cschantz
0a3adabfb2
MAJOR IMPROVEMENTS: 1. Added adaptive compact/verbose display mode 2. Fixed SSH BRUTEFORCE not showing in Attack Vectors section BUG FIX: Attack Vectors missing SSH attacks PROBLEM: - Attack Vectors section was usually empty - SSH BRUTEFORCE attacks were tracked but NOT displayed - ATTACK_TYPE_COUNTER only populated from web attacks - SSH attacks only updated IP_ATTACK_VECTORS (internal tracking) FIX: - Added ((ATTACK_TYPE_COUNTER["BRUTEFORCE"]++)) when SSH attack detected - Now SSH bruteforce attempts show in Attack Vectors display - Line 1757: Update counter when BRUTEFORCE added to attack list NEW FEATURE: Compact Mode PROBLEM: - Dashboard needs 40+ lines but terminals are typically 24 lines - Content runs off screen during attacks - Empty Attack Vectors section wastes space SOLUTION: Adaptive Display Modes ┌─────────────────────────────────────────────────────────────┐ │ COMPACT MODE (default): │ │ - Top 5 threats (was 10) │ │ - 8 live feed events (was 20) │ │ - Attack Vectors hidden (saves 4-6 lines) │ │ - Fits 24-line terminal perfectly │ │ - Press 'v' to switch to verbose │ ├─────────────────────────────────────────────────────────────┤ │ VERBOSE MODE: │ │ - Top 10 threats │ │ - 20 live feed events │ │ - Attack Vectors section shown │ │ - Full details for large terminals │ │ - Press 'v' to switch to compact │ └─────────────────────────────────────────────────────────────┘ CHANGES: - Line 50-51: Added COMPACT_MODE=1, TERMINAL_HEIGHT detection - Line 1042: Adaptive IP count (5 compact, 10 verbose) - Line 1107: Skip Attack Vectors entirely in compact mode - Line 1131: Adaptive feed lines (8 compact, 20 verbose) - Line 1252-1256: Show mode-specific key options - Line 2713-2720: Add 'v' key handler to toggle mode UI IMPROVEMENTS: - Keys shown adapt to mode: * Compact: 'b' Block | 'c' Security | 'v' Verbose | 'r' Refresh | 'q' Quit * Verbose: 'b' Block | 'c' Security | 'v' Compact | 's' Stats | 'q' Quit - No scrolling needed in compact mode - All critical info always visible - Better for SSH sessions over slow connections IMPACT: - ✓ No more off-screen content in standard terminals - ✓ SSH bruteforce now visible in Attack Vectors - ✓ Faster to scan (information density optimized) - ✓ Works on any terminal size - ✓ Toggle on demand without restart TESTED: - Syntax validation: ✓ Passed - Mode toggle: ✓ Works - Display adapts correctly: ✓ Verified
⚡ Linux Server Management Toolkit
Comprehensive multi-panel server management suite supporting cPanel, InterWorx, Plesk, and standalone Apache with modular architecture and intelligent security features.
