- Separate prompt display from read command
- Print prompt to stderr before attempting read
- Show thanks message even if read fails
- Ensures exit menu always displays something to user
Impact: Exit confirmation prompt now properly visible when user selects option 0.
- Add INTERACTIVE_MODE detection using $- variable
- Check if running in interactive shell at startup
- Exit gracefully from main menu if non-interactive
- Add INTERACTIVE_MODE checks to all submenu handlers
- All read operations now properly detect non-interactive environments
Root cause: In non-interactive shells (like when sourced via curl | tar xz),
/dev/tty doesn't exist. With set -eo pipefail, the read command fails and
causes script to crash. Now detects this and exits gracefully with a helpful message.
Impact: Fixes tmux crash on AlmaLinux 8 when pulling dev branch via curl.
- Fix line 482: handle_loadwatch_analyzer() read without error handler
* Add /dev/tty redirection with proper error handling
* Returns gracefully if read fails instead of crashing
- Fix line 126: show_system_overview() uses pipe to sed
* Replace pipe with bash parameter expansion to avoid pipe failures
* Remove unsafe sed dependency, use ${var%,} to trim trailing comma
* More robust error handling
Impact: Prevents additional crash scenarios and improves reliability of system display.
CRITICAL FIXES:
- TERMINAL CRASH: Changed 'exit 1' to 'return 1' in library sourcing (lines 21-25)
Cause: When launcher.sh sourced from run.sh, 'exit' terminated the parent shell
Impact: Terminal no longer crashes when libraries fail to load
- CLEANUP FILE PATH: Simplified cleanup file creation to use consistent path
Old: Created random temp file with mktemp (never checked by run.sh)
New: Direct creation of /tmp/.cleanup_requested (checked by run.sh)
Impact: Cleanup now works correctly on exit
HIGH PRIORITY:
- DATABASE QUERY OPTIMIZATION: Replaced 4 separate grep -c calls with single awk pass
Old: 4 separate grep calls on same file (lines 666-669)
New: Single awk pass with field counting (line 671)
Impact: ~75% faster startup detection summary display
MEDIUM PRIORITY:
- CONSISTENT ERROR HANDLING: Standardized all read commands to use explicit failure checks
Pattern: if ! read ... </dev/tty 2>/dev/null; then ... fi
Applied to: startup detection prompt (line 681), main menu (line 705), cleanup prompt (line 720)
Impact: Clearer error handling throughout launcher
- DIRECTORY INITIALIZATION: Moved init_directories out of main loop
Old: Called on every main() invocation
New: Called once at startup with error handling
Impact: Fewer redundant directory creation attempts
- RUN.SH ERROR HANDLING: Added error handling for launcher.sh sourcing
Added: Check for successful launcher.sh load with helpful error message
Impact: Better failure diagnostics if launcher fails to load
VERIFICATION:
- Tested startup flow: Launcher initializes without crashes
- Verified menu displays correctly
- Confirmed cleanup file path consistency
- All error handling patterns standardized
Fixed unquoted variable in case statement (line 466):
- Changed: case $range_choice in
- To: case "$range_choice" in
This ensures proper variable handling if range_choice contains
special characters or spaces (though unlikely in practice).
All case statements in launcher.sh now properly quoted.
CHANGES:
1. **Color Code Removal**: Removed all active , , , , ,
, , variable references from output.
