# Complete System Variables Reference **Status**: ✅ COMPLETE - 118 SYS_* variables across all platforms **Date**: 2026-03-20 **Coverage**: cPanel, Plesk, InterWorx, Standalone | All Linux distributions --- ## Overview: Two Implementation Phases ### Phase 1: Initial 93 Variables (COMPLETED) - Mail system commands (Exim, Postfix, Sendmail) - Database commands (MySQL, PostgreSQL) - Security scanner paths (ClamAV, Maldet, RKHunter, Imunify360) - Control panel APIs (cPanel, Plesk, InterWorx) - System security tools (Fail2Ban, ModSecurity, SELinux, AppArmor) - Authentication files and user/group IDs ### Phase 2: Additional 25 Variables (COMPLETED) - cPanel PHP version paths (10 variables) - Plesk PHP version paths with version detection (5 variables) - InterWorx PHP versions and domain paths (6 variables) - Domain log path variations (2 variables) - Domain configuration access files (2 variables) --- ## Complete Variable Listing by Category ### MAIL SYSTEM VARIABLES (8 variables) **Mail System Detection**: ```bash $SYS_MAIL_SYSTEM # "exim", "postfix", or "sendmail" ``` **Mail Commands** (auto-detects appropriate MTA): ```bash $SYS_MAIL_BIN_EXIM # /usr/sbin/exim $SYS_MAIL_BIN_POSTFIX # /usr/sbin/postfix $SYS_MAIL_BIN_SENDMAIL # /usr/sbin/sendmail $SYS_MAIL_CMD_QUEUE_COUNT # Count queued messages $SYS_MAIL_CMD_QUEUE_LIST # List queued messages $SYS_MAIL_CMD_QUEUE_RETRY # Retry message delivery $SYS_MAIL_CMD_QUEUE_REMOVE # Remove message from queue $SYS_MAIL_CMD_TEST_ADDRESS # Test address validation $SYS_MAIL_SPOOL # Queue directory path $SYS_MAIL_UID / $SYS_MAIL_GID # Mail system user/group IDs ``` --- ### DATABASE VARIABLES (9 variables) **Database Type Detection**: ```bash $SYS_DB_TYPE # "mysql" or "postgresql" $SYS_DB_VERSION # Version number ``` **Database Commands** (auto-detects appropriate DB): ```bash $SYS_DB_CLI_COMMAND # /usr/bin/mysql or /usr/bin/psql $SYS_DB_DUMP_COMMAND # /usr/bin/mysqldump or /usr/bin/pg_dump $SYS_DB_ADMIN_COMMAND # /usr/bin/mysqladmin or /usr/bin/pg_isready $SYS_DB_CHECK_COMMAND # /usr/bin/mysqlcheck or /usr/bin/pg_check $SYS_DB_REPAIR_COMMAND # mysqlcheck --repair or VACUUM FULL $SYS_DB_OPTIMIZE_COMMAND # mysqlcheck --optimize or ANALYZE $SYS_DB_STATUS_COMMAND # SHOW STATUS command or pg_isready $SYS_DB_SHOW_DATABASES # List databases command $SYS_DB_SHOW_TABLES # List tables in DB command $SYS_DB_UID / $SYS_DB_GID # Database system user/group IDs $SYS_DB_SOCKET # Unix socket path $SYS_DB_CONFIG # Configuration file path ``` --- ### CPANEL VARIABLES (18 variables) **Control Panel Detection**: ```bash $SYS_CONTROL_PANEL # "cpanel" $SYS_CONTROL_PANEL_VERSION # Version number ``` **PHP Version Paths**: ```bash $SYS_CPANEL_EAPHP_BASE # /opt/cpanel $SYS_CPANEL_EAPHP_BINARY_PATTERN # /opt/cpanel/ea-php{VERSION}/root/usr/bin/php $SYS_CPANEL_EAPHP_CONFIG_PATTERN # /opt/cpanel/ea-php{VERSION}/root/etc/php.ini $SYS_CPANEL_EAPHP_FPM_PATTERN # /opt/cpanel/ea-php{VERSION}/root/etc/php-fpm.conf ``` **Domain Configuration**: ```bash $SYS_CPANEL_USERDATA_DIR # /var/cpanel/userdata $SYS_CPANEL_DOMAIN_CONFIG_PATTERN # /var/cpanel/userdata/{USER}/{DOMAIN}.cache ``` **Domain Mappings**: ```bash $SYS_CPANEL_TRUEUSERDOMAINS # /etc/trueuserdomains $SYS_CPANEL_USERDATADOMAINS # /etc/userdatadomains $SYS_CPANEL_RETENTIONDOMAINS # /etc/retentiondomains ``` **Domain Logs**: ```bash $SYS_CPANEL_DOMLOGS_BASE # /var/log/apache2/domlogs $SYS_CPANEL_DOMLOGS_PATTERN # /var/log/apache2/domlogs/{DOMAIN} ``` **Security & APIs** (from Phase 1): ```bash $SYS_CPANEL_WHMAPI # WHM API endpoint $SYS_CPANEL_UAPI # cPanel User API endpoint $SYS_CPANEL_HULK # Security suite path $SYS_CPANEL_SCAN_TOOL # Security scan utility $SYS_CPANEL_MALWARE_SCANNER # Malware detection tool $SYS_CPANEL_SYSTEM_UID / GID # cPanel system user IDs ``` --- ### PLESK VARIABLES (5 variables) **Control Panel Detection**: ```bash $SYS_CONTROL_PANEL # "plesk" $SYS_CONTROL_PANEL_VERSION # Version number ``` **PHP Version Paths**: ```bash $SYS_PLESK_PHP_BASE # /opt/plesk/php $SYS_PLESK_PHP_BINARY_PATTERN # /opt/plesk/php/{VERSION}/bin/php $SYS_PLESK_FPM_SOCKET_DIR # /var/www/vhosts/system/{DOMAIN}/fpm ``` **Version-Aware Log Paths** (CRITICAL): ```bash $SYS_PLESK_LOG_STRUCTURE_VERSION # "old" (<18.0.50), "new" (18.0.50+), "unknown" $SYS_PLESK_DOMLOGS_PATTERN # Auto-adjusted based on version ``` **Security & APIs** (from Phase 1): ```bash $SYS_PLESK_API # Plesk API endpoint $SYS_PLESK_ADMIN_API # Admin API endpoint $SYS_PLESK_EXTENSION_API # Extension API endpoint $SYS_PLESK_MTA_SCAN # Mail scanning tool $SYS_PLESK_SYSTEM_UID / GID # Plesk system user IDs ``` --- ### INTERWORX VARIABLES (6 variables) **Control Panel Detection**: ```bash $SYS_CONTROL_PANEL # "interworx" $SYS_CONTROL_PANEL_VERSION # Version number ``` **PHP Versions**: ```bash $SYS_INTERWORX_PHP_SYSTEM # /usr/bin/php $SYS_INTERWORX_PHP_ALT_VERSIONS # /usr/local/php*/bin/php ``` **Domain Paths** (chroot-relative): ```bash $SYS_INTERWORX_DOMAINS_BASE # /chroot/home/{ACCOUNT}/domains $SYS_INTERWORX_DOMAIN_HTML # /chroot/home/{ACCOUNT}/domains/{DOMAIN}/html $SYS_INTERWORX_DOMAIN_LOGS # /chroot/home/{ACCOUNT}/domains/{DOMAIN}/logs $SYS_INTERWORX_VAR_LOGS_DIR # /chroot/home/{ACCOUNT}/var/{DOMAIN}/logs ``` **Security & APIs** (from Phase 1): ```bash $SYS_INTERWORX_BIN # /home/interworx/bin $SYS_INTERWORX_NODEWORX # NodeWorx CLI tool $SYS_INTERWORX_SITEWORX # SiteWorx CLI tool $SYS_INTERWORX_SYSTEM_UID / GID # InterWorx system user IDs ``` --- ### SECURITY SCANNER VARIABLES (30 variables) **Malware Scanners** (empty if not installed): ```bash $SYS_SCANNER_CLAMAV # /usr/bin/clamscan $SYS_SCANNER_CLAMUPDATE # /usr/bin/freshclam $SYS_SCANNER_CLAMSCAN # /usr/bin/clamscan (alt name) $SYS_SCANNER_CLAMAV_DB # /var/lib/clamav (signature DB) $SYS_SCANNER_CLAMAV_LOG # /var/log/clamav/scan.log $SYS_SCANNER_MALDET # /usr/local/maldetect/maldet $SYS_SCANNER_MALDET_DIR # /usr/local/maldetect $SYS_SCANNER_MALDET_QUARANTINE # Quarantine directory $SYS_SCANNER_MALDET_LOG # Maldet log file $SYS_SCANNER_RKHUNTER # /usr/bin/rkhunter $SYS_SCANNER_RKHUNTER_CONFIG # /etc/rkhunter.conf $SYS_SCANNER_RKHUNTER_DB # Signature DB $SYS_SCANNER_RKHUNTER_LOG # Log file $SYS_SCANNER_IMUNIFY # /usr/bin/imunify360-agent $SYS_SCANNER_IMUNIFY_CONFIG # Configuration file $SYS_SCANNER_IMUNIFY_DB # Database file $SYS_SCANNER_IMUNIFY_LOG # Log file ``` --- ### SYSTEM AUTHENTICATION VARIABLES (12 variables) **Authentication Files**: ```bash $SYS_AUTH_PASSWD_FILE # /etc/passwd $SYS_AUTH_SHADOW_FILE # /etc/shadow $SYS_AUTH_GROUP_FILE # /etc/group $SYS_AUTH_GSHADOW_FILE # /etc/gshadow $SYS_AUTH_SUDOERS_FILE # /etc/sudoers $SYS_AUTH_SUDOERS_DIR # /etc/sudoers.d $SYS_AUTH_SSH_CONFIG # /etc/ssh/sshd_config $SYS_AUTH_PAM_DIR # /etc/pam.d $SYS_AUTH_HOSTS_ALLOW # /etc/hosts.allow $SYS_AUTH_HOSTS_DENY # /etc/hosts.deny $SYS_AUTH_CRONTAB_DIR # /var/spool/cron or /var/spool/cron/crontabs $SYS_LOG_CRON # Cron logs ``` --- ### SYSTEM SECURITY VARIABLES (6 variables) **Firewall & Security**: ```bash $SYS_FIREWALL # "csf", "firewalld", "iptables", "ufw", "imunify", "plesk" $SYS_FIREWALL_VERSION # Version number $SYS_FAIL2BAN_CLIENT # /usr/bin/fail2ban-client (if installed) $SYS_FAIL2BAN_CONFIG # /etc/fail2ban (if installed) $SYS_FAIL2BAN_JAIL # Jail configuration (if installed) $SYS_MODSECURITY_ENABLED # "yes" or "" $SYS_MODSECURITY_CONF # Configuration file (if enabled) $SYS_MODSECURITY_RULES # Rules directory (if enabled) $SYS_MODSECURITY_AUDIT_LOG # Audit log (if enabled) $SYS_SELINUX_ENABLED # "yes" or "" $SYS_SELINUX_STATUS # Current SELinux mode (if enabled) $SYS_SELINUX_CONFIG # /etc/selinux/config (if enabled) $SYS_APPARMOR_ENABLED # "yes" or "" $SYS_APPARMOR_CONFIG # /etc/apparmor (if enabled) ``` --- ### USER/GROUP ID VARIABLES (12 variables) **For Permission Checks** (replaced hardcoded UIDs): ```bash $SYS_WEB_UID # Apache/www-data UID (48 on RHEL, 33 on Debian) $SYS_WEB_GID # Apache/www-data GID $SYS_DB_UID # MySQL/PostgreSQL UID (usually 27 or 986) $SYS_DB_GID # MySQL/PostgreSQL GID $SYS_MAIL_UID # Mail system UID (usually 