Linux-Server-Management-Toolkit

cschantz/Linux-Server-Management-Toolkit

Fork 0

Commit Graph

Author	SHA1	Message	Date
cschantz	c7a409622b	Fix IP reputation persistence - snapshots were being deleted on exit CRITICAL BUG FOUND: Live attack monitor was "losing track" of blocked IPs because IP reputation data was being saved to $TEMP_DIR then immediately deleted on cleanup. Line 149: rm -rf "$TEMP_DIR" deleted ALL IP tracking data Line 154: Said "snapshot saved" but was a LIE - already deleted! This caused: - No persistent IP reputation tracking across monitor restarts - Duplicate block attempts on same IPs - Lost attack history and ban counts - No permanent block logging ROOT CAUSE: save_snapshot() saved to: /tmp/live-monitor-$$/snapshot.dat cleanup() deleted: /tmp/live-monitor-$$ (entire directory) Result: All IP data lost on every exit THE FIX: 1. Snapshot Persistence (lines 161-189): save_snapshot() now saves to: ✓ $SNAPSHOT_DIR/latest_snapshot.dat (permanent storage) ✓ $SNAPSHOT_DIR/snapshot_TIMESTAMP.dat (timestamped history) ✓ Keeps last 10 snapshots, auto-cleans older ones ✓ Survives script exit/restart 2. Cleanup Function (lines 129-173): ✓ Calls save_snapshot() BEFORE deleting temp files ✓ Writes all IP_DATA to reputation database ✓ Waits for DB writes to complete ✓ Shows count of saved IPs ✓ THEN deletes temp directory 3. Real-Time IP Tracking (lines 820-839): record_blocked_ip() function: ✓ Increments ban_count in IP_DATA immediately ✓ Writes to reputation DB (background, non-blocking) ✓ Logs to permanent block_history.log file ✓ Format: timestamp\|IP\|reason 4. Blocking Function Integration: block_ip_temporary() (lines 921, 930, 950): ✓ Calls record_blocked_ip() after successful block block_ip_permanent() (line 1010): ✓ Calls record_blocked_ip() with "PERMANENT:" prefix PERSISTENT STORAGE LOCATIONS: /var/lib/server-toolkit/live-monitor/ ├── latest_snapshot.dat (current IP_DATA state) ├── snapshot_TIMESTAMP.dat (timestamped backups, last 10) └── block_history.log (append-only block log) BENEFITS: ✓ IP reputation persists across monitor restarts ✓ Historical tracking of all blocks with timestamps ✓ No duplicate blocking of same IPs ✓ Ban counts accumulate properly ✓ Attack patterns preserved for analysis ✓ Automatic cleanup (keeps last 10 snapshots) TESTED: ✓ Bash syntax validation passed ✓ Files synced (main + v2)	2025-12-25 16:24:21 -05:00

Author

SHA1

Message

Date

cschantz

c7a409622b

Fix IP reputation persistence - snapshots were being deleted on exit

CRITICAL BUG FOUND:
Live attack monitor was "losing track" of blocked IPs because IP reputation
data was being saved to $TEMP_DIR then immediately deleted on cleanup.
Line 149: rm -rf "$TEMP_DIR" deleted ALL IP tracking data
Line 154: Said "snapshot saved" but was a LIE - already deleted!

This caused:
- No persistent IP reputation tracking across monitor restarts
- Duplicate block attempts on same IPs
- Lost attack history and ban counts
- No permanent block logging

ROOT CAUSE:
save_snapshot() saved to: /tmp/live-monitor-$$/snapshot.dat
cleanup() deleted: /tmp/live-monitor-$$ (entire directory)
Result: All IP data lost on every exit

THE FIX:

1. Snapshot Persistence (lines 161-189):
   save_snapshot() now saves to:
   ✓ $SNAPSHOT_DIR/latest_snapshot.dat (permanent storage)
   ✓ $SNAPSHOT_DIR/snapshot_TIMESTAMP.dat (timestamped history)
   ✓ Keeps last 10 snapshots, auto-cleans older ones
   ✓ Survives script exit/restart

2. Cleanup Function (lines 129-173):
   ✓ Calls save_snapshot() BEFORE deleting temp files
   ✓ Writes all IP_DATA to reputation database
   ✓ Waits for DB writes to complete
   ✓ Shows count of saved IPs
   ✓ THEN deletes temp directory

3. Real-Time IP Tracking (lines 820-839):
   record_blocked_ip() function:
   ✓ Increments ban_count in IP_DATA immediately
   ✓ Writes to reputation DB (background, non-blocking)
   ✓ Logs to permanent block_history.log file
   ✓ Format: timestamp|IP|reason

4. Blocking Function Integration:
   block_ip_temporary() (lines 921, 930, 950):
   ✓ Calls record_blocked_ip() after successful block

   block_ip_permanent() (line 1010):
   ✓ Calls record_blocked_ip() with "PERMANENT:" prefix

PERSISTENT STORAGE LOCATIONS:
/var/lib/server-toolkit/live-monitor/
├── latest_snapshot.dat          (current IP_DATA state)
├── snapshot_TIMESTAMP.dat       (timestamped backups, last 10)
└── block_history.log            (append-only block log)

BENEFITS:
✓ IP reputation persists across monitor restarts
✓ Historical tracking of all blocks with timestamps
✓ No duplicate blocking of same IPs
✓ Ban counts accumulate properly
✓ Attack patterns preserved for analysis
✓ Automatic cleanup (keeps last 10 snapshots)

TESTED:
✓ Bash syntax validation passed
✓ Files synced (main + v2)

2025-12-25 16:24:21 -05:00

1 Commits