- User feedback: Colors weren't rendering properly
- Color definitions kept but unused (dead code)
2. **Case Statement Quoting**: Fixed all case statements to use quoted variables
- Changed: case $choice in
- To: case "$choice" in
- Lines: 201, 605, 699, 726
- Reason: Best practice for bash variable handling
3. **Symlink Attack Mitigation**: Replaced direct temp file creation with secure mktemp
- Changed: touch /tmp/.cleanup_requested
- To: CLEANUP_FILE=$(mktemp -t server-toolkit-cleanup.XXXXXX 2>/dev/null) || CLEANUP_FILE="/tmp/.cleanup_requested"
touch "$CLEANUP_FILE" 2>/dev/null || true
- Line: 712-714
- Reason: Prevents symlink attack where cleanup file could be replaced
VERIFICATION:
✅ Syntax check: bash -n launcher.sh
✅ No active color variable usage
✅ All case statements properly quoted
✅ Symlink attack prevention in place
✅ All previous fixes in place (from earlier commits)
STANDALONE SERVER STATUS:
✅ Domain discovery per-user working (commit 7bf42ee)
✅ Here-documents for array persistence (commit ce8babe)
✅ grep -v error handling with fallbacks (commits 9e48a9e, 986b54b)
✅ Terminal session preservation (return 0 not exit 0, commit fbcbbf8)
✅ No unnecessary color output
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
ISSUE:
When exiting the launcher (option 0), the script called exit 0 which closed
the entire shell session, disconnecting SSH/tmux and crashing the terminal.
FIX:
Changed line 721 from 'exit 0' to 'return 0'
- exit 0 = closes entire shell
- return 0 = returns from main() function, launcher exits cleanly
- Shell/SSH session remains open
Testing:
- Launcher now exits cleanly without closing terminal
- SSH sessions no longer disconnected
- tmux sessions no longer crash
- User returns to shell prompt safely
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
FIXES:
1. Added error handling (|| true) to get_standalone_user_domains()
- Prevents script crash with set -eo pipefail on standalone servers
- Function now always succeeds even if find fails
- Prevents tmux session crashes
2. Removed all ANSI color codes from launcher output
- Color codes were showing as raw \033[0;36m instead of rendering
- Simplified output without color variables
- Better compatibility with different terminal types
- Cleaner output on all systems
Changes:
- lib/user-manager.sh: Added || true to prevent failures
- launcher.sh: Removed , , , etc. from output
- show_banner(): Removed color codes
- show_system_overview(): Removed color codes
- show_main_menu(): Removed color codes
Impact:
- Standalone servers no longer crash when building reference database
- Output is clean and readable on all terminal types
- Detection/database building now completes successfully
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
SECURITY FIXES:
1. Remove unsafe eval() function (launcher.sh:88-99)
- eval() function removed entirely (was a code injection risk)
- Function was unused but posed security liability
2. Fix SQL injection in database queries (reference-db.sh:225-229)
- Properly escape single quotes in database names
- Changed from incorrect backtick escaping to proper SQL escaping
- Database names now safely used in WHERE clauses
3. Fix credential exposure (reference-db.sh:199-235)
- MYSQL_PWD no longer exported (visible to child processes)
- Password kept in local variable only
- Set MYSQL_PWD only for individual mysql commands
- Credentials immediately unset after use
- Password never visible in 'ps aux' or /proc/environ
4. Refactored database queries
- Each mysql command gets password set independently
- Uses here-string (<<<) instead of process substitution for safety
- Proper error handling per query
All critical vulnerabilities addressed
Syntax validation: PASS
- Update launcher version to 2.1.0-BETA
- Change banner to yellow with dev warning
- Use .sysref.beta cache file for isolation
- Update README with dev branch information
- Clear visual separation from production
Issue: Historical Attack Analysis was in its own "System Diagnostics"
category with only one tool, but it's actually threat analysis.
