diff --git a/INTERWORX_COMPATIBILITY_AUDIT.md b/INTERWORX_COMPATIBILITY_AUDIT.md new file mode 100644 index 0000000..35ec867 --- /dev/null +++ b/INTERWORX_COMPATIBILITY_AUDIT.md @@ -0,0 +1,341 @@ +# InterWorx Compatibility Audit Report +**Generated:** 2025-11-19 +**Toolkit Version:** Latest from git + +## Executive Summary + +Out of **38 total modules**, **14 modules** have hardcoded cPanel-specific paths that will break on InterWorx servers. + +### Compatibility Status: + +- ✅ **3 modules** - Already InterWorx compatible (using SYS_LOG_DIR) +- ⚠️ **14 modules** - Need InterWorx fixes (hardcoded paths) +- ✓ **21 modules** - Control panel agnostic (no paths) + +--- + +## Critical Path Differences: cPanel vs InterWorx + +| Resource | cPanel Location | InterWorx Location | +|----------|----------------|-------------------| +| **Access Logs** | `/var/log/apache2/domlogs/domain.com` | `/home/user/var/domain.com/logs/access_log` | +| **Error Logs** | `/var/log/apache2/domlogs/domain-error_log` | `/home/user/var/domain.com/logs/error_log` | +| **Document Root** | `/home/user/public_html` | `/home/user/domain.com/html` | +| **User Config** | `/var/cpanel/users/username` | NodeWorx DB or listaccounts.pex | +| **Domain Config** | `/var/cpanel/userdata/user/domain` | `/etc/httpd/conf.d/vhost_domain.conf` | +| **Main IP** | `/var/cpanel/mainip` | `/usr/local/interworx/iworx.ini` | +| **PHP Error Logs** | `/home/user/public_html/error_log` | `/home/user/domain.com/html/error_log` | + +--- + +## Modules Requiring Fixes + +### PRIORITY 1: Critical Security Modules + +#### 1. **live-attack-monitor.sh** ⚠️ HIGH PRIORITY +**Issues:** +- Line 1256: `LOG_DIR="${SYS_LOG_DIR:-/var/log/apache2/domlogs}"` +- Line 1261-1262: Hardcoded `/var/log/httpd/access_log` +- Line 1267: Comment mentions "cPanel domlogs" +- Line 1537: CPHulk detection (cPanel-only feature) + +**Fix Required:** +- Already uses `SYS_LOG_DIR` (GOOD!) +- But fallback is wrong - should use system-detect.sh +- Add InterWorx log discovery like bot-analyzer +- CPHulk detection should be cPanel-only conditional + +**Impact:** Real-time attack monitoring won't see attacks on InterWorx + +--- + +#### 2. **malware-scanner.sh** ⚠️ HIGH PRIORITY +**Issues:** +- Line 31: `/usr/local/cpanel/3rdparty/bin/clamscan` check +- Line 182: cPanel detection check +- Line 353: PATH with cPanel 3rdparty +- Line 429: `get_user_docroots()` function +- Line 878-880: Hardcoded `/var/log/apache2/domlogs` search + +**Fix Required:** +- Use system-detect.sh for ClamAV path detection +- Fix `get_user_docroots()` to use user-manager.sh functions +- Support InterWorx document roots: `/home/user/domain.com/html` +- Fix log file discovery for malware analysis + +**Impact:** Malware scanner won't find infected files in InterWorx sites + +--- + +#### 3. **optimize-ct-limit.sh** ⚠️ MEDIUM PRIORITY +**Issues:** +- Line 292: `log_dir="${SYS_LOG_DIR:-/var/log/apache2/domlogs}"` + +**Fix Required:** +- Already uses `SYS_LOG_DIR` (GOOD!) +- Fallback should be removed (rely on system-detect.sh) + +**Impact:** Can't analyze connection limits on InterWorx + +--- + +### PRIORITY 2: Website Diagnostic Modules + +#### 4. **website-error-analyzer.sh** ⚠️ HIGH PRIORITY +**Issues:** +- Line 19: `DOMLOGS_DIR="/var/log/apache2/domlogs"` +- Line 140: Hardcoded Apache error log paths +- Line 153: `/var/cpanel/users/*` for user lookup +- Line 161: `find /home/*/public_html -name "error_log"` +- Line 