIR/config" # Load core libraries source "$LIB_DIR/common-functions.sh" || { echo "ERROR: Failed to load common-functions.sh"; return 1; } source "$LIB_DIR/system-detect.sh" || { echo "ERROR: Failed to load system-detect.sh"; return 1; } +source "$LIB_DIR/log-paths.sh" || { echo "ERROR: Failed to load log-paths.sh"; return 1; } source "$LIB_DIR/domain-discovery.sh" || { echo "ERROR: Failed to load domain-discovery.sh"; return 1; } source "$LIB_DIR/user-manager.sh" || { echo "ERROR: Failed to load user-manager.sh"; return 1; } source "$LIB_DIR/reference-db.sh" || { echo "ERROR: Failed to load reference-db.sh"; return 1; } diff --git a/lib/log-paths.sh b/lib/log-paths.sh new file mode 100644 index 0000000..a1d3981 --- /dev/null +++ b/lib/log-paths.sh @@ -0,0 +1,367 @@ +#!/bin/bash + +############################################################################# +# System Log Paths Mapping +# Derives platform-specific log file locations based on detected system info +# Must be sourced AFTER lib/system-detect.sh has set SYS_* variables +############################################################################# + +# Source guard +if [ -n "${_LOG_PATHS_LOADED:-}" ]; then + return 0 +fi +readonly _LOG_PATHS_LOADED=1 + +############################################################################# +# WEB SERVER LOGS +############################################################################# + +derive_web_server_logs() { + # Domain/vhost access logs + case "$SYS_CONTROL_PANEL" in + cpanel) + # cPanel uses centralized domlogs directory + export SYS_LOG_WEB_DOMAIN_ACCESS="/var/log/apache2/domlogs" + export SYS_LOG_WEB_DOMAIN_ERROR="/var/log/apache2/domlogs" + ;; + plesk) + # Plesk version 18.0.50+ has different structure + if [ -d "/var/www/vhosts/system" ]; then + export SYS_LOG_WEB_DOMAIN_ACCESS="/var/www/vhosts/system" + export SYS_LOG_WEB_DOMAIN_ERROR="/var/www/vhosts/system" + else + export SYS_LOG_WEB_DOMAIN_ACCESS="/var/www/vhosts" + export SYS_LOG_WEB_DOMAIN_ERROR="/var/www/vhosts" + fi + ;; + interworx) + # InterWorx stores logs per user/domain + export SYS_LOG_WEB_DOMAIN_ACCESS="/home" + export SYS_LOG_WEB_DOMAIN_ERROR="/home" + ;; + *) + # Standalone - no per-domain logs + export SYS_LOG_WEB_DOMAIN_ACCESS="" + export SYS_LOG_WEB_DOMAIN_ERROR="" + ;; + esac + + # Main web server logs (varies by web server and OS) + case "$SYS_WEB_SERVER" in + apache|httpd) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_WEB_ACCESS="/var/log/apache2/access.log" + export SYS_LOG_WEB_ERROR="/var/log/apache2/error.log" + else + # RHEL, CentOS, AlmaLinux, CloudLinux + export SYS_LOG_WEB_ACCESS="/var/log/httpd/access_log" + export SYS_LOG_WEB_ERROR="/var/log/httpd/error_log" + fi + ;; + nginx) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_WEB_ACCESS="/var/log/nginx/access.log" + export SYS_LOG_WEB_ERROR="/var/log/nginx/error.log" + else + export SYS_LOG_WEB_ACCESS="/var/log/nginx/access.log" + export SYS_LOG_WEB_ERROR="/var/log/nginx/error.log" + fi + ;; + litespeed|openlitespeed) + export SYS_LOG_WEB_ACCESS="/usr/local/lsws/logs/access.log" + export SYS_LOG_WEB_ERROR="/usr/local/lsws/logs/error.log" + ;; + *) + export SYS_LOG_WEB_ACCESS="" + export SYS_LOG_WEB_ERROR="" + ;; + esac +} + +############################################################################# +# AUTHENTICATION LOGS +############################################################################# + +derive_auth_logs() { + case "$SYS_OS_TYPE" in + ubuntu|debian) + export SYS_LOG_AUTH="/var/log/auth.log" + export SYS_LOG_WTMP="/var/log/wtmp" + export SYS_LOG_BTMP="/var/log/btmp" + ;; + *) + # RHEL, CentOS, AlmaLinux, CloudLinux, Rocky Linux + export SYS_LOG_AUTH="/var/log/secure" + export SYS_LOG_WTMP="/var/log/wtmp" + export SYS_LOG_BTMP="/var/log/btmp" + ;; + esac +} + +############################################################################# +# MAIL SYSTEM LOGS +############################################################################# + +derive_mail_logs() { + case "$SYS_MAIL_SYSTEM" in + exim) + # cPanel, InterWorx typically use Exim + export SYS_LOG_MAIL_MAIN="/var/log/exim_mainlog" + export SYS_LOG_MAIL_REJECT="/var/log/exim_rejectlog" + export SYS_LOG_MAIL_PANIC="/var/log/exim_paniclog" + ;; + postfix) + # Plesk default, or standalone Postfix + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_MAIL_MAIN="/var/log/mail.log" + else + # RHEL-based + export