Linux-Server-Management-Toolkit/docs/MAIL-DATABASE-TOOLS-VARIABLES.md

# Mail, Database, and Tool Variables Complete Reference

**Status**: Complete - All missing variables created and integrated
**Created**: 2026-03-20
**Total New Variables**: 90+

This document defines the new SYS_* variables for mail commands, database commands, security tools, and system authentication files that were identified as missing during the system audit.

---

## Mail Command Variables (from lib/service-info.sh)

These variables provide platform-agnostic commands for interacting with mail systems. They automatically adapt to Exim, Postfix, or Sendmail.

### Exim Mail System
```bash
SYS_MAIL_BIN_EXIM="/usr/sbin/exim"               # Exim binary
SYS_MAIL_BIN_SENDMAIL="/usr/sbin/sendmail"       # Sendmail symlink (usually to exim)
SYS_MAIL_SPOOL="/var/spool/exim"                 # Mail queue directory
SYS_MAIL_CMD_QUEUE_COUNT="exim -bpc"             # Count queued messages
SYS_MAIL_CMD_QUEUE_LIST="exim -bp"               # List all queued messages
SYS_MAIL_CMD_QUEUE_RETRY="exim -R"               # Retry all messages
SYS_MAIL_CMD_QUEUE_REMOVE="exim -Mrm"            # Remove message by ID
SYS_MAIL_CMD_TEST_ADDRESS="exim -bt"             # Test email address routing
```

### Postfix Mail System
```bash
SYS_MAIL_BIN_POSTFIX="/usr/sbin/postfix"         # Postfix binary
SYS_MAIL_BIN_SENDMAIL="/usr/sbin/sendmail"       # Postfix sendmail wrapper
SYS_MAIL_SPOOL="/var/spool/postfix"              # Mail queue directory
SYS_MAIL_CMD_QUEUE_COUNT="mailq 2>/dev/null | tail -1"  # Count queued messages
SYS_MAIL_CMD_QUEUE_LIST="mailq"                  # List queued messages
SYS_MAIL_CMD_QUEUE_RETRY="postqueue -f"          # Flush/retry queue
SYS_MAIL_CMD_QUEUE_REMOVE="postsuper -d"         # Delete queued message
SYS_MAIL_CMD_TEST_ADDRESS="postmap -q"           # Test address lookup
```

### Sendmail Mail System
```bash
SYS_MAIL_BIN_SENDMAIL="/usr/sbin/sendmail"       # Sendmail binary
SYS_MAIL_SPOOL="/var/spool/mqueue"               # Mail queue directory
SYS_MAIL_CMD_QUEUE_COUNT="mailq 2>/dev/null | tail -1"  # Count queued messages
SYS_MAIL_CMD_QUEUE_LIST="mailq"                  # List queued messages
SYS_MAIL_CMD_QUEUE_RETRY="/usr/sbin/sendmail -q" # Retry queue
SYS_MAIL_CMD_QUEUE_REMOVE="rm -f"                # Remove queue files
SYS_MAIL_CMD_TEST_ADDRESS=""                     # Not supported in sendmail
```

### Usage Examples

**Count queued emails**:
```bash
source lib/system-variables.sh
eval "$SYS_MAIL_CMD_QUEUE_COUNT"  # Works on any mail system
```

**List and remove a message**:
```bash
source lib/system-variables.sh
eval "$SYS_MAIL_CMD_QUEUE_LIST"
# Get message ID, then:
eval "$SYS_MAIL_CMD_QUEUE_REMOVE message_id"
```

---

## Database Command Variables (from lib/service-info.sh)

These variables provide SQL commands for query, dump, admin operations, and status checks. Support MySQL/MariaDB and PostgreSQL.

### MySQL/MariaDB Commands
```bash
SYS_DB_CLI_COMMAND="/usr/bin/mysql"                    # MySQL CLI binary
SYS_DB_DUMP_COMMAND="/usr/bin/mysqldump"               # Database dump utility
SYS_DB_ADMIN_COMMAND="/usr/bin/mysqladmin"             # MySQL admin tool
SYS_DB_CHECK_COMMAND="/usr/bin/mysqlcheck"             # Check/repair tables
SYS_DB_REPAIR_COMMAND="/usr/bin/mysqlcheck --repair --all-databases"
SYS_DB_OPTIMIZE_COMMAND="/usr/bin/mysqlcheck --optimize --all-databases"
SYS_DB_STATUS_COMMAND="mysql -e 'SHOW STATUS' 2>/dev/null"
SYS_DB_SHOW_DATABASES="mysql -e 'SHOW DATABASES' 2>/dev/null"
SYS_DB_SHOW_TABLES="mysql DATABASE -e 'SHOW TABLES' 2>/dev/null"
```

