cschantz
612b82b27b
Implemented comprehensive attack analysis and adaptive threat scoring: 1. ATTACK VELOCITY TRACKING: - Tracks attacks per hour in 1-hour sliding window - Rapid attacks (10 in 5min) = +15pts bonus - High velocity (10-19/hr) = +20pts - Extreme velocity (20+/hr) = +30pts - Prevents slow-scan evasion 2. ATTACK DIVERSITY SCORING: - Detects multi-vector coordinated attacks - 2 vectors (SSH+Web) = +10pts - 3 vectors = +25pts "COORDINATED" - 4+ vectors = +35pts "MULTI_VECTOR" - Identifies sophisticated attackers 3. TIMING PATTERN DETECTION: - Calculates attack interval variance - Consistent intervals (variance <3s) = BOT_PATTERN +20pts - Moderate consistency (variance <10s) = LIKELY_BOT +10pts - Detects automated tools vs humans 4. REPUTATION DECAY: - Scores decay 20% every 6 hours of inactivity - Prevents permanent blacklisting of dynamic IPs - Runs every 30 minutes in background - Allows false positives to naturally clear 5. ATTACK SUCCESS DETECTION: - Detects successful WordPress logins (302 redirect) = +50pts - Admin access (POST to wp-admin) = +40pts - Shell access (200 on shell files) = +60pts CRITICAL - Prioritizes actual breaches over attempts 6. SUBNET ATTACK TRACKING: - Identifies coordinated botnet attacks from same /24 - 3 IPs from subnet = +15pts RELATED_IPS - 5 IPs = +25pts SUBNET_ATTACK - 10+ IPs = +40pts SUBNET_SWARM - Detects distributed campaigns 7. TARGET CRITICALITY ASSESSMENT: - Admin paths (/wp-admin, phpmyadmin) = +15pts - Auth endpoints (/login, wp-login.php) = +12pts - Config files (.env, .git, .sql) = +18pts - Shell/exploit attempts = +20pts CRITICAL - Upload endpoints (POST) = +15pts 8. DETAILED BLOCK REASONS: - CSF blocks now include intelligence details - Format: "Score=82 Attacks=BRUTEFORCE Intel:HIGH_VELOCITY:15/hr+BOT_PATTERN" - Explains WHY IP was blocked - Stored per-IP for manual blocks too 9. BLOCK TRACKING: - New TOTAL_BLOCKS counter in dashboard header - Tracks both auto-blocks and manual blocks - Per-IP ban_count incremented on each block - Identifies repeat offenders Integration: - All features integrated into SSH monitoring (template for others) - Block reasons saved to /tmp files for CSF submission - New data structures: IP_TIMESTAMPS, IP_ATTACK_VECTORS, SUBNET_ATTACKS - Background decay engine runs every 30min - Zero performance impact (background processing) Example Block Reason in CSF: "Auto-block: Score=95 Attacks=BRUTEFORCE Intel:HIGH_VELOCITY:18/hr+BOT_PATTERN:5s_intervals+SUBNET_ATTACK:7_IPs"
⚡ Linux Server Management Toolkit
Comprehensive cPanel/Linux server management suite with modular architecture and intelligent security features.
📦 Directory Structure
server-toolkit/
├── launcher.sh # Main menu system
├── README.md # This file
│
├── modules/ # Modular scripts organized by category
│ │
│ ├── security/ # 🛡️ Security & Threat Analysis
│ │ ├── bot-analyzer.sh # Full bot/threat analysis
│ │ ├── live-attack-monitor.sh # Real-time attack monitoring dashboard
│ │ ├── ssh-attack-monitor.sh # SSH brute force detection
│ │ ├── web-traffic-monitor.sh # Web traffic monitoring
│ │ ├── firewall-activity-monitor.sh # CSF/iptables monitoring
│ │ ├── enable-cphulk.sh # cPHulk enablement with CSF whitelist import
│ │ ├── ip-reputation-manager.sh # Centralized IP reputation tracking
│ │ └── tail-*.sh # Various log monitoring scripts
│ │
│ ├── backup/ # 💾 Backup & Recovery (Acronis Cyber Protect)
│ │ ├── acronis-backup-manager.sh # Main backup management menu
│ │ ├── acronis-install.sh # Install Acronis agent
│ │ ├── acronis-update.sh # Update Acronis agent
│ │ ├── acronis-uninstall.sh # Uninstall Acronis agent
│ │ ├── acronis-register.sh # Register agent with cloud
│ │ ├── acronis-configure.sh # Configure agent settings
│ │ ├── acronis-agent-status.sh # Comprehensive agent status check
│ │ ├── acronis-trigger-backup.sh # Trigger manual backups with optimizations
│ │ ├── acronis-backup-status.sh # Check backup job status
│ │ ├── acronis-list-backups.sh # List all backups
│ │ ├── acronis-plan-manager.sh # Manage protection plans
│ │ ├── acronis-schedule-viewer.sh # View backup schedules
│ │ ├── acronis-restore.sh # Restore from backup
│ │ ├── acronis-logs.sh # View Acronis logs
│ │ └── acronis-troubleshoot.sh # Troubleshoot common issues
│ │
│ ├── website/ # 🌐 Website Diagnostics & Troubleshooting
│ │ ├── website-error-analyzer.sh # Comprehensive website error analysis
│ │ └── 500-error-tracker.sh # Track and analyze 500 errors
│ │
│ ├── diagnostics/ # 🔍 System Diagnostics
│ │ └── system-health-check.sh # Comprehensive health analysis
│ │
│ ├── performance/ # 📊 Performance Analysis
│ │ ├── hardware-health-check.sh # Hardware diagnostics
│ │ ├── mysql-query-analyzer.sh # MySQL performance analysis
│ │ └── network-bandwidth-analyzer.sh # Network analysis
│ │
│ └── maintenance/ # 🧹 System Maintenance
│ └── cleanup-toolkit-data.sh # Clean temporary toolkit data
│
├── lib/ # Shared libraries
│ ├── common-functions.sh # Reusable functions
│ ├── system-detect.sh # System type detection
│ ├── user-manager.sh # User account management
│ ├── mysql-analyzer.sh # MySQL utilities
│ └── reference-db.sh # Cross-module intelligence sharing
│
├── config/ # Configuration files
│ ├── settings.conf # Main configuration
│ ├── whitelist-ips.txt # IP whitelist
│ └── whitelist-user-agents.txt # User-Agent whitelist
│
└── tools/ # Utility scripts
├── diagnostic-report.sh # Generate system reports
└── test-*.sh # Testing utilities
🚀 Quick Start
Installation & Running
One command - automatic cleanup:
curl -sL https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit/archive/main.tar.gz | tar xz && source linux-server-management-toolkit/run.sh
When exiting (option 0), answer "yes" and cleanup happens automatically - no extra steps.