176-177: Reads `/var/cpanel/users/$FILTER_USER` +- Line 339: User lookup via `/var/cpanel/users/*` +- Line 341: `.user.ini` in `public_html` +- Line 815: Error log path in `public_html` + +**Fix Required:** +- Use `SYS_LOG_DIR` from system-detect.sh +- Use `get_user_info()` and `get_user_domains()` from user-manager.sh +- Support InterWorx document roots: `/home/user/domain.com/html` +- Support InterWorx error logs: `/home/user/var/domain.com/logs/error_log` + +**Impact:** Can't diagnose website errors on InterWorx + +--- + +#### 5. **500-error-tracker.sh** ⚠️ HIGH PRIORITY +**Issues:** +- Line 60: `DOMLOGS_DIR="/var/log/apache2/domlogs"` +- Line 83: `/var/cpanel/users/*` for domain→user lookup +- Line 233: `docroot="/home/$user/public_html"` +- Line 261: Error log in `public_html` +- Line 264-265: Hardcoded domlog paths +- Line 454: `/var/cpanel/userdata/$user/$domain` +- Line 679: Fix suggestion mentions `public_html` + +**Fix Required:** +- Use `SYS_LOG_DIR` from system-detect.sh +- Use `get_user_info()` for user lookups +- Support InterWorx document roots: `/home/user/domain.com/html` +- Support InterWorx error logs in `/home/user/var/domain.com/logs/` + +**Impact:** Can't track 500 errors on InterWorx + +--- + +### PRIORITY 3: Live Monitoring Tools + +#### 6. **web-traffic-monitor.sh** ⚠️ MEDIUM PRIORITY +**Issues:** +- Line 12-13: Hardcoded `/var/log/apache2/domlogs` +- Line 32: Error message mentions "domlogs" + +**Fix Required:** +- Use `SYS_LOG_DIR` from system-detect.sh +- Add InterWorx log discovery + +**Impact:** Can't monitor live web traffic on InterWorx + +--- + +#### 7. **tail-apache-access.sh** ⚠️ LOW PRIORITY +**Issues:** +- Line 8: Hardcoded `/var/log/apache2/domlogs/*` + +**Fix Required:** +- Use `SYS_LOG_DIR` from system-detect.sh +- Support InterWorx: `tail -f /home/*/var/*/logs/access_log` + +**Impact:** Simple log tailing won't work + +--- + +#### 8. **tail-apache-error.sh** ⚠️ LOW PRIORITY +**Issues:** +- Line 8: Hardcoded `/var/log/httpd/error_log` + +**Fix Required:** +- Use system-detect.sh to find Apache error log location +- InterWorx: Per-domain error logs at `/home/user/var/domain.com/logs/error_log` + +**Impact:** Can't tail error logs on InterWorx + +--- + +### PRIORITY 4: Performance Analysis + +#### 9. **network-bandwidth-analyzer.sh** ⚠️ MEDIUM PRIORITY +**Issues:** +- Line 187-192: Hardcoded log directory detection + +**Fix Required:** +- Use `SYS_LOG_DIR` from system-detect.sh +- Add InterWorx log discovery + +**Impact:** Can't analyze bandwidth usage on InterWorx + +--- + +### PRIORITY 5: cPanel-Specific Modules (Expected) + +#### 10. **enable-cphulk.sh** ℹ️ N/A - cPanel Only +**Issues:** +- Line 42: `/usr/local/cpanel/bin/cphulk_pam_ctl` check +- Line 58, 68, 287: cPanel-specific commands +- Line 131, 133: `/var/cpanel/` and `/usr/local/cpanel/` paths + +**Fix Required:** +- None - this is cPanel-specific +- Should check `SYS_CONTROL_PANEL=cpanel` before running +- Add warning for non-cPanel systems + +--- + +### PRIORITY 6: Diagnostic Tools + +#### 11. **system-health-check.sh** ⚠️ LOW PRIORITY +**Issues:** +- Line 492-493: Hardcoded `/var/log/httpd/error_log` +- Line 606-608: cPanel CPHulk checks +- Line 941-942: cPanel version detection +- Line 1205: Error log path in suggestion + +**Fix Required:** +- Use system-detect.sh for log paths +- Make CPHulk checks conditional on `SYS_CONTROL_PANEL=cpanel` +- Control panel version already