Changes:
- Added Historical Attack Analysis to Threat Analysis menu (option 6)
- Removed System Diagnostics sub-menu entirely (both functions)
- Updated main security menu from 5 to 4 categories
- Removed option 5 and its handler
New Structure:
Main Security Menu (4 categories):
1) Threat Analysis (6 tools) ← Historical Attack Analysis moved here
2) Live Monitoring (4 tools)
3) Log Viewers (4 tools)
4) Security Actions (3 tools)
Benefits:
- More logical grouping - analyzing attacks is threat analysis
- No orphan category with only one tool
- Cleaner main menu (4 options vs 5)
Code Changes:
- Added: +2 lines (option 6 in show/handle)
- Removed: -30 lines (System Diagnostics menu)
- Net: -28 lines
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Features:
- Check specific email address or entire domain
- Shows if emails are working with PROOF
- Displays recent activity with timestamps highlighted
- Categorizes: delivered, bounced, rejected, deferred
- Shows last 5 examples of each type from selected time period
- Clear verdict: Working / Partially Working / Has Problems
- Extracts bounce reasons and recommendations
- Saves full report for customer evidence
Usage: Email menu → Option 1 (Email Diagnostics)
Perfect for: 'Customer says they're not receiving emails'
Example output:
✅ EMAIL IS WORKING PROPERLY
Evidence: 15 successful deliveries in last 24 hours
PROOF - Recent deliveries with timestamps shown below
Previous attempt (commit 9b0a145) moved ALL variable exports inside the
conditional, which broke the script because variables weren't initialized
on subsequent runs after SYS_DETECTION_COMPLETE was set.
The CORRECT Fix:
Move SYS_USER_HOME_BASE and other session variables INSIDE the conditional
so they're only initialized ONCE, not reset every time system-detect.sh
is sourced.
Changes:
1. lib/system-detect.sh (lines 26-32):
- Moved SYS_USER_HOME_BASE="" inside conditional
- Moved SYS_PHP_VERSIONS=() inside conditional
- Moved firewall variables inside conditional
- Now all exports only run when SYS_DETECTION_COMPLETE is empty
2. launcher.sh (line 22):
- Re-added: source "$LIB_DIR/domain-discovery.sh"
- Lost when reverting broken commit
Impact:
- Fixes Plesk: SYS_USER_HOME_BASE="/var/www/vhosts" persists
- Fixes cPanel: launcher completes successfully and shows menu
- list_all_domains() and all unified functions now available
Tested on cPanel: ✅ WORKING
Ready for Plesk testing
The menu now includes both performance analysis tools (MySQL Query
Analyzer, Network & Bandwidth, Hardware Health, PHP Optimizer) and
system maintenance tools (Disk Space Analyzer, Loadwatch).
Changes:
- Main menu: "Performance Analysis" → "Performance & Maintenance"
- Submenu title: "🔧 Performance Analysis" → "🔧 Performance & Maintenance"
This better reflects the dual purpose of the menu category.
The Disk Space Analyzer is a performance/system health tool, not a
backup tool. Moving it to the Performance Analysis menu makes more
logical sense for users looking for system diagnostics.
Changes:
- Removed from Backup & Recovery → Maintenance section (was option 4)
- Added to Performance Analysis → System Health section (option 6)
- Updated both show_performance_menu() and handle_performance_menu()
- Removed from show_backup_menu() and handle_backup_menu()
New Location:
Main Menu → 4) Performance Analysis → 6) Disk Space Analyzer
This groups it with other system health tools like:
- Loadwatch Health Analyzer
- Hardware Health Check
- Network & Bandwidth analysis
New Feature: WinDirStat-like disk space analyzer for Linux
Location: modules/maintenance/disk-space-analyzer.sh
Menu: Backup & Recovery → Maintenance (option 4)
Key Features:
- 14 different analysis and cleanup options
- Inode usage monitoring (critical for detecting inode exhaustion)
- No external dependencies (bc removed, using awk for math)
- Multi-panel support (cPanel/Plesk/InterWorx)
- Interactive drill-down capability
- Preview before deletion for all cleanup operations
Analysis Types:
1. Disk usage overview with warnings (>90% critical, >75% warning)
2. Inode usage checking (often overlooked but critical)
3. Largest directories with drill-down capability
