cschantz
655bf18f91
FIXED: - Wrapped Maldet installation in subshell with '|| true' error handling - Changed return 1 to return 0 in Maldet installation checks - Allows installation to continue to RKHunter/ImunifyAV even if Maldet fails BEHAVIOR CHANGE: - Before: One scanner failure → entire installation stops with exit code 1 - After: One scanner failure → shows error but continues to next scanner - User gets all successfully installed scanners even if some fail This ensures that if Maldet fails to install (e.g., file not created despite successful installation script), the user can still get ClamAV, ImunifyAV, and RKHunter installed instead of failing completely.
⚡ Linux Server Management Toolkit
Comprehensive multi-panel server management suite supporting cPanel, InterWorx, Plesk, and standalone Apache with modular architecture and intelligent security features.
📦 Directory Structure
server-toolkit/
├── launcher.sh # Main menu system
├── README.md # This file
│
├── modules/ # Modular scripts organized by category
│ │
│ ├── diagnostics/ # 🔍 System Diagnostics
│ │ ├── system-health-check.sh # Comprehensive health analysis
│ │ └── loadwatch-analyzer.sh # Historical system health analysis (1h/6h/24h/7d/30d)
│ │
│ ├── security/ # 🛡️ Security & Monitoring
│ │ ├── live-attack-monitor-v2.sh # Real-time SOC dashboard with auto-mitigation
│ │ ├── live-attack-monitor.sh # Legacy attack monitoring (deprecated)
│ │ ├── bot-analyzer.sh # Full bot/threat analysis with pattern detection
│ │ ├── bot-blocker.sh # Apache User-Agent blocking manager (NEW!)
│ │ ├── malware-scanner.sh # ImunifyAV, ClamAV, Maldet integration
│ │ ├── ip-reputation-manager.sh # Centralized IP reputation tracking
│ │ ├── ssh-attack-monitor.sh # SSH brute force detection
│ │ ├── web-traffic-monitor.sh # Web traffic monitoring
│ │ ├── firewall-activity-monitor.sh # CSF/iptables monitoring
│ │ ├── enable-cphulk.sh # cPHulk enablement with CSF whitelist import
│ │ ├── optimize-ct-limit.sh # Connection tracking optimization
│ │ ├── tail-apache-access.sh # Live Apache access log viewer
│ │ ├── tail-apache-error.sh # Live Apache error log viewer
│ │ ├── tail-mail-log.sh # Live mail log viewer
│ │ └── tail-secure-log.sh # Live secure/auth log viewer
│ │
│ ├── backup/ # 💾 Backup & Recovery
│ │ ├── acronis-*.sh # Acronis Cyber Protect (17 management scripts)
│ │ │ ├── acronis-install.sh # Install Acronis agent
│ │ │ ├── acronis-register.sh # Register agent with cloud
│ │ │ ├── acronis-configure.sh # Configure backup plans
│ │ │ ├── acronis-status.sh # Agent status check
│ │ │ ├── acronis-backup-status.sh # Backup job status
│ │ │ ├── acronis-manual-backup.sh # Trigger manual backup
│ │ │ ├── acronis-restore.sh # Restore from backup
│ │ │ ├── acronis-update.sh # Update agent
│ │ │ ├── acronis-uninstall.sh # Remove agent
│ │ │ ├── acronis-troubleshoot.sh # Diagnostics and repair
│ │ │ └── (7 more utilities)
│ │ └── mysql-restore-to-sql.sh # MySQL/MariaDB database restore & dump tool
│ │
│ ├── website/ # 🌐 Website Diagnostics
│ │ ├── website-error-analyzer.sh # Comprehensive error analysis
│ │ ├── 500-error-tracker.sh # Fast 500 error tracking
│ │ ├── cloudflare-detector.sh # Cloudflare domain detection (NEW!)