SYS_LOG_MAIL_MAIN="/var/log/maillog" + fi + export SYS_LOG_MAIL_REJECT="" + ;; + sendmail) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_MAIL_MAIN="/var/log/mail.log" + else + export SYS_LOG_MAIL_MAIN="/var/log/maillog" + fi + ;; + *) + export SYS_LOG_MAIL_MAIN="" + export SYS_LOG_MAIL_REJECT="" + ;; + esac + + # Mail queue directory (for queue checks) + case "$SYS_MAIL_SYSTEM" in + exim) + export SYS_MAIL_QUEUE_DIR="/var/spool/exim" + ;; + postfix) + export SYS_MAIL_QUEUE_DIR="/var/spool/postfix" + ;; + sendmail) + export SYS_MAIL_QUEUE_DIR="/var/spool/mqueue" + ;; + *) + export SYS_MAIL_QUEUE_DIR="" + ;; + esac +} + +############################################################################# +# FIREWALL LOGS +############################################################################# + +derive_firewall_logs() { + case "$SYS_FIREWALL" in + csf) + export SYS_LOG_FIREWALL="/var/log/lfd.log" + export SYS_LOG_FIREWALL_BLOCK="/var/log/lfd.log" + ;; + firewalld) + # firewalld logs to journal, but may have a log file + if [ -f "/var/log/firewalld" ]; then + export SYS_LOG_FIREWALL="/var/log/firewalld" + else + export SYS_LOG_FIREWALL="/var/log/messages" # Falls back to syslog + fi + ;; + iptables) + # iptables logs to syslog/messages + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_FIREWALL="/var/log/syslog" + else + export SYS_LOG_FIREWALL="/var/log/messages" + fi + ;; + plesk) + export SYS_LOG_FIREWALL="/var/log/swsoft/swsoft.log" + ;; + *) + export SYS_LOG_FIREWALL="" + ;; + esac +} + +############################################################################# +# CONTROL PANEL LOGS +############################################################################# + +derive_control_panel_logs() { + case "$SYS_CONTROL_PANEL" in + cpanel) + export SYS_LOG_PANEL="/usr/local/cpanel/logs" + export SYS_LOG_PANEL_ERROR="/usr/local/cpanel/logs/error_log" + export SYS_LOG_PANEL_ACCESS="/usr/local/cpanel/logs/access_log" + ;; + plesk) + export SYS_LOG_PANEL="/var/log/plesk" + export SYS_LOG_PANEL_ERROR="/var/log/plesk/panel.log" + export SYS_LOG_PANEL_ACCESS="/var/log/plesk/panel.log" + ;; + interworx) + export SYS_LOG_PANEL="/home/interworx/var/log" + export SYS_LOG_PANEL_ERROR="/home/interworx/var/log/iworx.log" + export SYS_LOG_PANEL_ACCESS="/home/interworx/var/log/siteworx.log" + ;; + *) + export SYS_LOG_PANEL="" + export SYS_LOG_PANEL_ERROR="" + export SYS_LOG_PANEL_ACCESS="" + ;; + esac +} + +############################################################################# +# DATABASE LOGS +############################################################################# + +derive_database_logs() { + case "$SYS_DB_TYPE" in + mysql|mariadb) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_DB_ERROR="/var/log/mysql/error.log" + export SYS_LOG_DB_SLOW="/var/log/mysql/slow.log" + else + # RHEL-based + if [ "$SYS_DB_TYPE" = "mariadb" ]; then + export SYS_LOG_DB_ERROR="/var/log/mariadb/mariadb.log" + else + export SYS_LOG_DB_ERROR="/var/log/mysqld.log" + fi + export SYS_LOG_DB_SLOW="/var/log/mysql/slow.log" + fi + ;; + postgresql) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_DB_ERROR="/var/log/postgresql/postgresql.log" + else + export SYS_LOG_DB_ERROR="/var/log/pgsql/postgresql.log" + fi + export SYS_LOG_DB_SLOW="" + ;; + *) + export SYS_LOG_DB_ERROR="" + export SYS_LOG_DB_SLOW="" + ;; + esac +} + +############################################################################# +# SECURITY SCANNER LOGS +############################################################################# + +derive_security_logs() { + # ClamAV + if [ -f "/var/log/clamav/clamscan.log" ]; then + export SYS_LOG_CLAMAV="/var/log/clamav/clamscan.log" + else + export SYS_LOG_CLAMAV="/var/log/clamav.log" + fi + + # Maldet + export SYS_LOG_MALDET="/var/log/maldet.log" + + # Rkhunter + export SYS_LOG_RKHUNTER="/var/log/rkhunter.log" + + # Imunify + if [ -d "/var/log/imunify360" ]; then + export SYS_LOG_IMUNIFY="/var/log/imunify360" + elif [ -d "/var/log/imunifyav" ]; then + export SYS_LOG_IMUNIFY="/var/log/imunifyav" + else + export SYS_LOG_IMUNIFY="/var/log/imunify.log" + fi +} + +############################################################################# +# SYSTEM LOGS +############################################################################# + +derive_system_logs() { + case "$SYS_OS_TYPE" in + ubuntu|debian) + export SYS_LOG_SYSTEM="/var/log/syslog" + export