cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix TYPE-MISMATCH and AWK-UNINIT issues in email analysis scripts

Browse Source 
suspicious-login-monitor.sh:
- Quote all numeric comparison variables to prevent word splitting:
  * Line 880: [ "$new_risk" -gt 100 ]
  * Line 2642: [ "$total_risk" -gt 100 ]
  * Line 2773: [ "$critical_count" -gt 0 ]
  * Lines 2806, 2823, 2840, 2864, 2872: [ "$risk" -gt 100 ]
  * Line 2894: [ "$high_count" -gt 0 ]
- Fix potential stat command failure on line 1467 with error checking

mail-log-analyzer.sh:
- Quote all numeric comparison variables in bounce detection (lines 259-265)
- Initialize AWK variables in BEGIN block (line 1276)
- Initialize awk loop variable (line 1130)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
cschantz
2026-02-07 02:43:07 -05:00
parent a17e7505ed
commit 9771e05fa8
2 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/suspicious-login-monitor.sh
+15 -10
View File
@@ -877,7 +877,7 @@ correlate_with_access_logs() {
# Cap at 100
local new_risk=$((risk_score + additional_risk))
[ $new_risk -gt 100 ] && new_risk=100
[ "$new_risk" -gt 100 ] && new_risk=100
echo "$additional_risk|$attack_vectors"
}
@@ -1464,7 +1464,12 @@ get_account_age_days() {
fi
# Fallback: Check /etc/passwd modification (less accurate)
local passwd_age=$(( $(date +%s) - $(stat -c %Y /etc/passwd 2>/dev/null) ))
local stat_output=$(stat -c %Y /etc/passwd 2>/dev/null)
if [ -z "$stat_output" ]; then
echo "0"
return 1
fi
local passwd_age=$(( $(date +%s) - stat_output ))
local passwd_days=$(( passwd_age / 86400 ))
echo "$passwd_days"
return 0
@@ -2639,7 +2644,7 @@ perform_compromise_detection() {
fi
# Cap at 100
[ $total_risk -gt 100 ] && total_risk=100
[ "$total_risk" -gt 100 ] && total_risk=100
# CONFIDENCE CALCULATION: Calculate how confident we are this is a real threat
local confidence_result=$(calculate_confidence_score "$total_risk" "$all_findings" "$all_mitigations")
@@ -2770,7 +2775,7 @@ generate_report() {
local critical_count=$(awk -F'|' -v thresh=$RISK_CRITICAL '$2 >= thresh' "$SUSPICIOUS_IPS" | wc -l)
local high_count=$(awk -F'|' -v crit=$RISK_CRITICAL -v high=$RISK_HIGH '$2 >= high && $2 < crit' "$SUSPICIOUS_IPS" | wc -l)
if [ $critical_count -gt 0 ]; then
if [ "$critical_count" -gt 0 ]; then
echo -e "${RED}🚨 CRITICAL ALERTS ($critical_count):${NC}"
echo ""
@@ -2803,7 +2808,7 @@ generate_report() {
echo " │ - $attack"
done
risk=$((risk + corr_risk))
[ $risk -gt 100 ] && risk=100
[ "$risk" -gt 100 ] && risk=100
else
echo "$corr_attacks"
fi
@@ -2820,7 +2825,7 @@ generate_report() {
if [ "$rep_risk" != "0" ]; then
echo "$rep_notes"
risk=$((risk + rep_risk))
[ $risk -gt 100 ] && risk=100
[ "$risk" -gt 100 ] && risk=100
else
echo "$rep_notes"
fi
@@ -2837,7 +2842,7 @@ generate_report() {
if [ "$threat_risk" != "0" ]; then
echo " │ ⚠️ $threat_notes"
risk=$((risk + threat_risk))
[ $risk -gt 100 ] && risk=100
[ "$risk" -gt 100 ] && risk=100
else
echo "$threat_notes"
fi
@@ -2861,7 +2866,7 @@ generate_report() {
echo " │ • $finding"
done
risk=$((risk + compromise_risk))
[ $risk -gt 100 ] && risk=100
[ "$risk" -gt 100 ] && risk=100
elif [ "$compromise_risk" -gt 0 ]; then
echo -e "${YELLOW}⚠️ Suspicious indicators found - $compromise_risk risk points${NC}"
echo " │"
@@ -2869,7 +2874,7 @@ generate_report() {
echo " │ • $finding"
done
risk=$((risk + compromise_risk))
[ $risk -gt 100 ] && risk=100
[ "$risk" -gt 100 ] && risk=100
else
echo -e "${GREEN}✓ No compromise indicators detected${NC}"
echo " │ System integrity checks passed"
@@ -2891,7 +2896,7 @@ generate_report() {
done
fi
if [ $high_count -gt 0 ]; then
if [ "$high_count" -gt 0 ]; then
echo -e "${YELLOW}⚠️ HIGH ALERTS ($high_count):${NC}"
echo ""