PHASE 2: InterWorx bot-analyzer support + firewall detection

BOT-ANALYZER INTERWORX SUPPORT:
This is the CRITICAL missing piece for InterWorx servers!

1. Log File Discovery (bot-analyzer.sh:1769-1830)
   - InterWorx stores logs at /home/user/var/domain.com/logs/access_log
   - NOT in centralized /var/log/apache2/domlogs like cPanel
   - Added special detection when SYS_CONTROL_PANEL=interworx
   - Searches for all access_log files across all domains

2. Parse Logs Function (bot-analyzer.sh:281-338)
   - Added INTERWORX_MODE flag for special handling
   - InterWorx: extract domain from path (/home/*/var/DOMAIN/logs/)
   - cPanel: extract domain from filename (domain.com or domain.com-ssl_log)
   - Unified log parsing with control panel-specific domain extraction

SYSTEM-DETECT.SH IMPROVEMENTS:

3. Fixed InterWorx Log Directory (system-detect.sh:70-73)
   - Old: SYS_LOG_DIR="/home" (WRONG - too generic!)
   - New: SYS_LOG_DIR="/home/*/var/*/logs" (marker path)
   - Tools recognize this pattern and apply special handling

4. Added Firewall Detection (system-detect.sh:268-337)
   - Detects: CSF/LFD, firewalld, iptables, UFW
   - Exports: SYS_FIREWALL, SYS_FIREWALL_VERSION, SYS_FIREWALL_ACTIVE
   - Special export: SYS_CSF_ACTIVE (for CSF-specific tools)
   - Integrated into initialize_system_detection()

IMPACT:
- bot-analyzer now works on InterWorx servers!
- Discovers per-domain logs correctly
- User filtering (-u flag) works with InterWorx
- Firewall detection enables future automation features

TESTING:
- All syntax validated with bash -n
- Ready for testing on actual InterWorx server

modules/security/bot-analyzer.sh

@@ -279,7 +279,11 @@ print_success() {
 #############################################################################
 
 parse_logs() {
-    print_info "Parsing logs from: $LOG_DIR"
+    if [ "$INTERWORX_MODE" = "yes" ]; then
+        print_info "Parsing InterWorx domain logs from: /home/*/var/*/logs/"
+    else
+        print_info "Parsing logs from: $LOG_DIR"
+    fi
 
     local find_opts=()
 
@@ -293,16 +297,38 @@ parse_logs() {
         print_info "Filtering logs from last $DAYS_BACK days"
     fi
 
-    # Parse all domain logs (excluding -bytes_log, .offset, and error_log files)
-    # cPanel creates files like: domain.com, domain.com-ssl_log
+    # Determine log file search pattern based on control panel
+    local log_search_path
+    local log_search_name
+    if [ "$INTERWORX_MODE" = "yes" ]; then
+        # InterWorx: /home/user/var/domain.com/logs/access_log
+        log_search_path="/home/*/var/*/logs"
+        log_search_name="access_log"
+    else
+        # cPanel/Plesk: /var/log/apache2/domlogs/domain.com
+        log_search_path="$LOG_DIR"
+        log_search_name="*"
+    fi
+
+    # Parse all domain logs
     local file_count=0
     local progress_interval=50
     echo ""
-    find "$LOG_DIR" -type f ! -name "*-bytes_log" ! -name "*.offset" ! -name "*error_log" "${find_opts[@]}" 2>/dev/null | while read -r logfile; do
+    find "$log_search_path" -type f -name "$log_search_name" ! -name "*-bytes_log" ! -name "*.offset" ! -name "*error_log" "${find_opts[@]}" 2>/dev/null | while read -r logfile; do
         # Skip empty files
         [ -s "$logfile" ] || continue
 
-        domain=$(basename "$logfile" | sed 's/-ssl_log$//')
+        # Extract domain name based on control panel
+        if [ "$INTERWORX_MODE" = "yes" ]; then
+            # InterWorx: extract from path /home/user/var/domain.com/logs/access_log
+            domain=$(echo "$logfile" | sed -n 's|^/home/.*/var/\([^/]*\)/logs/.*|\1|p')
+        else
+            # cPanel: extract from filename
+            domain=$(basename "$logfile" | sed 's/-ssl_log$//')
+        fi
+
+        # Skip if domain extraction failed
+        [ -z "$domain" ] && continue
 
         # User filtering: skip domains not belonging to the specified user
         if [ -n "$FILTER_USER" ]; then
@@ -1766,20 +1792,67 @@ main() {
     echo ""
     print_header "Starting Apache/cPanel Bot Analysis"
 
-    # Check if log directory exists
-    if [ ! -d "$LOG_DIR" ]; then
-        print_alert "Error: Log directory not found: $LOG_DIR"
-        echo "Please specify the correct log directory with -l option"
-        exit 1
-    fi
+    # InterWorx requires special log discovery (logs are in /home/user/var/domain.com/logs/)
+    if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then
+        print_info "InterWorx detected - discovering domain logs..."
 