📦 Directory Structure
server-toolkit/
├── launcher.sh # Main menu system
├── README.md # This file
│
├── modules/ # Modular scripts organized by category
│ │
│ ├── diagnostics/ # 🔍 System Diagnostics
│ │ ├── system-health-check.sh # Comprehensive health analysis
│ │ └── loadwatch-analyzer.sh # System health from loadwatch monitoring logs
│ │
│ ├── security/ # 🛡️ Security & Threat Analysis
│ │ ├── bot-analyzer.sh # Full bot/threat analysis
│ │ ├── live-attack-monitor.sh # Real-time attack monitoring dashboard
│ │ ├── ssh-attack-monitor.sh # SSH brute force detection
│ │ ├── web-traffic-monitor.sh # Web traffic monitoring
│ │ ├── firewall-activity-monitor.sh # CSF/iptables monitoring
│ │ ├── enable-cphulk.sh # cPHulk enablement with CSF whitelist import
│ │ ├── ip-reputation-manager.sh # Centralized IP reputation tracking
│ │ └── tail-*.sh # Various log monitoring scripts
│ │
│ ├── backup/ # 💾 Backup & Recovery (Acronis Cyber Protect)
│ │ ├── acronis-backup-manager.sh # Main backup management menu
│ │ ├── acronis-install.sh # Install Acronis agent
│ │ ├── acronis-update.sh # Update Acronis agent
│ │ ├── acronis-uninstall.sh # Uninstall Acronis agent
│ │ ├── acronis-register.sh # Register agent with cloud
│ │ ├── acronis-configure.sh # Configure agent settings
│ │ ├── acronis-agent-status.sh # Comprehensive agent status check
│ │ ├── acronis-trigger-backup.sh # Trigger manual backups with optimizations
│ │ ├── acronis-backup-status.sh # Check backup job status
│ │ ├── acronis-list-backups.sh # List all backups
│ │ ├── acronis-plan-manager.sh # Manage protection plans
│ │ ├── acronis-schedule-viewer.sh # View backup schedules
│ │ ├── acronis-restore.sh # Restore from backup
│ │ ├── acronis-logs.sh # View Acronis logs
│ │ └── acronis-troubleshoot.sh # Troubleshoot common issues
│ │
│ ├── website/ # 🌐 Website Diagnostics & Troubleshooting
│ │ ├── website-error-analyzer.sh # Comprehensive website error analysis
│ │ └── 500-error-tracker.sh # Track and analyze 500 errors
│ │
│ ├── diagnostics/ # 🔍 System Diagnostics & Log Analysis
│ │ ├── system-health-check.sh # Comprehensive health analysis
│ │ └── loadwatch-analyzer.sh # System health monitoring from loadwatch logs
│ │
│ ├── performance/ # 📊 Performance Analysis
│ │ ├── hardware-health-check.sh # Hardware diagnostics
│ │ ├── mysql-query-analyzer.sh # MySQL performance analysis
│ │ ├── network-bandwidth-analyzer.sh # Network analysis
│ │ └── (other performance modules)
│ │
│ └── maintenance/ # 🧹 System Maintenance
│ └── cleanup-toolkit-data.sh # Clean temporary toolkit data
│
├── lib/ # Shared libraries
│ ├── common-functions.sh # Reusable functions
│ ├── system-detect.sh # System type detection
│ ├── user-manager.sh # User account management
│ ├── mysql-analyzer.sh # MySQL utilities
│ └── reference-db.sh # Cross-module intelligence sharing
│
├── config/ # Configuration files
│ ├── settings.conf # Main configuration
│ ├── whitelist-ips.txt # IP whitelist
│ └── whitelist-user-agents.txt # User-Agent whitelist
│
└── tools/ # Utility scripts
├── diagnostic-report.sh # Generate system reports
└── test-*.sh # Testing utilities
🚀 Quick Start
Installation & Running
One command - automatic cleanup:
curl -sL https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit/archive/main.tar.gz | tar xz && source linux-server-management-toolkit/run.sh
When exiting (option 0), answer "yes" and cleanup happens automatically - no extra steps.
Or if already downloaded:
source /root/server-toolkit/run.sh
✨ Key Features
🛡️ Security & Threat Analysis
- 3-Mode Security Menu: Analysis / Actions / Live Monitoring
- Live Attack Monitor: Real-time SOC dashboard with threat classification
- Intelligent cPHulk Setup: Auto-imports CSF whitelists from all sources
- IP Reputation Tracking: Centralized cross-module IP intelligence
- Multi-Source Monitoring: SSH, Web, Firewall, cPHulk integration
💾 Backup & Recovery (Acronis Cyber Protect)
- Complete Agent Management: Install, update, uninstall, register
- Comprehensive Status Monitoring: Agent health, registration, cloud connectivity
- Manual Backup Triggering: CLI-managed plans with performance optimizations
- Backup Type Selection: Full, Incremental, Differential backups
- Plan Management: View, enable/disable, delete protection plans
- Restore Operations: Full restore capabilities from backups
- Troubleshooting Tools: Log viewing and automated diagnostics
🌐 Website Diagnostics
- Error Analysis: Comprehensive website error detection and troubleshooting
