# โšก Linux Server Management Toolkit Comprehensive multi-panel server management suite supporting cPanel, InterWorx, Plesk, and standalone Apache with modular architecture and intelligent security features. ## ๐Ÿ“ฆ Directory Structure ``` server-toolkit/ โ”œโ”€โ”€ launcher.sh # Main menu system โ”œโ”€โ”€ README.md # This file โ”‚ โ”œโ”€โ”€ modules/ # Modular scripts organized by category โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ diagnostics/ # ๐Ÿ” System Diagnostics โ”‚ โ”‚ โ”œโ”€โ”€ system-health-check.sh # Comprehensive health analysis โ”‚ โ”‚ โ””โ”€โ”€ loadwatch-analyzer.sh # Historical system health analysis (1h/6h/24h/7d/30d) โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ security/ # ๐Ÿ›ก๏ธ Security & Monitoring โ”‚ โ”‚ โ”œโ”€โ”€ live-attack-monitor-v2.sh # Real-time SOC dashboard with auto-mitigation โ”‚ โ”‚ โ”œโ”€โ”€ live-attack-monitor.sh # Legacy attack monitoring (deprecated) โ”‚ โ”‚ โ”œโ”€โ”€ bot-analyzer.sh # Full bot/threat analysis with pattern detection โ”‚ โ”‚ โ”œโ”€โ”€ bot-blocker.sh # Apache User-Agent blocking manager (NEW!) โ”‚ โ”‚ โ”œโ”€โ”€ malware-scanner.sh # ImunifyAV, ClamAV, Maldet integration โ”‚ โ”‚ โ”œโ”€โ”€ ip-reputation-manager.sh # Centralized IP reputation tracking โ”‚ โ”‚ โ”œโ”€โ”€ ssh-attack-monitor.sh # SSH brute force detection โ”‚ โ”‚ โ”œโ”€โ”€ web-traffic-monitor.sh # Web traffic monitoring โ”‚ โ”‚ โ”œโ”€โ”€ firewall-activity-monitor.sh # CSF/iptables monitoring โ”‚ โ”‚ โ”œโ”€โ”€ enable-cphulk.sh # cPHulk enablement with CSF whitelist import โ”‚ โ”‚ โ”œโ”€โ”€ optimize-ct-limit.sh # Connection tracking optimization โ”‚ โ”‚ โ”œโ”€โ”€ tail-apache-access.sh # Live Apache access log viewer โ”‚ โ”‚ โ”œโ”€โ”€ tail-apache-error.sh # Live Apache error log viewer โ”‚ โ”‚ โ”œโ”€โ”€ tail-mail-log.sh # Live mail log viewer โ”‚ โ”‚ โ””โ”€โ”€ tail-secure-log.sh # Live secure/auth log viewer โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ backup/ # ๐Ÿ’พ Backup & Recovery โ”‚ โ”‚ โ”œโ”€โ”€ acronis-*.sh # Acronis Cyber Protect (17 management scripts) โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-install.sh # Install Acronis agent โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-register.sh # Register agent with cloud โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-configure.sh # Configure backup plans โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-status.sh # Agent status check โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-backup-status.sh # Backup job status โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-manual-backup.sh # Trigger manual backup โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-restore.sh # Restore from backup โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-update.sh # Update agent โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-uninstall.sh # Remove agent โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ acronis-troubleshoot.sh # Diagnostics and repair โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ (7 more utilities) โ”‚ โ”‚ โ””โ”€โ”€ mysql-restore-to-sql.sh # MySQL/MariaDB database restore & dump tool โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ website/ # ๐ŸŒ Website Diagnostics โ”‚ โ”‚ โ”œโ”€โ”€ website-error-analyzer.sh # Comprehensive error analysis โ”‚ โ”‚ โ”œโ”€โ”€ 500-error-tracker.sh # Fast 500 error tracking โ”‚ โ”‚ โ”œโ”€โ”€ cloudflare-detector.sh # Cloudflare domain detection (NEW!) โ”‚ โ”‚ โ”œโ”€โ”€ wordpress-menu.sh # WordPress tools submenu โ”‚ โ”‚ โ””โ”€โ”€ wordpress/ โ”‚ โ”‚ โ””โ”€โ”€ wordpress-cron-manager.sh # WP-Cron diagnostics and management โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ email/ # ๐Ÿ“ง Email Diagnostics & Management โ”‚ โ”‚ โ”œโ”€โ”€ email-diagnostics.sh # Comprehensive email diagnostics โ”‚ โ”‚ โ”œโ”€โ”€ mail-log-analyzer.sh # Mail log analysis โ”‚ โ”‚ โ”œโ”€โ”€ mail-queue-inspector.sh # Exim queue inspection โ”‚ โ”‚ โ”œโ”€โ”€ flush-mail-queue.sh # Flush stuck mail queue โ”‚ โ”‚ โ”œโ”€โ”€ blacklist-check.sh # RBL/DNSBL blacklist checker โ”‚ โ”‚ โ”œโ”€โ”€ spf-dkim-dmarc-check.sh # Email authentication validator โ”‚ โ”‚ โ”œโ”€โ”€ deliverability-test.sh # Email delivery testing โ”‚ โ”‚ โ”œโ”€โ”€ smtp-connection-test.sh # SMTP connectivity checker โ”‚ โ”‚ โ””โ”€โ”€ clean-mailboxes.sh # Mailbox cleanup utility โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ performance/ # ๐Ÿ“Š Performance Analysis โ”‚ โ”‚ โ”œโ”€โ”€ nginx-varnish-manager.sh # Nginx + Varnish Cache Manager โ”‚ โ”‚ โ”œโ”€โ”€ php-optimizer.sh # PHP Configuration Optimizer โ”‚ โ”‚ โ”œโ”€โ”€ hardware-health-check.sh # Hardware diagnostics (SMART, sensors) โ”‚ โ”‚ โ”œโ”€โ”€ mysql-query-analyzer.sh # MySQL performance analysis โ”‚ โ”‚ โ””โ”€โ”€ network-bandwidth-analyzer.sh # Network analysis โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ maintenance/ # ๐Ÿงน System Maintenance โ”‚ โ”œโ”€โ”€ cleanup-toolkit-data.sh # Clean temporary toolkit data โ”‚ โ””โ”€โ”€ disk-space-analyzer.sh # Disk usage analysis and recommendations โ”‚ โ”œโ”€โ”€ lib/ # Shared libraries โ”‚ โ”œโ”€โ”€ common-functions.sh # Reusable UI, logging, and utility functions โ”‚ โ”œโ”€โ”€ system-detect.sh # Multi-panel system detection (cPanel/Plesk/InterWorx) โ”‚ โ”œโ”€โ”€ user-manager.sh # User account management across panels โ”‚ โ”œโ”€โ”€ domain-discovery.sh # Multi-panel domain discovery โ”‚ โ”œโ”€โ”€ reference-db.sh # Cross-module intelligence sharing (.sysref) โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ attack-patterns.sh # Attack pattern definitions and scoring โ”‚ โ”œโ”€โ”€ attack-signatures.sh # 24+ attack signature detection rules โ”‚ โ”œโ”€โ”€ bot-signatures.sh # Bot classification (legitimate vs malicious) โ”‚ โ”œโ”€โ”€ http-attack-analyzer.sh # HTTP attack analysis engine โ”‚ โ”œโ”€โ”€ threat-intelligence.sh # Threat scoring and intelligence aggregation โ”‚ โ”œโ”€โ”€ ip-reputation.sh # IP reputation tracking and querying โ”‚ โ”œโ”€โ”€ rate-anomaly-detector.sh # Request rate anomaly detection โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ mysql-analyzer.sh # MySQL performance utilities โ”‚ โ”œโ”€โ”€ php-detector.sh # PHP configuration detection โ”‚ โ”œโ”€โ”€ php-analyzer.sh # PHP performance analysis engine โ”‚ โ”œโ”€โ”€ php-config-manager.sh # PHP config backup/restore/modification โ”‚ โ”œโ”€โ”€ email-functions.sh # Email-related utilities โ”‚ โ””โ”€โ”€ plesk-helpers.sh # Plesk-specific helper functions โ”‚ โ”œโ”€โ”€ config/ # Configuration files โ”‚ โ”œโ”€โ”€ settings.conf # Main configuration โ”‚ โ”œโ”€โ”€ whitelist-ips.txt # IP whitelist โ”‚ โ””โ”€โ”€ whitelist-user-agents.txt # User-Agent whitelist โ”‚ โ””โ”€โ”€ tools/ # Utility scripts โ”œโ”€โ”€ diagnostic-report.sh # Generate comprehensive system reports โ”œโ”€โ”€ toolkit-qa-check.sh # Quality assurance checker (88 tests) โ”œโ”€โ”€ qa-functional-tests.sh # Functional testing suite โ”œโ”€โ”€ update-attack-signatures.sh # Update attack signature database โ”œโ”€โ”€ analyze-historical-attacks.sh # Historical attack pattern analysis โ””โ”€โ”€ erase-toolkit-traces.sh # Complete toolkit removal utility ``` ## ๐Ÿš€ Quick Start ### Installation & Running **One command - automatic cleanup:** ```bash curl -sL https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit/archive/main.tar.gz | tar xz && source linux-server-management-toolkit/run.sh ``` When exiting (option 0), answer "yes" and cleanup happens automatically - no extra steps. Or if already downloaded: ```bash source /root/linux-server-management-toolkit/run.sh ``` ## โœจ Key Features ### ๐Ÿ›ก๏ธ Security & Monitoring - **Live Attack Monitor v2**: Real-time SOC dashboard with intelligent auto-blocking - **Auto-Mitigation Engine**: Automatic blocking at Score >= 80 (critical) or >= 100 (instant) - **Distributed Attack Detection**: Blocks coordinated attacks (5+ IPs, 25+ for subnet-level blocking) - **24 Attack Signatures**: RCE, SQL injection, XSS, path traversal, SSRF, XXE, credential stuffing, and more - **IPset Integration**: Kernel-level blocking for instant response (batched for performance) - **Bot Classification**: Distinguishes legitimate bots (Google, Bing) from AI scrapers and attack tools - **Attack Scoring System**: Dynamic scoring with volume bonuses and attack severity weighting - **Multi-Source Monitoring**: HTTP, SSH, Email, FTP, Database, Network attacks in unified dashboard - **Bot Blocker**: Apache User-Agent blocking manager with one-click enable/disable - Blocks 24+ malicious bots: security scanners, AI scrapers, SEO bots, vulnerability scanners - Safe Apache restart with automatic rollback on syntax errors - Configuration backup and restore capability - Syntax validation before applying changes - **Bot & Traffic Analyzer**: Full bot/threat analysis with pattern detection - **IP Reputation Manager**: Centralized cross-module IP intelligence with query/tracking - **Malware Scanner**: ImunifyAV, ClamAV, and Maldet integration with auto-installation - **cPHulk Integration**: Auto-imports CSF whitelists from all sources - **Specialized Monitors**: SSH attacks, web traffic, firewall activity - **Log Viewers**: Live tail for Apache access/error, mail, and security logs - **No System Pollution**: All data stored in /tmp (auto-cleanup on reboot, no /var/lib/ files) ### ๐Ÿ’พ Backup & Recovery - **Acronis Cyber Protect**: Complete agent management (install, update, configure, monitor, troubleshoot) - **MySQL Database Restore Tool**: Advanced recovery from file-based backups with intelligent Force Recovery - Multi-control panel support (cPanel, InterWorx, Plesk, standalone) - Smart detection for selective restore scenarios - Safe single-database extraction from full backups - Clean SQL export for production import ### ๐ŸŒ Website Diagnostics - **Error Analysis**: Comprehensive website error detection and troubleshooting - **500 Error Tracking**: Detailed analysis of application errors - **Cloudflare Detector**: Identify domains using Cloudflare with datacenter locations - Distinguishes between Proxied (orange cloud) and DNS-Only (gray cloud) - Shows Cloudflare datacenter locations (Chicago, Los Angeles, etc.) - Detects NXDOMAIN domains that need cleanup - Triple validation: nameservers, IP ranges, CF-RAY headers - Helps debug regional outages and cache issues - **WordPress Tools**: WP-Cron manager for WordPress diagnostics - **Log Integration**: Apache, PHP-FPM, cPanel error log analysis - **Smart Recommendations**: Context-aware suggestions for fixing issues ### ๐Ÿ“ง Email Diagnostics & Management - **Comprehensive Email Diagnostics**: Full email system health check - **Mail Log Analyzer**: Parse and analyze mail logs for delivery issues - **Mail Queue Inspector**: Inspect stuck/frozen mail queue with filtering - **Flush Mail Queue**: Clear stuck messages from Exim queue - **Blacklist Checker**: Check server IP against 50+ RBL/DNSBL lists - **SPF/DKIM/DMARC Validator**: Verify email authentication records - **Deliverability Testing**: Send test emails and verify delivery - **SMTP Connection Test**: Test SMTP connectivity and authentication - **Mailbox Cleanup**: Clean up mailbox quotas and old messages ### ๐Ÿ” Performance & Diagnostics - **System Health Check**: Comprehensive hardware, services, and security posture analysis - **Loadwatch Analyzer**: Historical system health analysis (1h/6h/24h/7d/30d time ranges) - **MySQL Query Analyzer**: Slow query detection and optimization recommendations - **Network & Bandwidth Analyzer**: Traffic analysis and top consumers - **Hardware Health Check**: SMART, memory, CPU sensors - **PHP Configuration Optimizer**: Per-domain PHP-FPM tuning with auto-backup and zero downtime - **Nginx + Varnish Cache Manager**: Complete