Fix ip_data consolidation: skip ip_data file itself and remove local keyword

modules/security/live-attack-monitor.sh

@@ -1178,7 +1178,12 @@ monitor_ssh_attacks() {
                     fi
 
                     # Process as BRUTEFORCE attack
-                    local current_data="${IP_DATA[$ip]:-0|0|human||0|0}"
+                    # Read from file (subshells can't access IP_DATA array)
+                    local ip_file="$TEMP_DIR/ip_${ip//\./_}"
+                    local current_data="0|0|human||0|0"
+                    if [ -f "$ip_file" ]; then
+                        current_data=$(cat "$ip_file")
+                    fi
                     IFS='|' read -r score hits bot_type attacks ban_count rep_score <<< "$current_data"
 
                     # Increment hits
@@ -1256,8 +1261,9 @@ monitor_ssh_attacks() {
                     # Cap at 100
                     [ $score -gt 100 ] && score=100
 
-                    # Update IP_DATA
-                    IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
+                    # Update ip_data file directly (subshells can't access IP_DATA array)
+                    local ip_file="$TEMP_DIR/ip_${ip//\./_}"
+                    echo "$score|$hits|$bot_type|$attacks|$ban_count|$rep_score" > "$ip_file"
 
                     # Store block reasons for CSF
                     if [ -n "$block_reasons" ]; then
@@ -1972,10 +1978,20 @@ while true; do
     draw_live_feed
     draw_quick_actions
 
-    # Write IP data to temp file for auto-mitigation engine (every loop)
+    # Consolidate IP data from individual files into ip_data file (for auto-mitigation engine)
     {
-        for ip in "${!IP_DATA[@]}"; do
-            echo "$ip=${IP_DATA[$ip]}"
+        for ip_file in "$TEMP_DIR"/ip_*; do
+            [ -f "$ip_file" ] || continue
+            # Skip the consolidated ip_data file itself
+            [[ "$(basename "$ip_file")" == "ip_data" ]] && continue
+            # Extract IP from filename (ip_1_2_3_4 -> 1.2.3.4)
+            ip=$(basename "$ip_file" | sed 's/^ip_//' | tr '_' '.')
+            data=$(cat "$ip_file" 2>/dev/null)
+            if [ -n "$data" ]; then
+                echo "$ip=$data"
+                # Also update IP_DATA array for dashboard display
+                IP_DATA[$ip]="$data"
+            fi
         done
     } > "$TEMP_DIR/ip_data" 2>/dev/null