From f760ab53e3fa5e0d8ccd4d6afae2ccc9652f8f7b Mon Sep 17 00:00:00 2001 From: cschantz Date: Tue, 18 Nov 2025 19:01:13 -0500 Subject: [PATCH] Major performance and storage improvements - live-attack-monitor.sh: Remove snapshot loading, fix Apache log monitoring, add IP file sync for auto-blocking - bot-analyzer.sh: * Implement gzip compression for large temp files (10-20x space savings) * Move temp files from /tmp to toolkit/tmp directory * Prevents filling up system /tmp on large servers - run.sh: Add HISTFILE fallback to prevent crashes when sourced - user-manager.sh: * Initialize TEMP_SESSION_DIR to fix user indexing errors * Remove unnecessary temp file I/O for faster user indexing --- modules/security/bot-analyzer.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh index a0d478e..dba2282 100755 --- a/modules/security/bot-analyzer.sh +++ b/modules/security/bot-analyzer.sh @@ -34,8 +34,18 @@ source "$SCRIPT_DIR/lib/threat-intelligence.sh" # Default configuration (auto-detected from system) LOG_DIR="${SYS_LOG_DIR:-/var/log/apache2/domlogs}" -TEMP_DIR="/tmp/bot_analysis_$$" -OUTPUT_FILE="/tmp/bot_analysis_report_$(date +%Y%m%d_%H%M%S).txt" + +# Use toolkit's tmp directory instead of system /tmp to avoid filling it up +# On large servers with 200+ domains, compressed temp files can still be 50-100MB +# Using toolkit's tmp dir means: +# - Won't fill up system /tmp +# - Gets auto-cleaned when toolkit is removed +# - Included in cleanup script (clean-and-push-toolkit.sh) +TOOLKIT_TMP_DIR="$SCRIPT_DIR/tmp" +mkdir -p "$TOOLKIT_TMP_DIR" 2>/dev/null + +TEMP_DIR="$TOOLKIT_TMP_DIR/bot_analysis_$$" +OUTPUT_FILE="$TOOLKIT_TMP_DIR/bot_analysis_report_$(date +%Y%m%d_%H%M%S).txt" DAYS_BACK="" # Empty means all logs, otherwise filter by days HOURS_BACK="" # Empty means all logs, otherwise filter by hours FILTER_USER="" # Empty means all users, otherwise specific user @@ -200,15 +210,16 @@ check_dependencies() { # Check disk space check_disk_space() { local available_kb - available_kb=$(df /tmp 2>/dev/null | tail -1 | awk '{print $4}') + local check_path="$SCRIPT_DIR" + available_kb=$(df "$check_path" 2>/dev/null | tail -1 | awk '{print $4}') if [ -z "$available_kb" ]; then - echo -e "${YELLOW}Warning: Cannot determine available disk space in /tmp${NC}" >&2 + echo -e "${YELLOW}Warning: Cannot determine available disk space for toolkit directory${NC}" >&2 return fi if [ "$available_kb" -lt 102400 ]; then # Less than 100MB - echo -e "${YELLOW}Warning: Low disk space in /tmp: $((available_kb/1024))MB available${NC}" >&2 + echo -e "${YELLOW}Warning: Low disk space in toolkit directory: $((available_kb/1024))MB available${NC}" >&2 read -p "Continue anyway? (y/N): " -n 1 -r echo if [[ ! $REPLY =~ ^[Yy]$ ]]; then