│ │ ├── wordpress-menu.sh # WordPress tools submenu
│ │ └── wordpress/
│ │ └── wordpress-cron-manager.sh # WP-Cron diagnostics and management
│ │
│ ├── email/ # 📧 Email Diagnostics & Management
│ │ ├── email-diagnostics.sh # Comprehensive email diagnostics
│ │ ├── mail-log-analyzer.sh # Mail log analysis
│ │ ├── mail-queue-inspector.sh # Exim queue inspection
│ │ ├── flush-mail-queue.sh # Flush stuck mail queue
│ │ ├── blacklist-check.sh # RBL/DNSBL blacklist checker
│ │ ├── spf-dkim-dmarc-check.sh # Email authentication validator
│ │ ├── deliverability-test.sh # Email delivery testing
│ │ ├── smtp-connection-test.sh # SMTP connectivity checker
│ │ └── clean-mailboxes.sh # Mailbox cleanup utility
│ │
│ ├── performance/ # 📊 Performance Analysis
│ │ ├── nginx-varnish-manager.sh # Nginx + Varnish Cache Manager
│ │ ├── php-optimizer.sh # PHP Configuration Optimizer
│ │ ├── hardware-health-check.sh # Hardware diagnostics (SMART, sensors)
│ │ ├── mysql-query-analyzer.sh # MySQL performance analysis
│ │ └── network-bandwidth-analyzer.sh # Network analysis
│ │
│ └── maintenance/ # 🧹 System Maintenance
│ ├── cleanup-toolkit-data.sh # Clean temporary toolkit data
│ └── disk-space-analyzer.sh # Disk usage analysis and recommendations
│
├── lib/ # Shared libraries
│ ├── common-functions.sh # Reusable UI, logging, and utility functions
│ ├── system-detect.sh # Multi-panel system detection (cPanel/Plesk/InterWorx)
│ ├── user-manager.sh # User account management across panels
│ ├── domain-discovery.sh # Multi-panel domain discovery
│ ├── reference-db.sh # Cross-module intelligence sharing (.sysref)
│ │
│ ├── attack-patterns.sh # Attack pattern definitions and scoring
│ ├── attack-signatures.sh # 24+ attack signature detection rules
│ ├── bot-signatures.sh # Bot classification (legitimate vs malicious)
│ ├── http-attack-analyzer.sh # HTTP attack analysis engine
│ ├── threat-intelligence.sh # Threat scoring and intelligence aggregation
│ ├── ip-reputation.sh # IP reputation tracking and querying
│ ├── rate-anomaly-detector.sh # Request rate anomaly detection
│ │
│ ├── mysql-analyzer.sh # MySQL performance utilities
│ ├── php-detector.sh # PHP configuration detection
│ ├── php-analyzer.sh # PHP performance analysis engine
│ ├── php-config-manager.sh # PHP config backup/restore/modification
│ ├── email-functions.sh # Email-related utilities
│ └── plesk-helpers.sh # Plesk-specific helper functions
│
├── config/ # Configuration files
│ ├── settings.conf # Main configuration
│ ├── whitelist-ips.txt # IP whitelist
│ └── whitelist-user-agents.txt # User-Agent whitelist
│
└── tools/ # Utility scripts
├── diagnostic-report.sh # Generate comprehensive system reports
├── toolkit-qa-check.sh # Quality assurance checker (88 tests)
├── qa-functional-tests.sh # Functional testing suite
├── update-attack-signatures.sh # Update attack signature database
├── analyze-historical-attacks.sh # Historical attack pattern analysis
└── erase-toolkit-traces.sh # Complete toolkit removal utility
🚀 Quick Start
Installation & Running
One command - automatic cleanup:
curl -sL https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit/archive/main.tar.gz | tar xz && source linux-server-management-toolkit/run.sh
When exiting (option 0), answer "yes" and cleanup happens automatically - no extra steps.
