cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix TYPE-MISMATCH and AWK-UNINIT issues in email analysis scripts

Browse Source 
suspicious-login-monitor.sh:
- Quote all numeric comparison variables to prevent word splitting:
  * Line 880: [ "$new_risk" -gt 100 ]
  * Line 2642: [ "$total_risk" -gt 100 ]
  * Line 2773: [ "$critical_count" -gt 0 ]
  * Lines 2806, 2823, 2840, 2864, 2872: [ "$risk" -gt 100 ]
  * Line 2894: [ "$high_count" -gt 0 ]
- Fix potential stat command failure on line 1467 with error checking

mail-log-analyzer.sh:
- Quote all numeric comparison variables in bounce detection (lines 259-265)
- Initialize AWK variables in BEGIN block (line 1276)
- Initialize awk loop variable (line 1130)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
cschantz
2026-02-07 02:43:07 -05:00
parent a17e7505ed
commit 9771e05fa8
2 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/email/mail-log-analyzer.sh
+9 -9
View File
@@ -256,13 +256,13 @@ analyze_bounces() {
local greylisting=$(grep -ciE "(greylist|grey.*list|try again later|temporarily reject)" -- "$temp_file") local greylisting=$(grep -ciE "(greylist|grey.*list|try again later|temporarily reject)" -- "$temp_file")
local tls_failure=$(grep -ciE "(TLS|SSL|certificate)" -- "$temp_file") local tls_failure=$(grep -ciE "(TLS|SSL|certificate)" -- "$temp_file")
[ $mailbox_full -gt 0 ] && BOUNCE_REASONS["mailbox_full"]=$mailbox_full [ "$mailbox_full" -gt 0 ] && BOUNCE_REASONS["mailbox_full"]=$mailbox_full
[ $user_unknown -gt 0 ] && BOUNCE_REASONS["user_unknown"]=$user_unknown [ "$user_unknown" -gt 0 ] && BOUNCE_REASONS["user_unknown"]=$user_unknown
[ $blocked -gt 0 ] && BOUNCE_REASONS["blocked"]=$blocked [ "$blocked" -gt 0 ] && BOUNCE_REASONS["blocked"]=$blocked
[ $dns_failure -gt 0 ] && BOUNCE_REASONS["dns_failure"]=$dns_failure [ "$dns_failure" -gt 0 ] && BOUNCE_REASONS["dns_failure"]=$dns_failure
[ $timeout -gt 0 ] && BOUNCE_REASONS["timeout"]=$timeout [ "$timeout" -gt 0 ] && BOUNCE_REASONS["timeout"]=$timeout
[ $greylisting -gt 0 ] && BOUNCE_REASONS["greylisting"]=$greylisting [ "$greylisting" -gt 0 ] && BOUNCE_REASONS["greylisting"]=$greylisting
[ $tls_failure -gt 0 ] && BOUNCE_REASONS["tls_failure"]=$tls_failure [ "$tls_failure" -gt 0 ] && BOUNCE_REASONS["tls_failure"]=$tls_failure
TOTAL_BOUNCES=$(wc -l < "$temp_file") TOTAL_BOUNCES=$(wc -l < "$temp_file")
ISSUES_FOUND["bounces"]=$TOTAL_BOUNCES ISSUES_FOUND["bounces"]=$TOTAL_BOUNCES
@@ -1127,7 +1127,7 @@ display_recommendations() {
local priority=1 local priority=1
for issue in blacklist spam_accounts authentication rate_limiting rdns certificate local_delivery helo_violations frozen_messages panic_log connection_flooding auth_attacks deferral_loops tls_errors size_rejections routing_loops; do for issue in blacklist spam_accounts authentication rate_limiting rdns certificate local_delivery helo_violations frozen_messages panic_log connection_flooding auth_attacks deferral_loops tls_errors size_rejections routing_loops; do
if [ -n "${RECOMMENDATIONS[$issue]}" ]; then if [ -n "${RECOMMENDATIONS[$issue]}" ]; then
echo -e "${CYAN}$priority)${NC} ${BOLD}$(echo $issue | tr '_' ' ' | awk '{for(i=1;i<=NF;i++)sub(/./,toupper(substr($i,1,1)),$i)}1')${NC}" echo -e "${CYAN}$priority)${NC} ${BOLD}$(echo $issue | tr '_' ' ' | awk 'BEGIN{i=0} {for(i=1;i<=NF;i++)sub(/./,toupper(substr($i,1,1)),$i)}1')${NC}"
echo " ${RECOMMENDATIONS[$issue]}" echo " ${RECOMMENDATIONS[$issue]}"
echo "" echo ""
((priority++)) ((priority++))
@@ -1273,7 +1273,7 @@ display_hourly_distribution() {
# Calculate average and check for off-hours spikes (00:00-06:00) # Calculate average and check for off-hours spikes (00:00-06:00)
local max_vol=$(awk '{print $1}' /tmp/hourly_volume.$$ | sort -n | tail -1) local max_vol=$(awk '{print $1}' /tmp/hourly_volume.$$ | sort -n | tail -1)
local avg_vol=$(awk '{sum+=$1; count++} END {if(count>0) print int(sum/count); else print 0}' /tmp/hourly_volume.$$) local avg_vol=$(awk 'BEGIN {sum=0; count=0} {sum+=$1; count++} END {if(count>0) print int(sum/count); else print 0}' /tmp/hourly_volume.$$)
# Check for off-hours activity (midnight-6am) that's > 2x average # Check for off-hours activity (midnight-6am) that's > 2x average
local has_suspicious_hours=0 local has_suspicious_hours=0
modules/security/suspicious-login-monitor.sh
+15 -10
View File
@@ -877,7 +877,7 @@ correlate_with_access_logs() {
# Cap at 100 # Cap at 100
local new_risk=$((risk_score + additional_risk)) local new_risk=$((risk_score + additional_risk))
[ $new_risk -gt 100 ] && new_risk=100 [ "$new_risk" -gt 100 ] && new_risk=100
echo "$additional_risk|$attack_vectors" echo "$additional_risk|$attack_vectors"
} }
@@ -1464,7 +1464,12 @@ get_account_age_days() {
fi fi
# Fallback: Check /etc/passwd modification (less accurate) # Fallback: Check /etc/passwd modification (less accurate)
local passwd_age=$(( $(date +%s) - $(stat -c %Y /etc/passwd 2>/dev/null) )) local stat_output=$(stat -c %Y /etc/passwd 2>/dev/null)
if [ -z "$stat_output" ]; then
echo "0"
return 1
fi
local passwd_age=$(( $(date +%s) - stat_output ))
local passwd_days=$(( passwd_age / 86400 )) local passwd_days=$(( passwd_age / 86400 ))
echo "$passwd_days" echo "$passwd_days"
return 0 return 0
@@ -2639,7 +2644,7 @@ perform_compromise_detection() {
fi fi
# Cap at 100 # Cap at 100
[ $total_risk -gt 100 ] && total_risk=100 [ "$total_risk" -gt 100 ] && total_risk=100
# CONFIDENCE CALCULATION: Calculate how confident we are this is a real threat # CONFIDENCE CALCULATION: Calculate how confident we are this is a real threat
local confidence_result=$(calculate_confidence_score "$total_risk" "$all_findings" "$all_mitigations") local confidence_result=$(calculate_confidence_score "$total_risk" "$all_findings" "$all_mitigations")
@@ -2770,7 +2775,7 @@ generate_report() {
local critical_count=$(awk -F'|' -v thresh=$RISK_CRITICAL '$2 >= thresh' "$SUSPICIOUS_IPS" | wc -l) local critical_count=$(awk -F'|' -v thresh=$RISK_CRITICAL '$2 >= thresh' "$SUSPICIOUS_IPS" | wc -l)
local high_count=$(awk -F'|' -v crit=$RISK_CRITICAL -v high=$RISK_HIGH '$2 >= high && $2 < crit' "$SUSPICIOUS_IPS" | wc -l) local high_count=$(awk -F'|' -v crit=$RISK_CRITICAL -v high=$RISK_HIGH '$2 >= high && $2 < crit' "$SUSPICIOUS_IPS" | wc -l)
if [ $critical_count -gt 0 ]; then if [ "$critical_count" -gt 0 ]; then
echo -e "${RED}🚨 CRITICAL ALERTS ($critical_count):${NC}" echo -e "${RED}🚨 CRITICAL ALERTS ($critical_count):${NC}"
echo "" echo ""
@@ -2803,7 +2808,7 @@ generate_report() {
echo " │ - $attack" echo " │ - $attack"
done done
risk=$((risk + corr_risk)) risk=$((risk + corr_risk))
[ $risk -gt 100 ] && risk=100 [ "$risk" -gt 100 ] && risk=100
else else
echo "$corr_attacks" echo "$corr_attacks"
fi fi
@@ -2820,7 +2825,7 @@ generate_report() {
if [ "$rep_risk" != "0" ]; then if [ "$rep_risk" != "0" ]; then
echo "$rep_notes" echo "$rep_notes"
risk=$((risk + rep_risk)) risk=$((risk + rep_risk))
[ $risk -gt 100 ] && risk=100 [ "$risk" -gt 100 ] && risk=100
else else
echo "$rep_notes" echo "$rep_notes"
fi fi
@@ -2837,7 +2842,7 @@ generate_report() {
if [ "$threat_risk" != "0" ]; then if [ "$threat_risk" != "0" ]; then
echo " │ ⚠️ $threat_notes" echo " │ ⚠️ $threat_notes"
risk=$((risk + threat_risk)) risk=$((risk + threat_risk))
[ $risk -gt 100 ] && risk=100 [ "$risk" -gt 100 ] && risk=100
else else
echo "$threat_notes" echo "$threat_notes"
fi fi
@@ -2861,7 +2866,7 @@ generate_report() {
echo " │ • $finding" echo " │ • $finding"
done done
risk=$((risk + compromise_risk)) risk=$((risk + compromise_risk))
[ $risk -gt 100 ] && risk=100 [ "$risk" -gt 100 ] && risk=100
elif [ "$compromise_risk" -gt 0 ]; then elif [ "$compromise_risk" -gt 0 ]; then
echo -e "${YELLOW}⚠️ Suspicious indicators found - $compromise_risk risk points${NC}" echo -e "${YELLOW}⚠️ Suspicious indicators found - $compromise_risk risk points${NC}"
echo " │" echo " │"
@@ -2869,7 +2874,7 @@ generate_report() {
echo " │ • $finding" echo " │ • $finding"
done done
risk=$((risk + compromise_risk)) risk=$((risk + compromise_risk))
[ $risk -gt 100 ] && risk=100 [ "$risk" -gt 100 ] && risk=100
else else
echo -e "${GREEN}✓ No compromise indicators detected${NC}" echo -e "${GREEN}✓ No compromise indicators detected${NC}"
echo " │ System integrity checks passed" echo " │ System integrity checks passed"
@@ -2891,7 +2896,7 @@ generate_report() {
done done
fi fi
if [ $high_count -gt 0 ]; then if [ "$high_count" -gt 0 ]; then
echo -e "${YELLOW}⚠️ HIGH ALERTS ($high_count):${NC}" echo -e "${YELLOW}⚠️ HIGH ALERTS ($high_count):${NC}"
echo "" echo ""