SYS_LOG_MESSAGES="/var/log/syslog" + export SYS_LOG_KERN="/var/log/kern.log" + export SYS_LOG_PKG_MGR="/var/log/apt/history.log" + ;; + *) + # RHEL-based + export SYS_LOG_SYSTEM="/var/log/messages" + export SYS_LOG_MESSAGES="/var/log/messages" + export SYS_LOG_KERN="/var/log/kern.log" + export SYS_LOG_PKG_MGR="/var/log/yum.log" + ;; + esac + + # Audit log (standard across all) + export SYS_LOG_AUDIT="/var/log/audit/audit.log" +} + +############################################################################# +# PHP LOGS +############################################################################# + +derive_php_logs() { + # PHP-FPM error log + if [ -d "/var/log/php-fpm" ]; then + export SYS_LOG_PHP_FPM="/var/log/php-fpm" + else + export SYS_LOG_PHP_FPM="/var/log/php-fpm.log" + fi + + # PHP error log (from ini, but common defaults) + if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then + export SYS_LOG_PHP_ERROR="/usr/local/php/lib/php.log" + else + export SYS_LOG_PHP_ERROR="/var/log/php-errors.log" + fi +} + +############################################################################# +# SERVICE-SPECIFIC LOGS +############################################################################# + +derive_service_logs() { + # FTP + export SYS_LOG_FTP="/var/log/vsftpd.log" + + # DNS + export SYS_LOG_DNS="/var/log/named.log" + + # SSH (same as auth) + case "$SYS_OS_TYPE" in + ubuntu|debian) + export SYS_LOG_SSH="/var/log/auth.log" + ;; + *) + export SYS_LOG_SSH="/var/log/secure" + ;; + esac +} + +############################################################################# +# MAIN DERIVATION FUNCTION +############################################################################# + +derive_all_log_paths() { + derive_web_server_logs + derive_auth_logs + derive_mail_logs + derive_firewall_logs + derive_control_panel_logs + derive_database_logs + derive_security_logs + derive_system_logs + derive_php_logs + derive_service_logs +} + +# Auto-run if sourced with detection complete +if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then + derive_all_log_paths +fi diff --git a/lib/system-detect.sh b/lib/system-detect.sh index 18c8aa9..61ae42b 100755 --- a/lib/system-detect.sh +++ b/lib/system-detect.sh @@ -397,6 +397,43 @@ detect_firewall() { return 1 } +############################################################################# +# MAIL SYSTEM DETECTION +############################################################################# + +detect_mail_system() { + [ -n "$SYS_DETECTION_COMPLETE" ] || print_info "Detecting mail system..." + + # Exim (cPanel default) + if command_exists exim; then + SYS_MAIL_SYSTEM="exim" + SYS_MAIL_SYSTEM_VERSION=$(exim -bV 2>/dev/null | head -1 | grep -oP 'Exim version \K[^ ]+' || echo "unknown") + print_success "Detected Exim ${SYS_MAIL_SYSTEM_VERSION}" + return 0 + fi + + # Postfix + if command_exists postqueue; then + SYS_MAIL_SYSTEM="postfix" + SYS_MAIL_SYSTEM_VERSION=$(postconf mail_version 2>/dev/null | grep -oP '\d+\.\d+\.\d+' | head -1 || echo "unknown") + print_success "Detected Postfix ${SYS_MAIL_SYSTEM_VERSION}" + return 0 + fi + + # Sendmail + if command_exists sendmail; then + SYS_MAIL_SYSTEM="sendmail" + SYS_MAIL_SYSTEM_VERSION=$(sendmail -d0.1 -O QueueDirectory=/tmp 2>&1 | head -1 | grep -oP '\d+\.\d+\.\d+' || echo "unknown") + print_success "Detected Sendmail ${SYS_MAIL_SYSTEM_VERSION}" + return 0 + fi + + SYS_MAIL_SYSTEM="none" + SYS_MAIL_SYSTEM_VERSION="" + print_warning "No mail system detected" + return 1 +} + ############################################################################# # SYSTEM RESOURCES (Comprehensive - like user's example) ############################################################################# @@ -564,10 +601,16 @@ initialize_system_detection() { detect_php_versions detect_cloudflare detect_firewall + detect_mail_system get_system_resources # Mark as initialized export SYS_DETECTION_COMPLETE="yes" + + # Derive platform-specific log paths (requires detect_* functions to have run first) + if command -v derive_all_log_paths &>/dev/null; then + derive_all_log_paths + fi } # Export all functions for use in subshells and sourced scripts @@ -578,6 +621,7 @@ export -f detect_database export -f detect_php_versions export -f detect_cloudflare export -f detect_firewall +export -f detect_mail_system export -f get_system_resources export -f show_system_info export -f initialize_system_detection