### PostgreSQL Commands
```bash
SYS_DB_CLI_COMMAND="/usr/bin/psql"                     # PostgreSQL CLI
SYS_DB_DUMP_COMMAND="/usr/bin/pg_dump"                 # Database dump
SYS_DB_ADMIN_COMMAND="/usr/bin/pg_isready"             # Admin check
SYS_DB_CHECK_COMMAND="/usr/bin/pg_check"               # Table check
SYS_DB_REPAIR_COMMAND="VACUUM FULL ANALYZE"            # Repair command
SYS_DB_OPTIMIZE_COMMAND="ANALYZE"                      # Optimize command
SYS_DB_STATUS_COMMAND="/usr/bin/pg_isready"            # Status check
SYS_DB_SHOW_DATABASES="psql -l"                        # List databases
SYS_DB_SHOW_TABLES="psql -c '\dt'"                     # List tables
```

### Usage Examples

**Dump a database**:
```bash
source lib/system-variables.sh
$SYS_DB_DUMP_COMMAND -u root database_name > backup.sql
```

**Check database integrity**:
```bash
source lib/system-variables.sh
$SYS_DB_CHECK_COMMAND -u root
```

**List all databases**:
```bash
source lib/system-variables.sh
eval "$SYS_DB_SHOW_DATABASES"
```

---

## Security Scanner Tools (from lib/security-tools.sh)

### ClamAV (Antivirus)
```bash
SYS_SCANNER_CLAMAV="/usr/bin/clamscan"                 # ClamAV scanner binary
SYS_SCANNER_CLAMUPDATE="/usr/bin/freshclam"            # Database update tool
SYS_SCANNER_CLAMSCAN="clamscan"                        # Scanner command
SYS_SCANNER_CLAMAV_DB="/var/lib/clamav"                # Signature database dir
SYS_SCANNER_CLAMAV_LOG="/var/log/clamav/scan.log"      # Scan log
```

### Maldet (Linux Malware Detect)
```bash
SYS_SCANNER_MALDET="/usr/local/maldetect/maldet"       # Maldet binary
SYS_SCANNER_MALDET_DIR="/usr/local/maldetect"          # Installation dir
SYS_SCANNER_MALDET_QUARANTINE="/usr/local/maldetect/quarantine"
SYS_SCANNER_MALDET_LOG="/var/log/maldet.log"           # Maldet log
```

### RKHunter (Rootkit Hunter)
```bash
SYS_SCANNER_RKHUNTER="/usr/bin/rkhunter"               # RKHunter binary
SYS_SCANNER_RKHUNTER_CONFIG="/etc/rkhunter.conf"       # Config file
SYS_SCANNER_RKHUNTER_DB="/var/lib/rkhunter/db"         # Database dir
SYS_SCANNER_RKHUNTER_LOG="/var/log/rkhunter.log"       # Scan log
```

### Imunify360 (Security Suite)
```bash
SYS_SCANNER_IMUNIFY="/usr/bin/imunify360-agent"        # Imunify CLI
SYS_SCANNER_IMUNIFY_CONFIG="/etc/sysconfig/imunify360" # Config dir
SYS_SCANNER_IMUNIFY_DB="/var/lib/imunify360"           # Database dir
SYS_SCANNER_IMUNIFY_LOG="/var/log/imunify360/imunify360.log"
```

### Control Panel Security Tools

**cPanel**:
```bash
SYS_CPANEL_WHMAPI="/usr/local/cpanel/whostmgr/docroot/cgi/whmapi1"
SYS_CPANEL_UAPI="/usr/local/cpanel/uapi"
SYS_CPANEL_HULK="/usr/sbin/csf"                 # CSF is primary on cPanel
SYS_CPANEL_SCAN_TOOL="/usr/local/cpanel/scripts/checkfiles"
SYS_CPANEL_MALWARE_SCANNER="/usr/local/cpanel/scripts/scan_malware"
```

