cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix critical docroot parsing bug in malware scanner

Browse Source 
The docroot extraction from /etc/userdatadomains was completely broken,
causing scans to target invalid paths like "main" instead of actual
document roots like /home/user/public_html.

Problem:
- Used `cut -d= -f5` which treats EVERY = as delimiter
- File format uses == as delimiter: user==owner==main==domain==docroot==...
- This caused field 5 to be "main" instead of the docroot path
- Result: Scanners scanned zero files and completed in seconds

Solution:
- Use `awk -F'==' '{print $5}'` to properly parse == delimited fields
- Extract field after colon, then split by ==
- Added -d check to ensure docroot exists before adding
- Fixed both detect_control_panel() and get_user_docroots()

Impact:
- Malware scans now actually scan real document roots
- Full server scans will take appropriate time (not 10 seconds!)
- Users will see actual file counts and scan progress
This commit is contained in:
cschantz
2025-11-11 21:32:11 -05:00
parent c566bbc592
commit 819d834758
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+10 -6
View File
@@ -288,9 +288,12 @@ detect_control_panel() {
CONTROL_PANEL="cpanel"
export PATH=/usr/local/cpanel/3rdparty/bin/:$PATH
while IFS= read -r docroot; do
[ -n "$docroot" ] && docroot_array+=("$docroot")
done < <(cut -d= -f5 /etc/userdatadomains | sed 's/==/=/g' | sort -u)
while IFS= read -r line; do
# Format: domain: user==owner==main==domain==docroot==...
# Extract docroot (field 5, 0-indexed field 4)
docroot=$(echo "$line" | awk -F'==' '{print $5}')
[ -n "$docroot" ] && [ -d "$docroot" ] && docroot_array+=("$docroot")
done < <(cut -d: -f2- /etc/userdatadomains | sort -u)
# Detect Plesk
elif [ -f "/usr/local/psa/version" ]; then
@@ -364,9 +367,10 @@ get_user_docroots() {
local user_docroots=()
if [ "$CONTROL_PANEL" = "cpanel" ]; then
while IFS= read -r docroot; do
[ -n "$docroot" ] && user_docroots+=("$docroot")
done < <(grep "^${username}:" /etc/userdatadomains | cut -d= -f5 | sed 's/==/=/g' | sort -u)
while IFS= read -r line; do
docroot=$(echo "$line" | awk -F'==' '{print $5}')
[ -n "$docroot" ] && [ -d "$docroot" ] && user_docroots+=("$docroot")
done < <(grep ":.*${username}==" /etc/userdatadomains | cut -d: -f2- | sort -u)
else
echo -e "${RED}User-specific scanning only supported on cPanel${NC}"
return 1