cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
348dc6951dc58ba9c8041b7bb56abd80f2b5e97e
Linux-Server-Management-Too…/INTERWORX_COMPATIBILITY_AUDIT.md
T
cschantz f522ba80b7 DEEP AUDIT UPDATE: Found hidden cPanel API dependencies 
CRITICAL NEW FINDINGS:

1. WordPress Cron Manager - CATASTROPHIC
   - 33 references to /var/cpanel/userdata
   - 9 references to public_html
   - Completely relies on cPanel userdata for domain→user lookups
   - Will be 100% broken on InterWorx without major refactor

2. cPanel API Dependencies - SILENT FAILURES
   - whmapi1/uapi calls found in 3 modules
   - These commands DON'T EXIST on InterWorx!
   - Will fail silently without proper error handling

   Affected modules:
   - live-attack-monitor.sh: whmapi1 cphulkd_list_blocks/add_whitelist
   - enable-cphulk.sh: Multiple whmapi1 calls
   - system-health-check.sh: whmapi1 in help messages

3. 500-error-tracker.sh - PHP Handler Issues
   - Reads php_admin_value from /var/cpanel/userdata
   - InterWorx uses different PHP configuration method

UPDATED TOTALS:
- Was: 14 modules need fixes
- Now: 16 modules need fixes
- 3 with critical API dependencies
- 1 requires complete refactor (wordpress-cron-manager)

SOLUTION DOCUMENTED:
- Wrap ALL whmapi1/uapi calls in SYS_CONTROL_PANEL checks
- InterWorx has ModSecurity + fail2ban (no CPHulk equivalent)
- Must fail gracefully with warnings

UPDATED IMPLEMENTATION PLAN:
- Phase 3: Security modules + API wrapping
- Phase 4: WordPress + website diagnostics (MAJOR REFACTOR)
- Phase 5: Monitoring tools
- Phase 6: System health conditional checks

This audit is now COMPLETE and accurate.
2025-11-19 19:45:07 -05:00

12 KiB
Raw Blame History

InterWorx Compatibility Audit Report

Generated: 2025-11-19 Toolkit Version: Latest from git

Executive Summary

Out of 38 total modules, 16 modules have cPanel-specific dependencies that will break on InterWorx servers.

Compatibility Status:

  • 3 modules - Already InterWorx compatible (using SYS_LOG_DIR)
  • ⚠️ 16 modules - Need InterWorx fixes (hardcoded paths + API calls)
  • 19 modules - Control panel agnostic (no paths)

CRITICAL NEW FINDINGS (Deep Audit):

whmapi1/uapi API Dependencies Found:

  • These cPanel APIs will FAIL silently on InterWorx!
  • Found in: live-attack-monitor.sh, enable-cphulk.sh, system-health-check.sh

WordPress Module Crisis:

  • wordpress-cron-manager.sh: 33 userdata references, 9 public_html references
  • Completely broken on InterWorx without major refactor

Critical Path Differences: cPanel vs InterWorx

Resource cPanel Location InterWorx Location
Access Logs /var/log/apache2/domlogs/domain.com /home/user/var/domain.com/logs/access_log
Error Logs /var/log/apache2/domlogs/domain-error_log /home/user/var/domain.com/logs/error_log
Document Root /home/user/public_html /home/user/domain.com/html
User Config /var/cpanel/users/username NodeWorx DB or listaccounts.pex
Domain Config /var/cpanel/userdata/user/domain /etc/httpd/conf.d/vhost_domain.conf
Main IP /var/cpanel/mainip /usr/local/interworx/iworx.ini
PHP Error Logs /home/user/public_html/error_log /home/user/domain.com/html/error_log

Modules Requiring Fixes

PRIORITY 1: Critical Security Modules

1. live-attack-monitor.sh ⚠️ CRITICAL PRIORITY

Issues:

  • Line 1256: LOG_DIR="${SYS_LOG_DIR:-/var/log/apache2/domlogs}"
  • Line 1261-1262: Hardcoded /var/log/httpd/access_log
  • Line 1267: Comment mentions "cPanel domlogs"
  • Line 1537: CPHulk detection (cPanel-only feature)
  • NEW: Uses whmapi1 cphulkd_list_blocks - cPanel API call!
  • NEW: Uses whmapi1 cphulkd_add_whitelist - cPanel API call!