Or if already downloaded:
source /root/server-toolkit/run.sh
✨ Key Features
🛡️ Security & Threat Analysis
- 3-Mode Security Menu: Analysis / Actions / Live Monitoring
- Live Attack Monitor: Real-time SOC dashboard with threat classification
- Intelligent cPHulk Setup: Auto-imports CSF whitelists from all sources
- IP Reputation Tracking: Centralized cross-module IP intelligence
- Multi-Source Monitoring: SSH, Web, Firewall, cPHulk integration
💾 Backup & Recovery (Acronis Cyber Protect)
- Complete Agent Management: Install, update, uninstall, register
- Comprehensive Status Monitoring: Agent health, registration, cloud connectivity
- Manual Backup Triggering: CLI-managed plans with performance optimizations
- Backup Type Selection: Full, Incremental, Differential backups
- Plan Management: View, enable/disable, delete protection plans
- Restore Operations: Full restore capabilities from backups
- Troubleshooting Tools: Log viewing and automated diagnostics
🌐 Website Diagnostics
- Error Analysis: Comprehensive website error detection and troubleshooting
- 500 Error Tracking: Detailed analysis of application errors
- Log Integration: Apache, PHP-FPM, cPanel error log analysis
- Smart Recommendations: Context-aware suggestions for fixing issues
🔍 System Diagnostics
- Comprehensive Health Checks: Hardware, services, security posture
- Smart Recommendations: Context-aware suggestions based on findings
- cPanel/WHM Integration: Native support for cPanel environments
📊 Session Intelligence
- Reference Database: Cross-module data sharing (.sysref)
- No Historical Tracking: Session-based intelligence only
- "Download, Run, Fix, Delete": Designed for one-time troubleshooting
🎯 Usage Examples
Security Analysis with Live Monitoring
bash launcher.sh
# Select: Security & Threat Analysis
# Select: Live Monitoring & Alerts
# Select: Live Network Security Monitor
Enable cPHulk with CSF Whitelist
bash launcher.sh
# Select: Security & Threat Analysis
# Select: Security Actions & Fixes
# Select: Authentication Security
# Select: Enable cPHulk Protection
Acronis Backup Management
bash launcher.sh
# Select: Backup & Recovery
# Select: Check Agent Status (view health, registration, connectivity)
# Select: Trigger Manual Backup (with type selection and optimizations)
# Select: Manage Protection Plans
Website Error Analysis
bash launcher.sh
# Select: Website Diagnostics & Troubleshooting
# Select: Website Error Analyzer
# Choose a cPanel user account to analyze
System Health Check
bash launcher.sh
# Select: System Diagnostics
# Select: System Health Check
🔧 Configuration
Edit the configuration file:
nano /root/server-toolkit/config/settings.conf
🔒 Security Considerations
- Run as root: Most modules require root access
- Credentials stored safely: Git credentials in ~/.git-credentials (outside project)
- No sensitive data in repo: .gitignore excludes keys, tokens, credentials
- Test first: Try on non-production environments first
📊 Recent Updates (v2.1)
Backup & Recovery
- ✅ Complete Acronis Cyber Protect integration (16 management scripts)
- ✅ Agent installation, registration, and update automation
- ✅ Comprehensive status monitoring (health, registration, connectivity)
- ✅ Manual backup triggering with performance optimizations
- ✅ Backup type selection (Full/Incremental/Differential)
- ✅ Protection plan management and scheduling
Website Diagnostics
- ✅ Comprehensive website error analyzer
- ✅ 500 error tracking and troubleshooting
- ✅ Multi-log integration (Apache, PHP-FPM, cPanel)
- ✅ Smart error detection and recommendations
Security Enhancements
- ✅ Centralized IP reputation tracking across modules
- ✅ Complete security menu restructure (3-mode hierarchy)
- ✅ Live network security monitoring dashboard
- ✅ Intelligent cPHulk enablement with multi-source CSF whitelist discovery
- ✅ Real-time threat detection and classification
Core Infrastructure
- ✅ Reference database for cross-module intelligence
- ✅ Git repository integration with auto-commit workflows
- ✅ Modular architecture with organized category structure
🙏 Credits
Built for comprehensive cPanel/Linux server management with a focus on security and intelligent automation.
Version: 2.1.0 Repository: https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit