diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh index eaccc08..1c28145 100755 --- a/modules/security/bot-analyzer.sh +++ b/modules/security/bot-analyzer.sh @@ -2060,11 +2060,11 @@ generate_comparison_report() { echo "" print_header "BASELINE COMPARISON (Is this activity normal?)" - local total_requests=$(grep "^Total_Requests:" "$latest_report" | cut -d: -f2 | tr -d ' ') + local total_requests=$(grep "^Total_Requests:" "$latest_report" 2>/dev/null | cut -d: -f2 | tr -d ' ' || echo "0") local baseline_requests=$(calculate_baseline_average "server" "requests" 7) - if [ "$baseline_requests" -gt 0 ]; then - local request_pct=$((total_requests * 100 / baseline_requests)) + if [ "${baseline_requests:-0}" -gt 0 ]; then + local request_pct=$((${total_requests:-0} * 100 / baseline_requests)) if [ "$request_pct" -gt 200 ]; then echo -e "${RED}🔴 ABNORMAL: Requests are $(($request_pct - 100))% above 7-day average${NC}" echo " Baseline (7-day avg): $baseline_requests requests" @@ -2078,11 +2078,11 @@ generate_comparison_report() { echo "📊 (No historical baseline yet - first analysis)" fi - local high_risk=$(grep "^High_Risk_IPs:" "$latest_report" | cut -d: -f2 | tr -d ' ') + local high_risk=$(grep "^High_Risk_IPs:" "$latest_report" 2>/dev/null | cut -d: -f2 | tr -d ' ' || echo "0") local baseline_attacks=$(calculate_baseline_average "server" "high_risk" 7) - if [ "$baseline_attacks" -gt 0 ]; then - local attack_ratio=$((high_risk / baseline_attacks)) + if [ "${baseline_attacks:-0}" -gt 0 ]; then + local attack_ratio=$((${high_risk:-0} / baseline_attacks)) if [ "$attack_ratio" -gt 3 ]; then echo -e "${RED}🔴 ABNORMAL: High-risk IPs are ${attack_ratio}x above baseline${NC}" echo " Baseline (7-day avg): $baseline_attacks high-risk IPs" @@ -2103,27 +2103,27 @@ generate_comparison_report() { print_header "DAY-OVER-DAY TRENDS" # Extract metrics and calculate differences - local curr_high_risk=$(grep "^High_Risk_IPs:" "$latest_report" | cut -d: -f2 | tr -d ' ') - local prev_high_risk=$(grep "^High_Risk_IPs:" "$previous_report" | cut -d: -f2 | tr -d ' ') - local risk_diff=$((curr_high_risk - prev_high_risk)) + local curr_high_risk=$(grep "^High_Risk_IPs:" "$latest_report" 2>/dev/null | cut -d: -f2 | tr -d ' ' || echo "0") + local prev_high_risk=$(grep "^High_Risk_IPs:" "$previous_report" 2>/dev/null | cut -d: -f2 | tr -d ' ' || echo "0") + local risk_diff=$((${curr_high_risk:-0} - ${prev_high_risk:-0})) local risk_pct=0 - if [ "$prev_high_risk" -gt 0 ]; then + if [ "${prev_high_risk:-0}" -gt 0 ]; then risk_pct=$((risk_diff * 100 / prev_high_risk)) fi # Display trend if [ "$risk_diff" -gt 0 ]; then - echo "⚠️ High-Risk IPs: $curr_high_risk (↑ $risk_diff IPs, +${risk_pct}%)" + echo "⚠️ High-Risk IPs: ${curr_high_risk:-0} (↑ $risk_diff IPs, +${risk_pct}%)" elif [ "$risk_diff" -lt 0 ]; then - echo "✓ High-Risk IPs: $curr_high_risk (↓ $((risk_diff * -1)) IPs, ${risk_pct}%)" + echo "✓ High-Risk IPs: ${curr_high_risk:-0} (↓ $((risk_diff * -1)) IPs, ${risk_pct}%)" else - echo "→ High-Risk IPs: $curr_high_risk (no change)" + echo "→ High-Risk IPs: ${curr_high_risk:-0} (no change)" fi # Repeat for other metrics - local curr_sql=$(grep "^SQL_Injection:" "$latest_report" | cut -d: -f2 | tr -d ' ') - local prev_sql=$(grep "^SQL_Injection:" "$previous_report" | cut -d: -f2 | tr -d ' ') + local curr_sql=$(grep "^SQL_Injection:" "$latest_report" 2>/dev/null | cut -d: -f2 | tr -d ' ' || echo "0") + local prev_sql=$(grep "^SQL_Injection:" "$previous_report" 2>/dev/null | cut -d: -f2 | tr -d ' ' || echo "0") local sql_diff=$((curr_sql - prev_sql)) if [ "$sql_diff" -gt 0 ]; then