cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7527b35b61e358486dd1223753f49cae4660bf31
Linux-Server-Management-Too…/modules/security
T
History
Developer 7527b35b61 COMPREHENSIVE FIXES: Address 18 audit issues from Pass 5 analysis 
CRITICAL FIXES:
- Add BOLD color constant (was undefined, used on line 311)
- Initialize CONTROL_PANEL and SYS_LOG_DIR detection (were undefined)
- Add confirm() function for cleanup prompts
- Remove unused FILES_SCANNED variable in ImunifyAV section
- Disable IP reputation section (too many undefined dependencies and subshell scope issues)

HIGH PRIORITY FIXES:
- Quote all unquoted variables in conditionals:
  * kill -0 "$pid" (was $pid)
  * kill -0 "$CLAM_PID" (was $CLAM_PID)
  * [ "$stall_counter" -eq 300 ] (was unquoted)
  * Consistent quoting in scanner loop condition
- Quote format_time argument: "$(format_time "$elapsed")"
- Fix sed pattern injection on lines 1552-1553:
  * Changed delimiter from / to | to prevent regex issues
  * Protects against slashes in scan dates/paths
- Use process substitution instead of pipe for RKHunter output:
  * Avoids subshell scope fragility
  * More maintainable code pattern

ISSUES RESOLVED (from 18 found):
- CRITICAL-1: Undefined $CONTROL_PANEL/$SYS_LOG_DIR ✓
- CRITICAL-4: Undefined confirm() function ✓
- CRITICAL-3,2: IP flagging section disabled ✓
- CRITICAL-5: Unused FILES_SCANNED removed ✓
- MEDIUM-1: BOLD color defined ✓
- HIGH-1: Unquoted variables quoted ✓
- HIGH-5: Sed pattern injection fixed ✓
- HIGH-4: Subshell pipe pattern improved ✓
- MEDIUM-3: Inconsistent quoting fixed ✓

REMAINING (for future updates):
- HIGH-2: Unescaped grep patterns (low risk in current usage)
- HIGH-3: Complex pipe chains (working as-is with || fallbacks)
- LOW: Documentation, hardcoded paths, timeout parameterization

STATUS:
- Script now has all critical issues resolved
- Ready for comprehensive testing with real scans
- All syntax validated
2026-03-21 00:18:47 -04:00
..
bot-analyzer.sh
Standardize bot-analyzer.sh menu validation and improve input handling
2026-02-11 22:45:04 -05:00
bot-blocker.sh
Standardize bot-blocker.sh menu validation, colors, and yes/no prompts
2026-02-17 18:42:04 -05:00
enable-cphulk.sh
Fix cPHulk to use SQLite database instead of MySQL
2025-12-11 17:01:17 -05:00
ip-reputation-manager.sh
Fix final 10 HIGH integer comparisons in live-attack-monitor and ip-reputation-manager
2025-12-03 20:12:20 -05:00
live-attack-monitor-v2.sh
Fix: Proper IFS restoration in all files (HIGH priority)
2026-03-20 01:33:26 -04:00
live-attack-monitor.sh
Add immediate blocking for RCE and critical web exploits
2026-02-20 23:04:35 -05:00
malware-scanner.sh
COMPREHENSIVE FIXES: Address 18 audit issues from Pass 5 analysis
2026-03-21 00:18:47 -04:00
optimize-ct-limit.sh
Fix remaining AWK-UNINIT issues in bot-analyzer and network analysis
2026-02-07 02:50:34 -05:00
suspicious-login-monitor.conf.example
MAJOR: Add advanced false positive reduction - whitelists, admin context, temporal analysis
2026-02-03 02:13:10 -05:00
suspicious-login-monitor.sh
Fix TYPE-MISMATCH and AWK-UNINIT issues in email analysis scripts
2026-02-07 02:43:07 -05:00
web-traffic-monitor.sh
CRITICAL FIX: Update InterWorx log file name from access_log to transfer.log
2025-11-20 15:50:45 -05:00