Or if already downloaded:
source /root/linux-server-management-toolkit/run.sh
✨ Key Features
🛡️ Security & Monitoring
- Live Attack Monitor v2: Real-time SOC dashboard with intelligent auto-blocking
- Auto-Mitigation Engine: Automatic blocking at Score >= 80 (critical) or >= 100 (instant)
- Distributed Attack Detection: Blocks coordinated attacks (5+ IPs, 25+ for subnet-level blocking)
- 24 Attack Signatures: RCE, SQL injection, XSS, path traversal, SSRF, XXE, credential stuffing, and more
- IPset Integration: Kernel-level blocking for instant response (batched for performance)
- Bot Classification: Distinguishes legitimate bots (Google, Bing) from AI scrapers and attack tools
- Attack Scoring System: Dynamic scoring with volume bonuses and attack severity weighting
- Multi-Source Monitoring: HTTP, SSH, Email, FTP, Database, Network attacks in unified dashboard
- Bot Blocker: Apache User-Agent blocking manager with one-click enable/disable
- Blocks 24+ malicious bots: security scanners, AI scrapers, SEO bots, vulnerability scanners
- Safe Apache restart with automatic rollback on syntax errors
- Configuration backup and restore capability
- Syntax validation before applying changes
- Bot & Traffic Analyzer: Full bot/threat analysis with pattern detection
- IP Reputation Manager: Centralized cross-module IP intelligence with query/tracking
- Malware Scanner: ImunifyAV, ClamAV, and Maldet integration with auto-installation
- cPHulk Integration: Auto-imports CSF whitelists from all sources
- Specialized Monitors: SSH attacks, web traffic, firewall activity
- Log Viewers: Live tail for Apache access/error, mail, and security logs
- No System Pollution: All data stored in /tmp (auto-cleanup on reboot, no /var/lib/ files)
💾 Backup & Recovery
- Acronis Cyber Protect: Complete agent management (install, update, configure, monitor, troubleshoot)
- MySQL Database Restore Tool: Advanced recovery from file-based backups with intelligent Force Recovery
- Multi-control panel support (cPanel, InterWorx, Plesk, standalone)
- Smart detection for selective restore scenarios
- Safe single-database extraction from full backups
- Clean SQL export for production import
🌐 Website Diagnostics
- Error Analysis: Comprehensive website error detection and troubleshooting
- 500 Error Tracking: Detailed analysis of application errors
- Cloudflare Detector: Identify domains using Cloudflare with datacenter locations
- Distinguishes between Proxied (orange cloud) and DNS-Only (gray cloud)
- Shows Cloudflare datacenter locations (Chicago, Los Angeles, etc.)
- Detects NXDOMAIN domains that need cleanup
- Triple validation: nameservers, IP ranges, CF-RAY headers
- Helps debug regional outages and cache issues
- WordPress Tools: WP-Cron manager for WordPress diagnostics
- Log Integration: Apache, PHP-FPM, cPanel error log analysis
- Smart Recommendations: Context-aware suggestions for fixing issues
📧 Email Diagnostics & Management
- Comprehensive Email Diagnostics: Full email system health check
- Mail Log Analyzer: Parse and analyze mail logs for delivery issues
- Mail Queue Inspector: Inspect stuck/frozen mail queue with filtering
- Flush Mail Queue: Clear stuck messages from Exim queue
- Blacklist Checker: Check server IP against 50+ RBL/DNSBL lists
- SPF/DKIM/DMARC Validator: Verify email authentication records
- Deliverability Testing: Send test emails and verify delivery
- SMTP Connection Test: Test SMTP connectivity and authentication
- Mailbox Cleanup: Clean up mailbox quotas and old messages
🔍 Performance & Diagnostics
- System Health Check: Comprehensive hardware, services, and security posture analysis
- Loadwatch Analyzer: Historical system health analysis (1h/6h/24h/7d/30d time ranges)
- MySQL Query Analyzer: Slow query detection and optimization recommendations
- Network & Bandwidth Analyzer: Traffic analysis and top consumers
- Hardware Health Check: SMART, memory, CPU sensors
- PHP Configuration Optimizer: Per-domain PHP-FPM tuning with auto-backup and zero downtime
- Nginx + Varnish Cache Manager: Complete Varnish cache installation and management for cPanel
- 99.5% Stock Compliance: Only settings.json modified (RPM config file)
- Full HTTP + HTTPS Caching: SSL termination at Nginx, HTTP backends to Varnish
- Update Survival: Proven to survive ea-nginx package updates and rebuilds
- 93 Static File Types: Images, fonts, CSS/JS, videos, documents, archives, and more
- Self-Healing: 8 automatic fixes including config-script integrity checks
- Complete Backup/Revert: Full restoration to pre-installation state
- Smart Bypasses: AutoSSL, cPanel services, admin pages, POST requests
- Automated Audit: 44 tests verify configuration and functionality
- Multi-Panel Support: cPanel, InterWorx, Plesk, standalone Apache
📊 Session Intelligence
- Reference Database: Cross-module data sharing (.sysref)
- No Historical Tracking: Session-based intelligence only
- "Download, Run, Fix, Delete": Designed for one-time troubleshooting
🎯 Usage Examples
Quick System Health Check
bash launcher.sh
# Select: 1) System Health Check
Security Analysis & Monitoring
bash launcher.sh
# Select: 2) Security & Monitoring
# Options:
# - Live Attack Monitor v2 (real-time SOC dashboard with auto-blocking)
# * Monitors HTTP, SSH, Email, FTP, Database, Network attacks
# * Auto-blocks IPs at Score >= 80 (critical) or >= 100 (instant)
# * Detects distributed attacks (5+ IPs) and blocks all participants
# * Subnet blocking when 25+ IPs attack from same /24 range
# * IPset kernel-level blocking for instant response
# - Bot Blocker (Apache User-Agent blocking)
# * One-click enable/disable
# * Blocks 24+ malicious bots (scanners, scrapers, AI bots)
# * Safe Apache restart with syntax validation
# * Automatic backup and restore
# - Bot & Traffic Analyzer (full scan or 1-hour quick scan)
# - IP Reputation Manager
# - Malware Scanner (ImunifyAV, ClamAV, Maldet with auto-install)
# - Enable cPHulk Protection
# - SSH/Web/Firewall attack monitors
Website Diagnostics
bash launcher.sh
# Select: 3) Website Diagnostics
# Options:
# - Website Error Analyzer (comprehensive error detection)
# - Fast 500 Error Tracker (500 errors only)
# - Cloudflare Detector
# * Scan all domains or check single domain
# * Shows Proxied (orange cloud) vs DNS-Only (gray cloud)
# * Displays datacenter locations (Chicago, LA, etc.)
# * Identifies NXDOMAIN domains that need cleanup
# - WordPress Tools (WP-Cron manager)
Email Diagnostics
bash launcher.sh
# Select: 6) Email Diagnostics
# Options:
# - Comprehensive Email Diagnostics
# - Mail Log Analyzer
# - Mail Queue Inspector
# - Blacklist Checker (RBL/DNSBL)
# - SPF/DKIM/DMARC Validator
# - Deliverability Testing
# - SMTP Connection Test
# - Flush Mail Queue
# - Clean Mailboxes
Performance Analysis
bash launcher.sh
# Select: 4) Performance Analysis
# Options:
# - MySQL Query Analyzer (slow query detection)
# - Network & Bandwidth Analyzer
# - Hardware Health Check
# - PHP Configuration Optimizer (per-domain tuning)
# - Nginx + Varnish Cache Manager (transparent caching layer)
# - Loadwatch Health Analyzer (1h/6h/24h/7d/30d analysis)
Backup & Recovery
bash launcher.sh
# Select: 5) Backup & Recovery
# Options:
# - Acronis Management (complete backup interface)
# - MySQL File Restore (convert DB files to SQL)
🔧 Configuration
Edit the configuration file:
nano /root/server-toolkit/config/settings.conf
🔒 Security Considerations
- Run as root: Most modules require root access
- Credentials stored safely: Git credentials in ~/.git-credentials (outside project)
- No sensitive data in repo: .gitignore excludes keys, tokens, credentials
- Test first: Try on non-production environments first
📊 Recent Updates (v2.3)
January 2026 Highlights - Performance & Security
Week 4 - Cloudflare & Bot Management
- Cloudflare Detector: Advanced Cloudflare domain detection with location tracking (NEW!)
