Linux-Server-Management-Toolkit

cschantz/Linux-Server-Management-Toolkit

Files

T

cschantz 1f8e3e2ca8 Add IP reputation tracking for ET Open detections + historical analyzer to menu

IP Reputation Tracking:
- ET attack scores now properly boost IP threat scores
- When ET detects attack (score 85-100), adds to IP's cumulative score
- Example: IP at score 50 + ET attack 95 = total 100 (capped)
- Tracks across multiple requests from same IP
- Higher scores = faster blocking/banning

How it works:
1. ET detection runs: analyze_http_log_line() returns score
2. Score added to IP's existing threat score in IP_DATA array
3. Display shows boosted score
4. Auto-block triggers at combined score ≥90

Menu Integration:
- Added option 15 to Security menu
- 🛡️ Historical Attack Analysis - Scan past logs for attacks (ET Open)
- Launches: tools/analyze-historical-attacks.sh
- Features:
  - Scan last 7/30/custom days
  - Analyze specific log files
  - Generate comprehensive reports
  - Top attackers, signatures, attack types
  - Supports compressed logs (gzip, bzip2)

Testing:
✅ Syntax validated
✅ Tracking logic verified (50 + 95 = 100)
✅ Menu navigation works
✅ Historical analyzer accessible

Now when IPs attack repeatedly:
- First attack: Score increases by attack severity
- Subsequent attacks: Scores accumulate
- Persistent attackers: Reach blocking threshold faster
- Dashboard shows current cumulative score

2025-12-13 02:21:28 -05:00

bot-analyzer.sh

Optimize bot-analyzer to use cached domain status from reference database

2025-12-11 15:54:22 -05:00

enable-cphulk.sh

Fix cPHulk to use SQLite database instead of MySQL

2025-12-11 17:01:17 -05:00

firewall-activity-monitor.sh

Initial commit: Server Management Toolkit v2.0

2025-11-03 18:21:40 -05:00

ip-reputation-manager.sh

Fix final 10 HIGH integer comparisons in live-attack-monitor and ip-reputation-manager