Fix Required:

  • Already uses SYS_LOG_DIR (GOOD!)
  • But fallback is wrong - should use system-detect.sh
  • Add InterWorx log discovery like bot-analyzer
  • Wrap ALL whmapi1 calls in if [ "$SYS_CONTROL_PANEL" = "cpanel" ]
  • CPHulk features should be cPanel-only conditional

Impact: Real-time attack monitoring won't see attacks on InterWorx + API calls will fail

2. malware-scanner.sh ⚠️ HIGH PRIORITY

Issues:

  • Line 31: /usr/local/cpanel/3rdparty/bin/clamscan check
  • Line 182: cPanel detection check
  • Line 353: PATH with cPanel 3rdparty
  • Line 429: get_user_docroots() function
  • Line 878-880: Hardcoded /var/log/apache2/domlogs search

Fix Required:

  • Use system-detect.sh for ClamAV path detection
  • Fix get_user_docroots() to use user-manager.sh functions
  • Support InterWorx document roots: /home/user/domain.com/html
  • Fix log file discovery for malware analysis

Impact: Malware scanner won't find infected files in InterWorx sites

3. optimize-ct-limit.sh ⚠️ MEDIUM PRIORITY

Issues:

  • Line 292: log_dir="${SYS_LOG_DIR:-/var/log/apache2/domlogs}"

Fix Required:

  • Already uses SYS_LOG_DIR (GOOD!)
  • Fallback should be removed (rely on system-detect.sh)

Impact: Can't analyze connection limits on InterWorx

PRIORITY 2: Website Diagnostic Modules

4. website-error-analyzer.sh ⚠️ HIGH PRIORITY

Issues:

  • Line 19: DOMLOGS_DIR="/var/log/apache2/domlogs"
  • Line 140: Hardcoded Apache error log paths
  • Line 153: /var/cpanel/users/* for user lookup
  • Line 161: find /home/*/public_html -name "error_log"
  • Line 176-177: Reads /var/cpanel/users/$FILTER_USER
  • Line 339: User lookup via /var/cpanel/users/*
  • Line 341: .user.ini in public_html
  • Line 815: Error log path in public_html

Fix Required:

  • Use SYS_LOG_DIR from system-detect.sh
  • Use get_user_info() and get_user_domains() from user-manager.sh
  • Support InterWorx document roots: /home/user/domain.com/html
  • Support InterWorx error logs: /home/user/var/domain.com/logs/error_log

Impact: Can't diagnose website errors on InterWorx

5. 500-error-tracker.sh ⚠️ HIGH PRIORITY

Issues:

  • Line 60: DOMLOGS_DIR="/var/log/apache2/domlogs"
  • Line 83: /var/cpanel/users/* for domain→user lookup
  • Line 233: docroot="/home/$user/public_html"
  • Line 261: Error log in public_html
  • Line 264-265: Hardcoded domlog paths
  • Line 454: /var/cpanel/userdata/$user/$domain
  • Line 679: Fix suggestion mentions public_html

Fix Required:

  • Use SYS_LOG_DIR from system-detect.sh
  • Use get_user_info() for user lookups
  • Support InterWorx document roots: /home/user/domain.com/html
  • Support InterWorx error logs in /home/user/var/domain.com/logs/

Impact: Can't track 500 errors on InterWorx

6. wordpress-cron-manager.sh ⚠️ CRITICAL PRIORITY

Issues:

