cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CRITICAL FIXES: Apply essential improvements from beta branch to production

Browse Source 
CRITICAL FIXES:
1. Add missing initialize_system_detection() call (launcher.sh)
   - System detection was never initialized before building reference database
   - This caused all SYS_* variables to be empty
   - Fixed blank system detection output issue reported on Alma 8

2. Fix all unsafe read statements (launcher.sh - 10+ occurrences)
   - Changed all 'read -r choice' to use /dev/tty with error handling
   - Prevents crashes when stdin is piped (curl | bash)
   - Prevents unexpected SSH session termination
   - Gracefully returns instead of exiting

3. Fix remaining read -p statements (launcher.sh)
   - Added </dev/tty and error suppression to startup and exit prompts
   - Prevents hangs when terminal not available

SECURITY FIXES:
4. Fix SQL injection in database queries (reference-db.sh)
   - Escape database names with backticks: WHERE table_schema=`$db`
   - Prevents malicious database names from breaking SQL

5. Fix password exposure in process listings (reference-db.sh)
   - Use MYSQL_PWD environment variable instead of command line
   - Credentials no longer visible in ps aux output
   - Added cleanup with unset MYSQL_PWD

6. Fix race condition in temp directory creation (common-functions.sh)
   - Changed from mkdir -p to mktemp -d
   - Secure permissions (0700) and unpredictable naming
   - Prevents TOCTOU attacks

All changes validated with bash -n syntax checks
Production launcher now matches/exceeds beta stability
This commit is contained in:
cschantz
2026-03-19 20:50:28 -04:00
parent 5cca21aa0c
commit eabddb553d
3 changed files with 51 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
launcher.sh
+44 -14
View File
@@ -53,7 +53,7 @@ run_module() {
echo ""
echo -e "${RED}✗ Module not found: $category/$module${NC}"
echo ""
read -p "Press Enter to continue..."
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
return 1
fi
@@ -74,7 +74,7 @@ run_module() {
echo -e "${RED}✗ Exited with code: $exit_code${NC}"
fi
echo ""
read -p "Press Enter to continue..."
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
}
#############################################################################
@@ -135,7 +135,9 @@ show_threat_analysis_menu() {
handle_threat_analysis_menu() {
while true; do
show_threat_analysis_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "security" "bot-analyzer.sh" ;;
@@ -169,7 +171,9 @@ show_live_monitoring_menu() {
handle_live_monitoring_menu() {
while true; do
show_live_monitoring_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "security" "live-attack-monitor.sh" ;;
@@ -201,7 +205,9 @@ show_log_viewers_menu() {
handle_log_viewers_menu() {
while true; do
show_log_viewers_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "security" "tail-apache-access.sh" ;;
@@ -232,7 +238,9 @@ show_security_actions_menu() {
handle_security_actions_menu() {
while true; do
show_security_actions_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "security" "enable-cphulk.sh" ;;
@@ -266,7 +274,9 @@ show_security_menu() {
handle_security_menu() {
while true; do
show_security_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) handle_threat_analysis_menu ;;
@@ -314,7 +324,9 @@ show_website_menu() {
handle_website_menu() {
while true; do
show_website_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "website" "website-error-analyzer.sh" ;;
@@ -367,7 +379,9 @@ show_performance_menu() {
handle_performance_menu() {
while true; do
show_performance_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "performance" "mysql-query-analyzer.sh" ;;
@@ -473,7 +487,9 @@ show_acronis_menu() {
handle_backup_menu() {
while true; do
show_backup_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) handle_acronis_menu ;;
@@ -488,7 +504,9 @@ handle_backup_menu() {
handle_acronis_menu() {
while true; do
show_acronis_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "backup" "acronis-install.sh" ;;
@@ -542,7 +560,9 @@ show_email_menu() {
handle_email_menu() {
while true; do
show_email_menu
read -r choice
if ! read -r choice 2>/dev/null </dev/tty; then
return 0
fi
case $choice in
1) run_module "email" "email-diagnostics.sh" ;;
@@ -573,6 +593,11 @@ init_directories() {
}
startup_detection() {
# Initialize system detection first (required for proper reference database)
if [ -z "${SYS_DETECTION_COMPLETE:-}" ]; then
initialize_system_detection
fi
if ! db_is_fresh; then
clear
print_banner "Server Management Toolkit - Initializing"
@@ -608,7 +633,7 @@ startup_detection() {
print_success "Detection complete! Cached for 1 hour."
echo ""
read -p "Press Enter to continue..."
read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true
fi
}
@@ -622,7 +647,12 @@ main() {
while true; do
show_main_menu
read -r choice
# Read from terminal (use /dev/tty directly for interaction)
if ! read -r choice 2>/dev/null </dev/tty; then
# No terminal available, return from function gracefully
return 0
fi
case $choice in
1) run_module "diagnostics" "system-health-check.sh" ;;
lib/common-functions.sh
+1 -2
View File
@@ -169,8 +169,7 @@ show_terminal_info() {
# Create temporary session directory
create_temp_session() {
export SESSION_ID=$$
export TEMP_SESSION_DIR="/tmp/server-toolkit-${SESSION_ID}"
mkdir -p "$TEMP_SESSION_DIR"
export TEMP_SESSION_DIR=$(mktemp -d -t server-toolkit.XXXXXX)
# Cleanup on exit
trap '[ -n "$TEMP_SESSION_DIR" ] && rm -rf "$TEMP_SESSION_DIR" 2>/dev/null' EXIT INT TERM
lib/reference-db.sh
+6 -3
View File
@@ -162,8 +162,8 @@ build_databases_section() {
# Build MySQL command with credentials if needed
local mysql_cmd="mysql"
if [ "$SYS_CONTROL_PANEL" = "plesk" ] && [ -f /etc/psa/.psa.shadow ]; then
local plesk_mysql_pass=$(cat /etc/psa/.psa.shadow)
mysql_cmd="mysql -uadmin -p${plesk_mysql_pass}"
export MYSQL_PWD=$(cat /etc/psa/.psa.shadow)
mysql_cmd="mysql -uadmin"
fi
local total_dbs=$($mysql_cmd -Ns -e "SHOW DATABASES" 2>/dev/null | grep -v "^information_schema$\|^mysql$\|^performance_schema$\|^sys$" | wc -l)
@@ -180,7 +180,7 @@ build_databases_section() {
local size_mb=$($mysql_cmd -Ns -e "SELECT ROUND(SUM(data_length + index_length) / 1024 / 1024, 2)
FROM information_schema.TABLES
WHERE table_schema='$db'" 2>/dev/null)
WHERE table_schema=\`$db\`" 2>/dev/null)
[ -z "$size_mb" ] && size_mb=0
local table_count=$($mysql_cmd -Ns "$db" -e "SHOW TABLES" 2>/dev/null | wc -l)
@@ -190,6 +190,9 @@ build_databases_section() {
finish_progress
echo "" >> "$SYSREF_DB"
# Clean up password environment variable
unset MYSQL_PWD
}
# Check domain HTTP/HTTPS status codes