4. Largest files with type detection (log/db/archive/video/image)
5. Old log files analysis (>30 days with size totals)
6. Temporary files finder (/tmp, /var/tmp with age detection)
7. Package manager cache (yum/dnf/apt)
8. Email storage analysis (mail spools, Maildir, Maildrop)
9. Database storage (MySQL/MariaDB, PostgreSQL data dirs)
10. Backup files finder (.bak, .tar.gz, .sql with age)
11. WordPress analysis (uploads, plugins, cache by site)
12. Report generation (exports all analysis to timestamped file)
Cleanup Operations (all with preview):
13. Clean old log files (>30 days, shows preview, requires "yes")
14. Clean package cache (yum/dnf/apt, requires "yes")
15. Clean WordPress cache (per-site WP Super Cache cleanup)
Technical Improvements:
- size_to_bytes() function for human-readable to bytes conversion
- Uses awk for all floating point math (no bc dependency)
- Excludes system dirs (/proc, /sys, /dev, /run) for faster scans
- Format functions for consistent output (bytes/KB/MB/GB/TB)
- Age detection for files (shows days old)
- File type detection by extension
- Interactive menus with color coding
Safety Features:
- Dry-run preview before all deletions
- Confirmation prompts ("yes" required, not just "y")
- Size calculations shown before deletion
- First 10 files previewed in cleanup operations
Changes to launcher.sh:
- Added option 4 to Backup & Recovery menu
- Added case handler to run disk-space-analyzer.sh
- Menu text: "💿 Disk Space Analyzer - Find space issues & cleanup files"
Testing: Script is executable and ready to use
Removed subshell isolation that was unsetting SYS_ variables before each
module run. This caused full system re-detection (~530ms) every time a
module launched from the menu.
Changes:
- Removed: Subshell + SYS_ variable unsetting (lines 63-68)
- Now: Direct module execution with cached detection
Benefits:
- Module launches: ~530ms faster (instant after first detection)
- No redundant detection on every menu selection
- Detection only runs once per toolkit session
- Modules still get fresh detection if they explicitly call detect functions
Result: Modules now launch instantly instead of having 0.5s delay
Changed $SCRIPT_DIR to $BASE_DIR (correct variable name in launcher.sh)
Now option 15 properly launches: /root/server-toolkit/tools/analyze-historical-attacks.sh
Malware scanning is now more prominent:
- Moved from Web Application Analysis submenu to main Security Analysis menu
- Now option 1 (🦠 Malware Scanner) in Analysis & Troubleshooting
- Direct path: Security → Analysis → Malware Scanner (2→1→1)
- Removed from Web Application submenu to avoid duplication
- Renumbered all security analysis options accordingly
Much easier to find and access the malware scanner now.
New workflow:
1. User runs: source run.sh (instead of bash launcher.sh)
2. Launcher runs normally
3. On exit with cleanup=yes, launcher sets flag file
4. Wrapper detects flag and does ALL cleanup automatically:
- Cleans ~/.bash_history file
- Clears current shell's in-memory history
- Removes toolkit directory
- No manual commands needed
The key: wrapper is SOURCED so it runs in parent shell and can modify history.
User experience: answer "yes" and cleanup happens instantly, automatically.
Changes:
- Cleans ~/.bash_history file immediately when user selects yes
- Verifies curl command is gone from file before continuing
- Removes logs, temp files, toolkit directory automatically
- Shows verification: "✓ Verified: No curl download commands in history file"
- User just needs to run: history -c, unset HISTFILE, exit
No more asking user to source scripts. Just do the cleanup and verify.
Exit menu now tells user to SOURCE the trace eraser instead of running it as subprocess:
- Single command: TRACE_ERASER_AUTO=yes source tools/erase-toolkit-traces.sh
- Sourcing runs it in current shell, allowing it to modify that shell's history
- No more separate helper scripts or multiple steps
- Single source of truth for all cleanup logic
This fixes the parent shell history issue - by sourcing instead of running as subprocess, the trace eraser can actually modify the shell's history where the curl command was executed.
Developer