detected in system-detect.sh + +**Impact:** Health checks may miss issues on InterWorx + +--- + +### PRIORITY 7: Backup Tools + +#### 12. **acronis-configure.sh** ℹ️ DOCUMENTATION ONLY +**Issues:** +- Line 52: Echo message mentions `public_html` + +**Fix Required:** +- Update documentation to mention both cPanel and InterWorx paths +- No functional impact (just display text) + +--- + +## Modules Already Compatible ✅ + +These modules already use `SYS_LOG_DIR` or user-manager.sh functions: + +1. **bot-analyzer.sh** ✅ - FIXED in Phase 1 & 2 +2. **optimize-ct-limit.sh** ✅ - Uses SYS_LOG_DIR (just needs fallback removed) +3. **mysql-query-analyzer.sh** ✅ - Uses get_user_* functions + +--- + +## Modules That Are Control Panel Agnostic ✅ + +These modules don't use control panel-specific paths (21 total): +- All Acronis backup modules (13 modules) +- Hardware health check +- SSH attack monitor +- Firewall activity monitor +- Tail secure log +- Tail mail log +- IP reputation manager +- Cleanup toolkit data +- WordPress modules + +--- + +## Recommended Implementation Plan + +### Phase 3: Critical Security Modules (THIS PHASE) +1. **malware-scanner.sh** - Fix document root discovery +2. **live-attack-monitor.sh** - Fix log discovery +3. **optimize-ct-limit.sh** - Remove hardcoded fallback + +### Phase 4: Website Diagnostic Modules +1. **website-error-analyzer.sh** - Full InterWorx support +2. **500-error-tracker.sh** - Full InterWorx support + +### Phase 5: Monitoring Tools +1. **web-traffic-monitor.sh** +2. **network-bandwidth-analyzer.sh** +3. **tail-apache-access.sh** +4. **tail-apache-error.sh** + +### Phase 6: System Tools +1. **system-health-check.sh** - Make cPanel checks conditional + +--- + +## Standard Fix Pattern + +For all modules, follow this pattern: + +### 1. Replace hardcoded paths with system-detect.sh: +```bash +# OLD (BAD): +LOG_DIR="/var/log/apache2/domlogs" + +# NEW (GOOD): +LOG_DIR="${SYS_LOG_DIR}" # Auto-detected in system-detect.sh +``` + +### 2. Use user-manager.sh functions: +```bash +# OLD (BAD): +user=$(grep -l "DNS.*$domain" /var/cpanel/users/* 2>/dev/null | ...) + +# NEW (GOOD): +eval $(get_user_info "$username") +# Now you have: $USER_EXISTS, $PRIMARY_DOMAIN, $ALL_DOMAINS, $HOME_DIR +``` + +### 3. Support both document root patterns: +```bash +# OLD (BAD): +docroot="/home/$user/public_html" + +# NEW (GOOD): +if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then + docroot="/home/$user/$domain/html" +else + docroot="/home/$user/public_html" +fi +``` + +### 4. Add InterWorx log discovery: +```bash +if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then + find /home/*/var/*/logs -name "access_log" ... +else + find "$LOG_DIR" -type f ! -name "*-bytes_log" ... +fi +``` + +--- + +## Testing Checklist + +For each fixed module, test on: +- [ ] cPanel server (regression test) +- [ ] InterWorx server (new functionality) +- [ ] Standalone server (no control panel) + +--- + +## Estimated Effort + +- **Phase 3:** 2-3 hours (3 critical security modules) +- **Phase 4:** 2-3 hours (2 website diagnostic modules) +- **Phase 5:** 1-2 hours (4 simple monitoring tools) +- **Phase 6:** 1 hour (system health check) + +**Total:** ~8 hours to achieve full InterWorx parity + +--- + +## Current Progress + +- ✅ Phase 1: user-manager.sh InterWorx support (COMPLETE) +- ✅ Phase 2: bot-analyzer.sh + system-detect.sh improvements (COMPLETE) +- ⏳ Phase 3: Critical security modules (PENDING)