- 500 Error Tracking: Detailed analysis of application errors
- Log Integration: Apache, PHP-FPM, cPanel error log analysis
- Smart Recommendations: Context-aware suggestions for fixing issues
🔍 System Diagnostics & Performance Monitoring
- Comprehensive Health Checks: Hardware, services, security posture
- Loadwatch Health Analyzer: Historical system health analysis from monitoring logs
- Time-range analysis: 1h, 6h, 24h, 7d, 30d
- Memory pressure detection and swap usage trending
- CPU saturation analysis (idle, iowait, steal time)
- Process issue detection (zombies, high CPU/MEM consumers)
- MySQL performance monitoring
- Actionable recommendations based on findings
- Smart Recommendations: Context-aware suggestions based on findings
- Multi-Panel Support: cPanel, InterWorx, Plesk, standalone Apache
📊 Session Intelligence
- Reference Database: Cross-module data sharing (.sysref)
- No Historical Tracking: Session-based intelligence only
- "Download, Run, Fix, Delete": Designed for one-time troubleshooting
🎯 Usage Examples
Security Analysis with Live Monitoring
bash launcher.sh
# Select: Security & Threat Analysis
# Select: Live Monitoring & Alerts
# Select: Live Network Security Monitor
Enable cPHulk with CSF Whitelist
bash launcher.sh
# Select: Security & Threat Analysis
# Select: Security Actions & Fixes
# Select: Authentication Security
# Select: Enable cPHulk Protection
Acronis Backup Management
bash launcher.sh
# Select: Backup & Recovery
# Select: Check Agent Status (view health, registration, connectivity)
# Select: Trigger Manual Backup (with type selection and optimizations)
# Select: Manage Protection Plans
Website Error Analysis
bash launcher.sh
# Select: Website Diagnostics & Troubleshooting
# Select: Website Error Analyzer
# Choose a cPanel user account to analyze
System Health Check
bash launcher.sh
# Select: System Diagnostics
# Select: System Health Check
Loadwatch System Health Analysis
bash launcher.sh
# Select: Performance & Diagnostics
# Select: Loadwatch Health Analyzer
# Choose time range: 1h, 6h, 24h, 7d, or 30d
🔧 Configuration
Edit the configuration file:
nano /root/server-toolkit/config/settings.conf
🔒 Security Considerations
- Run as root: Most modules require root access
- Credentials stored safely: Git credentials in ~/.git-credentials (outside project)
- No sensitive data in repo: .gitignore excludes keys, tokens, credentials
- Test first: Try on non-production environments first
📊 Recent Updates (v2.2)
Multi-Control Panel Support (NEW!)
- ✅ Full cPanel support (primary platform - production ready)
- ✅ InterWorx support (validated on real servers - production ready)
- ✅ Plesk support (validated on real servers - production ready)
- ✅ Standalone Apache support (basic functionality)
- ✅ 38/38 modules refactored for multi-panel architecture (100% complete)
- ✅ Automated validation scripts for InterWorx and Plesk (13 and 15 tests)
- ✅ All critical paths verified on production systems
System Detection & Abstraction
- ✅ Automatic control panel detection (system-detect.sh)
- ✅ Multi-panel user/domain management abstraction (user-manager.sh)
- ✅ Dynamic log discovery for all panel types
- ✅ Panel-specific path handling (docroots, logs, configs)
- ✅ Zero hardcoded paths - all detection-based
Backup & Recovery
- ✅ Complete Acronis Cyber Protect integration (16 management scripts)
- ✅ Agent installation, registration, and update automation
- ✅ Comprehensive status monitoring (health, registration, connectivity)
- ✅ Manual backup triggering with performance optimizations
- ✅ Protection plan management and scheduling
Website Diagnostics
- ✅ Comprehensive website error analyzer (multi-panel)
- ✅ 500 error tracking and troubleshooting (multi-panel)
- ✅ Multi-log integration (Apache, PHP-FPM, all panels)
- ✅ Smart error detection and recommendations
Security Enhancements
- ✅ Bot analyzer with multi-panel log discovery
- ✅ Live attack monitor supporting all control panels
- ✅ Malware scanner with panel-aware docroot detection
- ✅ Centralized IP reputation tracking
- ✅ Real-time threat detection and classification
Core Infrastructure
- ✅ Modular architecture with organized category structure
- ✅ Reference database for cross-module intelligence
- ✅ Comprehensive developer documentation (REFDB_FORMAT.txt)
- ✅ Production validation complete for all major panels
🙏 Credits
Built for comprehensive cPanel/Linux server management with a focus on security and intelligent automation.
Version: 2.1.0 Repository: https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit