cschantz
dbb4322cd2
PROBLEM: Live monitor showed static CT_LIMIT="100" recommendation - No analysis of actual site traffic - No consideration of legitimate high-connection users - Could block CDNs, bots, or legitimate traffic spikes - No way to know what's safe for the specific server SOLUTION: Created comprehensive CT_LIMIT optimizer script NEW SCRIPT: modules/security/optimize-ct-limit.sh WHAT IT DOES: 1. Analyzes Apache logs (last 24 hours by default) - Parses all domain logs in /var/log/apache2/domlogs/ - Tracks max concurrent connections per IP per domain - Identifies user agents and behavior patterns 2. Classifies IP behavior using bot-signatures.sh - Legitimate bots (Googlebot, Bingbot, etc.) - AI crawlers (GPT, Claude, etc.) - CDNs (Cloudflare, Akamai, etc.) - Normal users vs high-traffic users - Potential scrapers 3. Analyzes current active connections - Uses ss or netstat to check real-time connections - Identifies current highest connection counts 4. Calculates statistics - 95th percentile of legitimate user connections - 99th percentile for headroom - Max concurrent from single legitimate IP - Separates bot/CDN traffic from user traffic 5. Provides 3 recommendations: a) CONSERVATIVE (max_legit + 20) - For high-traffic sites b) BALANCED (max_legit + 10) - Recommended for most ⭐ c) AGGRESSIVE (max_legit + 5) - Only during active attack 6. Whitelist recommendations - Identifies bots/CDNs exceeding recommended limit - Suggests specific IPs to whitelist in CSF - Prevents blocking Googlebot, monitoring services, etc. 7. One-command application - Backs up csf.conf automatically - Updates CT_LIMIT to recommended value - Enables SYNFLOOD protection - Restarts CSF - Provides monitoring command EXAMPLE OUTPUT: ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Connection Analysis Summary: Total unique IPs analyzed: 1,247 Legitimate users: 1,180 Bots/CDNs/Crawlers: 67 Legitimate User Connection Patterns: Max concurrent from single IP: 45 95th percentile: 12 concurrent connections 99th percentile: 28 concurrent connections Current Active Connections: Highest right now: 8 connections from 1.2.3.4 Current CSF Configuration: CT_LIMIT = 150 📊 RECOMMENDED CT_LIMIT VALUES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1. CONSERVATIVE: CT_LIMIT = 65 • Allows headroom for traffic spikes • Won't block legitimate users 2. BALANCED: CT_LIMIT = 55 ⭐ • Based on 99th percentile + buffer • Blocks most attack traffic 3. AGGRESSIVE: CT_LIMIT = 50 • Maximum DDoS protection • May affect some legitimate users ⚠️ WHITELIST RECOMMENDATIONS Found bots/crawlers with high connection counts: • 66.249.72.38 (Googlebot) 82 connections • 40.77.167.88 (Bingbot) 65 connections • 157.55.39.183 (UptimeRobot) 48 connections To whitelist: csf -a <IP> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ INTEGRATION WITH LIVE MONITOR: - Press 'c' during live monitoring to run optimizer - Recommendation updates based on detected DDoS/SYN floods - Quick Actions panel shows: "Press 'c' to run CT_LIMIT optimizer" - Help screen updated with 'c' key USAGE: 1. Standalone: modules/security/optimize-ct-limit.sh 2. From live monitor: Press 'c' during monitoring 3. With custom period: optimize-ct-limit.sh 48 (48 hours) SAFETY: - Automatic backup of csf.conf before changes - Minimum thresholds (50/80/100) prevent too-aggressive limits - Option to apply or just view recommendations - Full report saved to /tmp for review INTELLIGENCE: - Uses actual traffic data, not guesses - Accounts for legitimate high-connection sources - Prevents blocking search engines and monitoring - Adapts to each server's unique traffic patterns FILES MODIFIED: - modules/security/optimize-ct-limit.sh (NEW - 650 lines) - modules/security/live-attack-monitor.sh - Added 'c' key handler (line 1019-1024) - Updated Quick Actions recommendation (line 438) - Updated help screen (line 1045) - Updated footer keys (line 457)
⚡ Linux Server Management Toolkit
Comprehensive cPanel/Linux server management suite with modular architecture and intelligent security features.