**Plesk**:
```bash
SYS_PLESK_API="/usr/local/psa/bin/plesk"
SYS_PLESK_ADMIN_API="/usr/local/psa/admin/bin/api.sh"
SYS_PLESK_EXTENSION_API="/usr/local/psa/admin/bin/extension"
SYS_PLESK_MTA_SCAN="/usr/local/psa/bin/postfix_control"
```

**InterWorx**:
```bash
SYS_INTERWORX_BIN="/home/interworx/bin"
SYS_INTERWORX_NODEWORX="/home/interworx/bin/nodeworx"
SYS_INTERWORX_SITEWORX="/home/interworx/bin/siteworx"
```

### System Security Tools

**Fail2Ban** (if installed):
```bash
SYS_FAIL2BAN_CLIENT="/usr/bin/fail2ban-client"         # Fail2Ban CLI
SYS_FAIL2BAN_CONFIG="/etc/fail2ban"                    # Config dir
SYS_FAIL2BAN_JAIL="/etc/fail2ban/jail.local"           # Jail config
```

**ModSecurity** (if enabled):
```bash
SYS_MODSECURITY_ENABLED="1"                            # Is it enabled?
SYS_MODSECURITY_CONF="/etc/apache2/mods-available/security.conf"
SYS_MODSECURITY_RULES="/etc/modsecurity"                # Rules directory
SYS_MODSECURITY_AUDIT_LOG="/var/log/apache2/modsec_audit.log"
```

**SELinux** (if available):
```bash
SYS_SELINUX_ENABLED="1"                                # Is SELinux present?
SYS_SELINUX_STATUS="enforcing"                         # Current status
SYS_SELINUX_CONFIG="/etc/selinux/config"                # Config file
```

**AppArmor** (if available - Ubuntu/Debian):
```bash
SYS_APPARMOR_ENABLED="1"                               # Is AppArmor present?
SYS_APPARMOR_CONFIG="/etc/apparmor"                    # Config dir
```

### Usage Examples

**Scan for malware with ClamAV**:
```bash
source lib/system-variables.sh
if [ -n "$SYS_SCANNER_CLAMAV" ]; then
    $SYS_SCANNER_CLAMAV -r /home
fi
```

**Check ClamAV signature database freshness**:
```bash
source lib/system-variables.sh
if [ -n "$SYS_SCANNER_CLAMUPDATE" ]; then
    $SYS_SCANNER_CLAMUPDATE
fi
```

---

## System Authentication Variables (from lib/system-authentication.sh)

### System Authentication Files
```bash
SYS_AUTH_PASSWD_FILE="/etc/passwd"                     # User database
SYS_AUTH_SHADOW_FILE="/etc/shadow"                     # Password hashes
SYS_AUTH_GROUP_FILE="/etc/group"                       # Group database
SYS_AUTH_GSHADOW_FILE="/etc/gshadow"                   # Group passwords
SYS_AUTH_SUDOERS_FILE="/etc/sudoers"                   # Sudo config
SYS_AUTH_SUDOERS_DIR="/etc/sudoers.d"                  # Sudoers extras
SYS_AUTH_PAM_DIR="/etc/pam.d"                          # PAM configs
SYS_AUTH_SSH_CONFIG="/etc/ssh/sshd_config"             # SSH config
SYS_AUTH_HOSTS_ALLOW="/etc/hosts.allow"                # TCP wrappers allow
SYS_AUTH_HOSTS_DENY="/etc/hosts.deny"                  # TCP wrappers deny
SYS_AUTH_CRONTAB_DIR="/var/spool/cron"                 # Cron jobs
SYS_LOG_CRON="/var/log/cron"                           # Cron logs (RHEL)
                                                       # or /var/log/syslog (Debian)
```

### Web Server User & Group IDs
```bash
SYS_WEB_UID=33          # www-data (Debian) or apache (RHEL): uid
SYS_WEB_GID=33          # www-data (Debian) or apache (RHEL): gid
# Values vary by OS: Debian uses www-data (33), RHEL uses apache (48)
```

### Database User & Group IDs
```bash
SYS_DB_UID=986          # mysql user uid
SYS_DB_GID=986          # mysql group gid
# PostgreSQL uses postgres (uid 999)
```

### Mail System User & Group IDs
```bash
SYS_MAIL_UID=8          # mail user (Exim/Postfix)
SYS_MAIL_GID=12         # mail group
# Values vary: Debian-exim (101), Postfix (89), Sendmail (209)
```