-    # Check if logs exist
-    local find_opts=()
-    if [ -n "$HOURS_BACK" ]; then
-        local minutes=$((HOURS_BACK * 60))
-        find_opts+=(-mmin -"$minutes")
-    elif [ -n "$DAYS_BACK" ]; then
-        find_opts+=(-mtime -"$DAYS_BACK")
+        # Build time filter options
+        local find_opts=()
+        if [ -n "$HOURS_BACK" ]; then
+            local minutes=$((HOURS_BACK * 60))
+            find_opts+=(-mmin -"$minutes")
+        elif [ -n "$DAYS_BACK" ]; then
+            find_opts+=(-mtime -"$DAYS_BACK")
+        fi
+
+        # Find all access_log files in InterWorx structure
+        log_count=$(find /home/*/var/*/logs -type f -name "access_log" "${find_opts[@]}" 2>/dev/null | wc -l)
+
+        if [ "$log_count" -eq 0 ]; then
+            print_alert "Error: No InterWorx access logs found in /home/*/var/*/logs/"
+            if [ -n "$HOURS_BACK" ]; then
+                echo "No logs found from the last $HOURS_BACK hours"
+            elif [ -n "$DAYS_BACK" ]; then
+                echo "No logs found from the last $DAYS_BACK days"
+            fi
+            exit 1
+        fi
+
+        print_info "Found $log_count InterWorx domain log files to analyze"
+
+        # Override LOG_DIR for parse_logs function to use
+        export INTERWORX_MODE="yes"
+        export INTERWORX_FIND_OPTS="${find_opts[*]}"
+    else
+        # Standard cPanel/Plesk log discovery
+        # Check if log directory exists
+        if [ ! -d "$LOG_DIR" ]; then
+            print_alert "Error: Log directory not found: $LOG_DIR"
+            echo "Please specify the correct log directory with -l option"
+            exit 1
+        fi
+
+        # Check if logs exist
+        local find_opts=()
+        if [ -n "$HOURS_BACK" ]; then
+            local minutes=$((HOURS_BACK * 60))
+            find_opts+=(-mmin -"$minutes")
+        elif [ -n "$DAYS_BACK" ]; then
+            find_opts+=(-mtime -"$DAYS_BACK")
+        fi
+
+        log_count=$(find "$LOG_DIR" -type f ! -name "*-bytes_log" ! -name "*.offset" ! -name "*error_log" "${find_opts[@]}" 2>/dev/null | wc -l)
+        if [ "$log_count" -eq 0 ]; then
+            print_alert "Error: No log files found in $LOG_DIR"
+            if [ -n "$HOURS_BACK" ]; then
+                echo "No logs found from the last $HOURS_BACK hours"
+            elif [ -n "$DAYS_BACK" ]; then
+                echo "No logs found from the last $DAYS_BACK days"
+            fi
+            exit 1
+        fi
+
+        print_info "Found $log_count log files to analyze"
     fi
 
     # User filtering
@@ -1795,18 +1868,7 @@ main() {
         export user_domains=""
     fi
 
-    log_count=$(find "$LOG_DIR" -type f ! -name "*-bytes_log" ! -name "*.offset" ! -name "*error_log" "${find_opts[@]}" 2>/dev/null | wc -l)
-    if [ "$log_count" -eq 0 ]; then
-        print_alert "Error: No log files found in $LOG_DIR"
-        if [ -n "$HOURS_BACK" ]; then
-            echo "No logs found from the last $HOURS_BACK hours"
-        elif [ -n "$DAYS_BACK" ]; then
-            echo "No logs found from the last $DAYS_BACK days"
-        fi
-        exit 1
-    fi
-
-    print_info "Found $log_count log files to analyze"
+    # Print time range info
     if [ -n "$HOURS_BACK" ]; then
         print_info "Analyzing logs from the last $HOURS_BACK hours"
     elif [ -n "$DAYS_BACK" ]; then