8) $SYS_MAIL_GID # Mail system GID $SYS_CPANEL_SYSTEM_UID # cPanel system user UID $SYS_CPANEL_SYSTEM_GID # cPanel system user GID $SYS_PLESK_SYSTEM_UID # Plesk system user UID $SYS_PLESK_SYSTEM_GID # Plesk system user GID $SYS_INTERWORX_SYSTEM_UID # InterWorx system user UID (99) $SYS_INTERWORX_SYSTEM_GID # InterWorx system user GID ``` --- ### SYSTEM DETECTION VARIABLES (11 variables) **Platform Information** (set during initialization): ```bash $SYS_CONTROL_PANEL # "cpanel", "plesk", "interworx", or "" $SYS_CONTROL_PANEL_VERSION # Version number $SYS_OS_TYPE # "centos", "ubuntu", "debian", "almalinux", "cloudlinux" $SYS_OS_VERSION # Version number $SYS_WEB_SERVER # "apache", "nginx", "litespeed", "openlitespeed" $SYS_WEB_SERVER_VERSION # Version number $SYS_DB_TYPE # "mysql", "mariadb", or "postgresql" $SYS_DB_VERSION # Version number $SYS_MAIL_SYSTEM # "exim", "postfix", or "sendmail" $SYS_FIREWALL # Firewall type $SYS_FIREWALL_VERSION # Version number ``` --- ### SERVICE & CONFIGURATION VARIABLES (22 variables) **Service Names & Users**: ```bash $SYS_WEB_SERVICE # "apache2" or "httpd" or "nginx" $SYS_WEB_USER # "www-data" or "apache" or "nginx" $SYS_WEB_GROUP # "www-data" or "apache" or "nginx" $SYS_DB_SERVICE # "mysqld", "mysql", or "postgresql" $SYS_DB_USER # "mysql" or "postgres" $SYS_MAIL_SERVICE # "exim4", "postfix", or "sendmail" $SYS_FIREWALL_SERVICE # Firewall service name $SYS_INIT_SYSTEM # "systemd" or "sysvinit" ``` **Paths & Configuration**: ```bash $SYS_LOG_DIR # Base log directory $SYS_USER_HOME_BASE # /home, /var/www/vhosts, or /chroot/home $SYS_WEB_CONFIG_DIR # /etc/apache2 or /etc/httpd/conf $SYS_WEB_MODULES_DIR # Web modules directory $SYS_WEB_VHOSTS_DIR # Virtual hosts configuration directory $SYS_WEB_PID_FILE # Web server PID file $SYS_DB_SOCKET # MySQL socket $SYS_DB_CONFIG # Database configuration file ``` --- ### LOG VARIABLES (8 variables) **Web Server Logs**: ```bash $SYS_LOG_WEB_ACCESS # Apache/Nginx access log $SYS_LOG_WEB_ERROR # Apache/Nginx error log $SYS_LOG_WEB_SSL_ACCESS # SSL access log $SYS_LOG_WEB_SSL_ERROR # SSL error log ``` **System Logs**: ```bash $SYS_LOG_AUTH # Authentication log $SYS_LOG_SYSLOG # System log $SYS_LOG_MAIL_MAIN # Mail system log $SYS_LOG_MAIL_REJECT # Mail rejection log $SYS_LOG_CRON # Cron jobs log $SYS_LOG_WTMP # Login records $SYS_LOG_BTMP # Failed login attempts ``` --- ## Variable Usage Patterns ### Pattern 1: Conditional Tool Usage ```bash # Only use a tool if it's installed if [ -n "$SYS_SCANNER_CLAMAV" ]; then $SYS_SCANNER_CLAMAV -r /home fi ``` ### Pattern 2: Platform-Aware Commands ```bash # Works on any database $SYS_DB_DUMP_COMMAND --all-databases > backup.sql # Works on any mail system eval "$SYS_MAIL_CMD_QUEUE_COUNT" ``` ### Pattern 3: Permission Checks ```bash # Works on any OS (replaces hardcoded UID checks) if [ "$(stat -c %u "$file")" -eq "$SYS_WEB_UID" ]; then echo "File owned by web server" fi ``` ### Pattern 4: Domain-Specific Operations ```bash # Works on any panel case "$SYS_CONTROL_PANEL" in cpanel) log="${SYS_CPANEL_DOMLOGS_PATTERN//\{DOMAIN\}/example.com}" ;; plesk) log="${SYS_PLESK_DOMLOGS_PATTERN//\{DOMAIN\}/example.com}/access_log" ;; interworx) log="${SYS_INTERWORX_DOMAIN_LOGS//\{ACCOUNT\}/examplec//\{DOMAIN\}/example.com}" ;; esac tail -f "$log" ``` ### Pattern 5: PHP Version Discovery ```bash # Find PHP 8.1 on any cPanel system php81="${SYS_CPANEL_EAPHP_BINARY_PATTERN//\{VERSION\}/81}" $php81 --version ``` --- ## Architecture: How Variables Are Set **Initialization Flow**: ``` launcher.sh ↓ source lib/system-detect.sh source lib/service-info.sh source lib/system-variables.sh ↓ initialize_system_detection() ├─ detect_control_panel() → SYS_CONTROL_PANEL ├─ detect_os() → SYS_OS_TYPE ├─ detect_web_server() → SYS_WEB_SERVER ├─ detect_database() → SYS_DB_TYPE ├─ detect_php_versions() → PHP info ├─ detect_firewall() → SYS_FIREWALL ├─ detect_mail_system() → SYS_MAIL_SYSTEM └─ Call all derive_all_*() functions: ├─ derive_all_service_info() │ ├─ derive_cpanel_php_versions() → SYS_CPANEL_* │ ├─ derive_plesk_php_versions() → SYS_PLESK_* │ ├─ derive_interworx_php_versions() → SYS_INTERWORX_* │ └─ derive_domain_log_paths() → SYS_*_DOMLOGS_* └─ ... (other derive functions) ↓ All 118 SYS_* variables now available for all scripts ``` --- ## Complete Platform Coverage | Aspect | Coverage | Notes | |--------|----------|-------| | Control Panels | 4 platforms | cPanel, Plesk, InterWorx, Standalone | | Operating Systems | 6+ distros | RHEL, CentOS, Ubuntu, Debian, CloudLinux, AlmaLinux | | Web Servers | 4 servers | Apache, Nginx, LiteSpeed, OpenLiteSpeed | | Databases | 2 systems | MySQL/MariaDB, PostgreSQL | | Mail Systems | 3 MTAs | Exim, Postfix, Sendmail | | Firewalls | 6 options | CSF, firewalld, iptables, UFW, Imunify360, Plesk | | Security Scanners | 4 tools | ClamAV, Maldet, RKHunter, Imunify360 | --- ## Conclusion **118 SYS_* variables** provide complete platform abstraction, enabling: - ✅ Write once, run on any control panel - ✅ Write once, run on any Linux distribution - ✅ Write once, run with any mail system - ✅ Write once, run with any database - ✅ Auto-detect and use any installed security tool - ✅ Zero hardcoded paths in any script Scripts no longer need branches for control panel type, OS variations, or tool locations. All platform knowledge is centralized in these variables.