  • 33 references to /var/cpanel/userdata - HEAVY dependency!
  • 9 references to public_html - Wrong document root
  • Domain→user lookup completely relies on userdata files
  • Checks userdata for servername, main_domain, etc.
  • WordPress detection searches in /home/*/public_html

Fix Required:

  • Complete refactor required!
  • Replace ALL userdata reads with get_user_info() and get_user_domains()
  • Support InterWorx document roots: /home/user/domain.com/html
  • WordPress detection must search both public_html AND domain.com/html
  • Domain→user mapping must use user-manager.sh functions

Impact: WordPress cron management completely broken on InterWorx

PRIORITY 3: Live Monitoring Tools

7. web-traffic-monitor.sh ⚠️ MEDIUM PRIORITY

Issues:

  • Line 12-13: Hardcoded /var/log/apache2/domlogs
  • Line 32: Error message mentions "domlogs"

Fix Required:

  • Use SYS_LOG_DIR from system-detect.sh
  • Add InterWorx log discovery

Impact: Can't monitor live web traffic on InterWorx

7. tail-apache-access.sh ⚠️ LOW PRIORITY

Issues:

  • Line 8: Hardcoded /var/log/apache2/domlogs/*

Fix Required:

  • Use SYS_LOG_DIR from system-detect.sh
  • Support InterWorx: tail -f /home/*/var/*/logs/access_log

Impact: Simple log tailing won't work

8. tail-apache-error.sh ⚠️ LOW PRIORITY

Issues:

  • Line 8: Hardcoded /var/log/httpd/error_log

Fix Required:

  • Use system-detect.sh to find Apache error log location
  • InterWorx: Per-domain error logs at /home/user/var/domain.com/logs/error_log

Impact: Can't tail error logs on InterWorx

PRIORITY 4: Performance Analysis

9. network-bandwidth-analyzer.sh ⚠️ MEDIUM PRIORITY

Issues:

  • Line 187-192: Hardcoded log directory detection

Fix Required:

  • Use SYS_LOG_DIR from system-detect.sh
  • Add InterWorx log discovery

Impact: Can't analyze bandwidth usage on InterWorx

PRIORITY 5: cPanel-Specific Modules (Expected)

10. enable-cphulk.sh N/A - cPanel Only

Issues:

  • Line 42: /usr/local/cpanel/bin/cphulk_pam_ctl check
  • Line 58, 68, 287: cPanel-specific commands
  • Line 131, 133: /var/cpanel/ and /usr/local/cpanel/ paths

Fix Required:

  • None - this is cPanel-specific
  • Should check SYS_CONTROL_PANEL=cpanel before running
  • Add warning for non-cPanel systems

PRIORITY 6: Diagnostic Tools

11. system-health-check.sh ⚠️ LOW PRIORITY

Issues:

  • Line 492-493: Hardcoded /var/log/httpd/error_log
  • Line 606-608: cPanel CPHulk checks
  • Line 941-942: cPanel version detection
  • Line 1205: Error log path in suggestion

Fix Required:

  • Use system-detect.sh for log paths
  • Make CPHulk checks conditional on SYS_CONTROL_PANEL=cpanel
  • Control panel version already detected in system-detect.sh

Impact: Health checks may miss issues on InterWorx

PRIORITY 7: Backup Tools

12. acronis-configure.sh DOCUMENTATION ONLY

Issues:

  • Line 52: Echo message mentions public_html

Fix Required:

  • Update documentation to mention both cPanel and InterWorx paths
  • No functional impact (just display text)

Modules Already Compatible

These modules already use SYS_LOG_DIR or user-manager.sh functions:

  1. bot-analyzer.sh - FIXED in Phase 1 & 2
  2. optimize-ct-limit.sh - Uses SYS_LOG_DIR (just needs fallback removed)
  3. mysql-query-analyzer.sh - Uses get_user_* functions

Modules That Are Control Panel Agnostic

These modules don't use control panel-specific paths (21 total):

