cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Double arithmetic syntax error in generate_comparison_report (line 2073)

Browse Source
This commit is contained in:
Developer
2026-04-23 21:16:33 -04:00
parent 8af1ca881b
commit ca7ec62e02
12 changed files with 121 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/suspicious-login-monitor.sh
+16 -3
View File
@@ -1,4 +1,5 @@
#!/bin/bash
set -eo pipefail
#
# Suspicious Login Monitor - Integrated Security Analysis & Compromise Detection
@@ -11,6 +12,9 @@
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
TOOLKIT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Source reference-db for cache support (avoid redundant /etc/passwd parsing)
source "$TOOLKIT_ROOT/lib/reference-db.sh" 2>/dev/null || true
# Configuration
SUSPICIOUS_LOGIN_AUTO_BLOCK="${SUSPICIOUS_LOGIN_AUTO_BLOCK:-yes}"
SUSPICIOUS_LOGIN_AUTO_SCAN="${SUSPICIOUS_LOGIN_AUTO_SCAN:-yes}"
@@ -1673,7 +1677,7 @@ check_maintenance_mode() {
fi
if [ -n "$indicators" ]; then
echo "maintenance-mode:$(echo $indicators | sed 's/ $//')"
echo "maintenance-mode:$(sed 's/ $//' <<< "$indicators")"
return 0
fi
@@ -1823,6 +1827,10 @@ check_recent_password_changes() {
fi
# Check for locked accounts that were recently unlocked
# OPTIMIZATION: Read /etc/passwd ONCE, build nologin list, then check against it
# (avoiding redundant grep for each user in the loop)
local nologin_users=$(awk -F: '/\/sbin\/nologin|\/bin\/false/ {print $1}' /etc/passwd 2>/dev/null | tr '\n' '|')
local recently_unlocked=$(awk -F: -v cutoff=$(( $(date +%s) / 86400 - 7 )) '
# Field 2 starts with ! or !! = locked
# If field 3 (last change) is recent and field 2 does NOT start with !, might have been unlocked
@@ -1830,8 +1838,8 @@ check_recent_password_changes() {
print $1
}
' /etc/shadow 2>/dev/null | while read user; do
# Check if account was previously locked (this is imperfect without history)
if grep "^$user:" /etc/passwd | grep -q "/sbin/nologin\|/bin/false"; then
# Check if account has nologin shell (from pre-built list)
if [[ "|$nologin_users" =~ \|$user\| ]]; then
echo "$user"
fi
done)
@@ -2947,6 +2955,11 @@ main() {
echo -e "${CYAN}Starting Suspicious Login Monitor...${NC}"
echo ""
# Ensure cache is fresh (only rebuilds if > 1 hour old)
if command -v db_ensure_fresh &>/dev/null; then
db_ensure_fresh 2>/dev/null || true
fi
# Detect panel
local panel=$(detect_panel)
echo "Detected panel: $panel"