Varnish cache installation and management for cPanel - **99.5% Stock Compliance**: Only settings.json modified (RPM config file) - **Full HTTP + HTTPS Caching**: SSL termination at Nginx, HTTP backends to Varnish - **Update Survival**: Proven to survive ea-nginx package updates and rebuilds - **93 Static File Types**: Images, fonts, CSS/JS, videos, documents, archives, and more - **Self-Healing**: 8 automatic fixes including config-script integrity checks - **Complete Backup/Revert**: Full restoration to pre-installation state - **Smart Bypasses**: AutoSSL, cPanel services, admin pages, POST requests - **Automated Audit**: 44 tests verify configuration and functionality - **Multi-Panel Support**: cPanel, InterWorx, Plesk, standalone Apache ### ๐Ÿ“Š Session Intelligence - **Reference Database**: Cross-module data sharing (.sysref) - **No Historical Tracking**: Session-based intelligence only - **"Download, Run, Fix, Delete"**: Designed for one-time troubleshooting ## ๐ŸŽฏ Usage Examples ### Quick System Health Check ```bash bash launcher.sh # Select: 1) System Health Check ``` ### Security Analysis & Monitoring ```bash bash launcher.sh # Select: 2) Security & Monitoring # Options: # - Live Attack Monitor v2 (real-time SOC dashboard with auto-blocking) # * Monitors HTTP, SSH, Email, FTP, Database, Network attacks # * Auto-blocks IPs at Score >= 80 (critical) or >= 100 (instant) # * Detects distributed attacks (5+ IPs) and blocks all participants # * Subnet blocking when 25+ IPs attack from same /24 range # * IPset kernel-level blocking for instant response # - Bot Blocker (Apache User-Agent blocking) # * One-click enable/disable # * Blocks 24+ malicious bots (scanners, scrapers, AI bots) # * Safe Apache restart with syntax validation # * Automatic backup and restore # - Bot & Traffic Analyzer (full scan or 1-hour quick scan) # - IP Reputation Manager # - Malware Scanner (ImunifyAV, ClamAV, Maldet with auto-install) # - Enable cPHulk Protection # - SSH/Web/Firewall attack monitors ``` ### Website Diagnostics ```bash bash launcher.sh # Select: 3) Website Diagnostics # Options: # - Website Error Analyzer (comprehensive error detection) # - Fast 500 Error Tracker (500 errors only) # - Cloudflare Detector # * Scan all domains or check single domain # * Shows Proxied (orange cloud) vs DNS-Only (gray cloud) # * Displays datacenter locations (Chicago, LA, etc.) # * Identifies NXDOMAIN domains that need cleanup # - WordPress Tools (WP-Cron manager) ``` ### Email Diagnostics ```bash bash launcher.sh # Select: 6) Email Diagnostics # Options: # - Comprehensive Email Diagnostics # - Mail Log Analyzer # - Mail Queue Inspector # - Blacklist Checker (RBL/DNSBL) # - SPF/DKIM/DMARC Validator # - Deliverability Testing # - SMTP Connection Test # - Flush Mail Queue # - Clean Mailboxes ``` ### Performance Analysis ```bash bash launcher.sh # Select: 4) Performance Analysis # Options: # - MySQL Query Analyzer (slow query detection) # - Network & Bandwidth Analyzer # - Hardware Health Check # - PHP Configuration Optimizer (per-domain tuning) # - Nginx + Varnish Cache Manager (transparent caching layer) # - Loadwatch Health Analyzer (1h/6h/24h/7d/30d analysis) ``` ### Backup & Recovery ```bash bash launcher.sh # Select: 5) Backup & Recovery # Options: # - Acronis Management (complete backup interface) # - MySQL File Restore (convert DB files to SQL) ``` ## ๐Ÿ”ง Configuration Edit the configuration file: ```bash nano /root/server-toolkit/config/settings.conf ``` ## ๐Ÿ”’ Security Considerations - **Run as root**: Most modules require root access - **Credentials stored safely**: Git credentials in ~/.git-credentials (outside project) - **No sensitive data in repo**: .gitignore excludes keys, tokens, credentials - **Test first**: Try on non-production environments first ## ๐Ÿ“Š Recent Updates (v2.3) ### January 2026 Highlights - Performance & Security #### Week 4 - Cloudflare & Bot Management - **Cloudflare Detector**: Advanced Cloudflare domain detection with location tracking (NEW!) - Distinguishes between Proxied (orange cloud) and DNS-Only (gray cloud) configurations - Shows datacenter locations with city names (Chicago, Los Angeles, etc.) - NXDOMAIN detection for identifying old/deleted domains - Triple validation: nameservers, IP range matching, CF-RAY header analysis - Helps debug regional outages and identify misconfigured domains - **Bot Blocker**: Apache User-Agent blocking manager for malicious bots (NEW!) - One-click enable/disable for 24+ malicious user-agents - Blocks: security scanners (nikto, nmap), AI scrapers (GPTBot, Claude-Web), SEO bots - Safe Apache restart with syntax validation and automatic rollback - Configuration backup/restore with timestamped backups - Real-time testing to verify blocking effectiveness #### Week 3 - Varnish Cache & Auto-Mitigation - **Nginx + Varnish Cache Manager**: Complete Varnish cache installation system - 99.5% stock compliance (only settings.json modified) - Full HTTP + HTTPS caching via SSL termination and config-script automation - Proven update survival (RPM config file preservation) - 93 static file types cached - 8 self-healing auto-fixes - Complete backup/revert capability - Automated 44-test audit system - **Auto-Mitigation Engine**: Automatic IP blocking at Score >= 80/100 via IPset (kernel-level) - **Distributed Attack Blocking**: Detects and blocks coordinated botnet attacks (5+ IPs) - **Subnet-Level Blocking**: Blocks entire /24 subnets when 25+ IPs attack from same range - **Attack Signature Improvements**: Fixed false positives in HTTP_SMUGGLING and SUSPICIOUS_UA detection - **Function Exports**: Fixed critical bug preventing HTTP attack auto-blocking in subshells - **No System Pollution**: Moved all persistent data from /var/lib/ to /tmp/ for clean removal - **Maldet Auto-Installation**: Enhanced Plesk support with improved directory detection ### December 2025 Highlights - **Launcher Cleanup**: Removed 90+ phantom menu items, reduced from 1,576 to 574 lines (64% reduction) - **Performance**: Cached domain status checks save ~5 minutes on 50-domain servers - **MySQL Restore Tool**: Advanced database recovery with intelligent Force Recovery detection - **Multi-Panel**: Full support for cPanel, InterWorx, Plesk, standalone Apache ### Current Feature Set - **60+ Working Modules**: Security (14), Website (5), Email (9), Performance (5), Backup (18), Diagnostics (2), Maintenance (2) - **18 Shared Libraries**: Attack detection, bot classification, system detection, PHP/MySQL analysis - **6 Utility Tools**: QA checker (88 tests), attack signature updater, diagnostic reports - **24 Attack Signatures**: RCE, SQL Injection, XSS, Path Traversal, SSRF, XXE, and more - **Bot Management**: Auto-blocking malicious bots via Apache User-Agent filtering - **Cloudflare Integration**: Advanced detection with datacenter location tracking - **Varnish Cache**: Transparent caching layer with 99.5% stock compliance - **Email Diagnostics**: Complete email troubleshooting suite with RBL checking - **Reference Database**: 1-hour cached status for cross-module intelligence - **Zero Hardcoded Paths**: Automatic control panel detection and path abstraction - **Self-Contained Design**: Delete toolkit directory = all data removed (no system files) ## ๐Ÿ™ Credits Built for comprehensive cPanel/Linux server management with a focus on security and intelligent automation. --- **Version**: 2.3.0 **Last Updated**: January 28, 2026 **Repository**: https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit ## ๐Ÿ“ˆ Statistics - **Total Modules**: 60+ - **Shared Libraries**: 18 - **Attack Signatures**: 24+ - **Supported Panels**: cPanel, InterWorx, Plesk, Standalone - **Lines of Code**: ~30,000+ - **QA Tests**: 88 automated checks