  • All Acronis backup modules (13 modules)
  • Hardware health check
  • SSH attack monitor
  • Firewall activity monitor
  • Tail secure log
  • Tail mail log
  • IP reputation manager
  • Cleanup toolkit data
  • WordPress modules

Recommended Implementation Plan

Phase 3: Critical Security Modules (NEXT)

  1. malware-scanner.sh - Fix document root discovery + cPanel path assumptions
  2. live-attack-monitor.sh - Fix log discovery + wrap whmapi1 calls
  3. optimize-ct-limit.sh - Remove hardcoded fallback

Phase 4: Critical Website Modules

  1. wordpress-cron-manager.sh - MAJOR REFACTOR (33 userdata refs, 9 public_html refs)
  2. website-error-analyzer.sh - Full InterWorx support
  3. 500-error-tracker.sh - Full InterWorx support + PHP handler detection

Phase 5: Monitoring Tools

  1. web-traffic-monitor.sh
  2. network-bandwidth-analyzer.sh
  3. tail-apache-access.sh
  4. tail-apache-error.sh

Phase 6: System Tools

  1. system-health-check.sh - Make cPanel checks conditional + wrap whmapi1 references

cPanel API Compatibility Issue

The Problem:

Several modules use cPanel's whmapi1/uapi commands that do not exist on InterWorx.

Affected Modules:

  1. live-attack-monitor.sh - whmapi1 cphulkd_list_blocks, whmapi1 cphulkd_add_whitelist
  2. enable-cphulk.sh - Multiple whmapi1 calls (cPanel-only module, expected)
  3. system-health-check.sh - whmapi1 references in help messages

Solution:

Wrap ALL API calls in control panel detection:

if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then
    whmapi1 cphulkd_list_blocks
fi

InterWorx Alternatives:

  • CPHulk equivalent: InterWorx has ModSecurity + fail2ban (different approach)
  • No direct API equivalent for CPHulk features
  • Should detect and skip gracefully with warning

Standard Fix Pattern

For all modules, follow this pattern:

1. Replace hardcoded paths with system-detect.sh:

# OLD (BAD):
LOG_DIR="/var/log/apache2/domlogs"

# NEW (GOOD):
LOG_DIR="${SYS_LOG_DIR}"  # Auto-detected in system-detect.sh

2. Use user-manager.sh functions:

# OLD (BAD):
user=$(grep -l "DNS.*$domain" /var/cpanel/users/* 2>/dev/null | ...)

# NEW (GOOD):
eval $(get_user_info "$username")
# Now you have: $USER_EXISTS, $PRIMARY_DOMAIN, $ALL_DOMAINS, $HOME_DIR

3. Support both document root patterns:

# OLD (BAD):
docroot="/home/$user/public_html"

# NEW (GOOD):
if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then
    docroot="/home/$user/$domain/html"
else
    docroot="/home/$user/public_html"
fi

4. Add InterWorx log discovery:

if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then
    find /home/*/var/*/logs -name "access_log" ...
else
    find "$LOG_DIR" -type f ! -name "*-bytes_log" ...
fi

Testing Checklist

For each fixed module, test on:

  • cPanel server (regression test)
  • InterWorx server (new functionality)
  • Standalone server (no control panel)

Estimated Effort

  • Phase 3: 2-3 hours (3 critical security modules)
  • Phase 4: 2-3 hours (2 website diagnostic modules)
  • Phase 5: 1-2 hours (4 simple monitoring tools)
  • Phase 6: 1 hour (system health check)

Total: ~8 hours to achieve full InterWorx parity

Current Progress

  • Phase 1: user-manager.sh InterWorx support (COMPLETE)
  • Phase 2: bot-analyzer.sh + system-detect.sh improvements (COMPLETE)
  • Phase 3: Critical security modules (PENDING)
Reference in New Issue View Git Blame Copy Permalink