### Control Panel User & Group IDs
```bash
SYS_CPANEL_SYSTEM_UID=65534       # nobody on cPanel
SYS_CPANEL_SYSTEM_GID=65534
SYS_PLESK_SYSTEM_UID=52           # psaadm on Plesk
SYS_PLESK_SYSTEM_GID=52
SYS_INTERWORX_SYSTEM_UID=99       # iworx on InterWorx
SYS_INTERWORX_SYSTEM_GID=99
```

### Usage Examples

**Check if a user exists**:
```bash
source lib/system-variables.sh
grep "^username:" "$SYS_AUTH_PASSWD_FILE" && echo "User exists"
```

**List users in sudo group**:
```bash
source lib/system-variables.sh
getent group sudo | cut -d: -f4
```

**Get web server user UID for permission checks**:
```bash
source lib/system-variables.sh
if [ "$user_uid" -eq "$SYS_WEB_UID" ]; then
    echo "File is owned by web server"
fi
```

**Find all files owned by database user**:
```bash
source lib/system-variables.sh
find /var/lib/mysql -user mysql  # Alternative to: find ... -uid $SYS_DB_UID
```

---

## How Modules Should Use These Variables

### Before (Hardcoded - NOT portable):
```bash
#!/bin/bash
# Old way - hardcoded paths

# Mail queue check (only works on Exim)
count=$(exim -bpc)

# Database backup (hardcoded mysql path)
mysqldump -u root --all-databases > backup.sql

# ClamAV scan (hardcoded path)
/usr/bin/clamscan -r /home
```

### After (Using SYS_* Variables - Portable):
```bash
#!/bin/bash
# New way - works on any platform

source "$SCRIPT_DIR/lib/system-variables.sh"

# Mail queue check (works on any mail system)
eval "$SYS_MAIL_CMD_QUEUE_COUNT"

# Database backup (works on MySQL or PostgreSQL)
$SYS_DB_DUMP_COMMAND --all-databases > backup.sql

# ClamAV scan (only runs if ClamAV installed)
if [ -n "$SYS_SCANNER_CLAMAV" ]; then
    $SYS_SCANNER_CLAMAV -r /home
fi
```

---

## Variable Availability by Platform

### CentOS/RHEL Systems
- Mail: Exim (most common), Postfix, Sendmail
- Database: MySQL/MariaDB
- Web: Apache (httpd) or Nginx
- Security: CSF, firewalld, Imunify360
- UIDs: mail=8, apache=48, mysql=986

### Ubuntu/Debian Systems
- Mail: Postfix (most common), Exim, Sendmail
- Database: MySQL/MariaDB or PostgreSQL
- Web: Apache (apache2) or Nginx
- Security: UFW, Fail2Ban, AppArmor
- UIDs: mail=8, www-data=33, mysql=106

### Empty Variables
Variables are EMPTY on systems where the tool is not installed. Always check:

```bash
if [ -n "$SYS_SCANNER_CLAMAV" ]; then
    # ClamAV is installed, use it
    $SYS_SCANNER_CLAMAV -r /home
fi
```

---

## Integration Checklist

**When updating scripts to use these variables:**

1. ✅ Source lib/system-variables.sh (or lib/service-info.sh)
2. ✅ Replace hardcoded mail commands with SYS_MAIL_CMD_* variables
3. ✅ Replace hardcoded database commands with SYS_DB_CLI_* variables
4. ✅ Replace hardcoded scanner paths with SYS_SCANNER_* variables
5. ✅ Use SYS_AUTH_* for file paths, not hardcoded /etc/passwd
6. ✅ Check SYS_*_UID/GID before doing permission checks
7. ✅ Check that variables are not empty before using (some tools optional)

---

## Summary

- **90+ new variables created** covering mail, database, tools, and authentication
- **Multi-platform**: Variables adapt to detected Exim/Postfix/Sendmail, MySQL/PostgreSQL
- **Control panel aware**: InterWorx, Plesk, cPanel specific tools included
- **Auto-populated**: Launcher.sh detects and derives all variables automatically
- **Zero hardcoding**: Modules no longer need hardcoded paths for mail, DB, or tools
- **Optional tools**: Variables empty if tool not installed - safe to check before use

---

**Next Steps for Script Developers:**
1. Update modules/email/* scripts to use SYS_MAIL_CMD_* variables
2. Update modules/performance/mysql-query-analyzer.sh to use SYS_DB_* variables
3. Update modules/security/* to use SYS_SCANNER_* variables
4. Use SYS_AUTH_* for any file/permission checks