- Distinguishes between Proxied (orange cloud) and DNS-Only (gray cloud) configurations
- Shows datacenter locations with city names (Chicago, Los Angeles, etc.)
- NXDOMAIN detection for identifying old/deleted domains
- Triple validation: nameservers, IP range matching, CF-RAY header analysis
- Helps debug regional outages and identify misconfigured domains
- Bot Blocker: Apache User-Agent blocking manager for malicious bots (NEW!)
- One-click enable/disable for 24+ malicious user-agents
- Blocks: security scanners (nikto, nmap), AI scrapers (GPTBot, Claude-Web), SEO bots
- Safe Apache restart with syntax validation and automatic rollback
- Configuration backup/restore with timestamped backups
- Real-time testing to verify blocking effectiveness
Week 3 - Varnish Cache & Auto-Mitigation
- Nginx + Varnish Cache Manager: Complete Varnish cache installation system
- 99.5% stock compliance (only settings.json modified)
- Full HTTP + HTTPS caching via SSL termination and config-script automation
- Proven update survival (RPM config file preservation)
- 93 static file types cached
- 8 self-healing auto-fixes
- Complete backup/revert capability
- Automated 44-test audit system
- Auto-Mitigation Engine: Automatic IP blocking at Score >= 80/100 via IPset (kernel-level)
- Distributed Attack Blocking: Detects and blocks coordinated botnet attacks (5+ IPs)
- Subnet-Level Blocking: Blocks entire /24 subnets when 25+ IPs attack from same range
- Attack Signature Improvements: Fixed false positives in HTTP_SMUGGLING and SUSPICIOUS_UA detection
- Function Exports: Fixed critical bug preventing HTTP attack auto-blocking in subshells
- No System Pollution: Moved all persistent data from /var/lib/ to /tmp/ for clean removal
- Maldet Auto-Installation: Enhanced Plesk support with improved directory detection
December 2025 Highlights
- Launcher Cleanup: Removed 90+ phantom menu items, reduced from 1,576 to 574 lines (64% reduction)
- Performance: Cached domain status checks save ~5 minutes on 50-domain servers
- MySQL Restore Tool: Advanced database recovery with intelligent Force Recovery detection
- Multi-Panel: Full support for cPanel, InterWorx, Plesk, standalone Apache
Current Feature Set
- 60+ Working Modules: Security (14), Website (5), Email (9), Performance (5), Backup (18), Diagnostics (2), Maintenance (2)
- 18 Shared Libraries: Attack detection, bot classification, system detection, PHP/MySQL analysis
- 6 Utility Tools: QA checker (88 tests), attack signature updater, diagnostic reports
- 24 Attack Signatures: RCE, SQL Injection, XSS, Path Traversal, SSRF, XXE, and more
- Bot Management: Auto-blocking malicious bots via Apache User-Agent filtering
- Cloudflare Integration: Advanced detection with datacenter location tracking
- Varnish Cache: Transparent caching layer with 99.5% stock compliance
- Email Diagnostics: Complete email troubleshooting suite with RBL checking
- Reference Database: 1-hour cached status for cross-module intelligence
- Zero Hardcoded Paths: Automatic control panel detection and path abstraction
- Self-Contained Design: Delete toolkit directory = all data removed (no system files)
🙏 Credits
Built for comprehensive cPanel/Linux server management with a focus on security and intelligent automation.
Version: 2.3.0 Last Updated: January 28, 2026 Repository: https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit
📈 Statistics
- Total Modules: 60+
- Shared Libraries: 18
- Attack Signatures: 24+
- Supported Panels: cPanel, InterWorx, Plesk, Standalone
- Lines of Code: ~30,000+
- QA Tests: 88 automated checks