📦 Directory Structure
server-toolkit/
├── launcher.sh # Main menu system
├── README.md # This file
│
├── modules/ # Modular scripts organized by category
│ │
│ ├── security/ # 🛡️ Security & Threat Analysis
│ │ ├── bot-analyzer.sh # Full bot/threat analysis
│ │ ├── live-attack-monitor.sh # Real-time attack monitoring dashboard
│ │ ├── ssh-attack-monitor.sh # SSH brute force detection
│ │ ├── web-traffic-monitor.sh # Web traffic monitoring
│ │ ├── firewall-activity-monitor.sh # CSF/iptables monitoring
│ │ ├── enable-cphulk.sh # cPHulk enablement with CSF whitelist import
│ │ ├── ip-reputation-manager.sh # Centralized IP reputation tracking
│ │ └── tail-*.sh # Various log monitoring scripts
│ │
│ ├── backup/ # 💾 Backup & Recovery (Acronis Cyber Protect)
│ │ ├── acronis-backup-manager.sh # Main backup management menu
│ │ ├── acronis-install.sh # Install Acronis agent
│ │ ├── acronis-update.sh # Update Acronis agent
│ │ ├── acronis-uninstall.sh # Uninstall Acronis agent
│ │ ├── acronis-register.sh # Register agent with cloud
│ │ ├── acronis-configure.sh # Configure agent settings
│ │ ├── acronis-agent-status.sh # Comprehensive agent status check
│ │ ├── acronis-trigger-backup.sh # Trigger manual backups with optimizations
│ │ ├── acronis-backup-status.sh # Check backup job status
│ │ ├── acronis-list-backups.sh # List all backups
│ │ ├── acronis-plan-manager.sh # Manage protection plans
│ │ ├── acronis-schedule-viewer.sh # View backup schedules
│ │ ├── acronis-restore.sh # Restore from backup
│ │ ├── acronis-logs.sh # View Acronis logs
│ │ └── acronis-troubleshoot.sh # Troubleshoot common issues
│ │
│ ├── website/ # 🌐 Website Diagnostics & Troubleshooting
│ │ ├── website-error-analyzer.sh # Comprehensive website error analysis
│ │ └── 500-error-tracker.sh # Track and analyze 500 errors
│ │
│ ├── diagnostics/ # 🔍 System Diagnostics
│ │ └── system-health-check.sh # Comprehensive health analysis
│ │
│ ├── performance/ # 📊 Performance Analysis
│ │ ├── hardware-health-check.sh # Hardware diagnostics
│ │ ├── mysql-query-analyzer.sh # MySQL performance analysis
│ │ └── network-bandwidth-analyzer.sh # Network analysis
│ │
│ └── maintenance/ # 🧹 System Maintenance
│ └── cleanup-toolkit-data.sh # Clean temporary toolkit data
│
├── lib/ # Shared libraries
│ ├── common-functions.sh # Reusable functions
│ ├── system-detect.sh # System type detection
│ ├── user-manager.sh # User account management
│ ├── mysql-analyzer.sh # MySQL utilities
│ └── reference-db.sh # Cross-module intelligence sharing
│
├── config/ # Configuration files
│ ├── settings.conf # Main configuration
│ ├── whitelist-ips.txt # IP whitelist
│ └── whitelist-user-agents.txt # User-Agent whitelist
│
└── tools/ # Utility scripts
├── diagnostic-report.sh # Generate system reports
└── test-*.sh # Testing utilities
🚀 Quick Start
Installation & Running
One command - automatic cleanup:
curl -sL https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit/archive/main.tar.gz | tar xz && source linux-server-management-toolkit/run.sh
When exiting (option 0), answer "yes" and cleanup happens automatically - no extra steps.
Or if already downloaded:
source /root/server-toolkit/run.sh
✨ Key Features
🛡️ Security & Threat Analysis
- 3-Mode Security Menu: Analysis / Actions / Live Monitoring
- Live Attack Monitor: Real-time SOC dashboard with threat classification
- Intelligent cPHulk Setup: Auto-imports CSF whitelists from all sources
- IP Reputation Tracking: Centralized cross-module IP intelligence
- Multi-Source Monitoring: SSH, Web, Firewall, cPHulk integration
💾 Backup & Recovery (Acronis Cyber Protect)
- Complete Agent Management: Install, update, uninstall, register
- Comprehensive Status Monitoring: Agent health, registration, cloud connectivity
- Manual Backup Triggering: CLI-managed plans with performance optimizations
- Backup Type Selection: Full, Incremental, Differential backups
- Plan Management: View, enable/disable, delete protection plans
- Restore Operations: Full restore capabilities from backups
- Troubleshooting Tools: Log viewing and automated diagnostics
🌐 Website Diagnostics
- Error Analysis: Comprehensive website error detection and troubleshooting
- 500 Error Tracking: Detailed analysis of application errors
- Log Integration: Apache, PHP-FPM, cPanel error log analysis
- Smart Recommendations: Context-aware suggestions for fixing issues
🔍 System Diagnostics
- Comprehensive Health Checks: Hardware, services, security posture
- Smart Recommendations: Context-aware suggestions based on findings
- cPanel/WHM Integration: Native support for cPanel environments
📊 Session Intelligence
- Reference Database: Cross-module data sharing (.sysref)
- No Historical Tracking: Session-based intelligence only
- "Download, Run, Fix, Delete": Designed for one-time troubleshooting
🎯 Usage Examples
Security Analysis with Live Monitoring
bash launcher.sh
# Select: Security & Threat Analysis
# Select: Live Monitoring & Alerts
# Select: Live Network Security Monitor
Enable cPHulk with CSF Whitelist
bash launcher.sh
# Select: Security & Threat Analysis
# Select: Security Actions & Fixes
# Select: Authentication Security
# Select: Enable cPHulk Protection
Acronis Backup Management
bash launcher.sh
# Select: Backup & Recovery
# Select: Check Agent Status (view health, registration, connectivity)
# Select: Trigger Manual Backup (with type selection and optimizations)
# Select: Manage Protection Plans
Website Error Analysis
bash launcher.sh
# Select: Website Diagnostics & Troubleshooting
# Select: Website Error Analyzer
# Choose a cPanel user account to analyze
System Health Check
bash launcher.sh
# Select: System Diagnostics
# Select: System Health Check
🔧 Configuration
Edit the configuration file:
nano /root/server-toolkit/config/settings.conf
🔒 Security Considerations
- Run as root: Most modules require root access
- Credentials stored safely: Git credentials in ~/.git-credentials (outside project)
- No sensitive data in repo: .gitignore excludes keys, tokens, credentials
- Test first: Try on non-production environments first
📊 Recent Updates (v2.1)
Backup & Recovery
- ✅ Complete Acronis Cyber Protect integration (16 management scripts)
- ✅ Agent installation, registration, and update automation
- ✅ Comprehensive status monitoring (health, registration, connectivity)
- ✅ Manual backup triggering with performance optimizations
- ✅ Backup type selection (Full/Incremental/Differential)
- ✅ Protection plan management and scheduling
Website Diagnostics
- ✅ Comprehensive website error analyzer
- ✅ 500 error tracking and troubleshooting
- ✅ Multi-log integration (Apache, PHP-FPM, cPanel)
- ✅ Smart error detection and recommendations
Security Enhancements
- ✅ Centralized IP reputation tracking across modules
- ✅ Complete security menu restructure (3-mode hierarchy)
- ✅ Live network security monitoring dashboard
- ✅ Intelligent cPHulk enablement with multi-source CSF whitelist discovery
- ✅ Real-time threat detection and classification
Core Infrastructure
- ✅ Reference database for cross-module intelligence
- ✅ Git repository integration with auto-commit workflows
- ✅ Modular architecture with organized category structure
🙏 Credits
Built for comprehensive cPanel/Linux server management with a focus on security and intelligent automation.
Version: 2.1.0 Repository: https://git.mull.lol/cschantz/Linux-Server-Management-Toolkit