shell_ideas/README.md

### 1. Automated Log File Archiver & Rotator

**Core Functionality:**
- [x] Create a script file `log-archiver.sh`.
- [x] Define variables for the target log file and the backup directory.
- [x] Use the `date` command to create a timestamp for the backup file.
- [x] Use `mkdir -p` to ensure the backup directory exists.
- [x] Use `gzip -c` to compress the log file and redirect the output to the new backup file.
- [x] Use `> $LOG_FILE` to safely clear the contents of the original log file.
- [x] Add `echo` statements to report what the script is doing.

**Enhancements & Features:**
- [x] **Argument Parsing:** Modify the script to accept the log file path as a command-line argument instead of being hardcoded.
- [x] **Root Check:** Add a check at the beginning to ensure the script is run with `sudo` or as the root user.
- [x] **Error Handling:** Use `set -e` to make the script exit immediately if a command fails. Add a check to ensure the provided log file actually exists.
- [ ] **Configuration File:** Move variables like `BACKUP_DIR` to an external `/etc/log-archiver.conf` file.
- [ ] **Automated Cleanup:** Add a feature to automatically delete backups older than a specified number of days (e.g., 90 days).

---

### 2. Command-Line System Health Dashboard

**Core Functionality:**
- [ ] Create a script file `sys-health.sh`.
- [ ] Use `echo` to create clear headers for each section (Memory, Disk, etc.).
- [ ] Use the `free -h` command to display memory usage.
- [ ] Use the `df -h /` command to display root disk usage.
- [ ] Use the `uptime` command to show how long the system has been running.
- [ ] Use the `who` or `users` command to list logged-in users.

**Enhancements & Features:**
- [ ] **Color Coding:** Use ANSI escape codes or `tput` to color-code output. For example, print disk usage in red if it's over 90%.
- [ ] **More Metrics:** Add sections for CPU load (from `uptime`) and the number of running processes (`ps aux | wc -l`).
- [ ] **Live Refresh:** Wrap the main logic in a `while true` loop with a `sleep` and `clear` command to create a live-updating dashboard.
- [ ] **Command-Line Flags:** Add flags to show or hide specific sections (e.g., `./sys-health.sh --no-users`).

---

### 3. Failed Login Attempt Analyzer

**Core Functionality:**
- [ ] Create a script file `auth-analyzer.sh`.
- [ ] Identify the correct authentication log file for the system (`/var/log/auth.log` or `/var/log/secure`).
- [ ] Use `grep` to filter for lines containing "Failed password".
- [ ] Use `awk` to extract the IP address from each matching line.
- [ ] Use a `sort | uniq -c | sort -nr` pipeline to count and rank the IPs.
- [ ] Use `head` to display the top 10 results.

**Enhancements & Features:**
- [ ] **Alerting:** If any single IP has more than a set number of failures (e.g., 20), send an email alert.
- [ ] **Automatic Blocking:** Add a `--block` flag that uses `iptables` or `ufw` to automatically block the top offending IP. (Use with extreme caution!).
- [ ] **IP Geolocation:** Use a command-line tool or a free API to look up the country of origin for the top IPs.
- [ ] **Date Filtering:** Add an option to only analyze logs from the current day.

---

### 4. Simple Network Port Scanner

**Core Functionality:**
- [ ] Create a script file `port-scanner.sh`.
- [ ] Accept a target IP address as the first command-line argument.
- [ ] Create an array or a space-separated string of common ports to check (e.g., 21, 22, 80, 443).
- [ ] Use a `for` loop to iterate through the list of ports.
- [ ] Inside the loop, use the `bash` built-in `/dev/tcp/host/port` to attempt a connection.
- [ ] Check the exit code (`$?`) of the connection attempt to determine if the port is open.

**Enhancements & Features:**
- [ ] **Port Ranges:** Allow the user to specify a port range (e.g., `1-1024`) instead of just the hardcoded list.
- [ ] **Service Banners:** For open ports, print the common service name (e.g., "80/tcp - HTTP").
- [ ] **Timeout:** Wrap the connection attempt in the `timeout` command to prevent the script from hanging on filtered ports.
- [ ] **Verbose Mode:** Add a `-v` flag to show closed/filtered ports as well as open ones.

---

### 5. Interactive User Management Utility

**Core Functionality:**
- [ ] Create a script file `user-manager.sh`.
- [ ] Check for root privileges at the start.
- [ ] Use `echo` to display a menu with options (1. Add User, 2. Delete User, 3. List Users, 4. Exit).
- [ ] Use a `case` statement to handle the user's choice.
- [ ] Use `read` to prompt for usernames.
- [ ] Execute the appropriate commands (`useradd`, `userdel`, `cut -d: -f1 /etc/passwd`).

**Enhancements & Features:**
- [ ] **Looping Menu:** Wrap the menu in a `while` loop so it continues to display after an action is completed, until the user chooses to exit.
- [ ] **More Options:** Add menu items for locking a user (`usermod -L`), unlocking a user (`usermod -U`), and forcing a password change.
-   **Input Validation:** Before deleting a user, check if the user actually exists.
-   **Password Generation:** When adding a user, automatically generate a random password and display it to the administrator.

---

### 6. File Integrity Monitor

**Core Functionality:**
- [ ] Create a script file `fim.sh`.
- [ ] Implement an `--init` mode to create a baseline.
- [ ] In init mode, use `find` and `sha256sum` to record the checksums of all files in a target directory (e.g., `/etc`) into a `baseline.txt` file.
- [ ] Implement a `check` mode (the default behavior).
- [ ] In check mode, generate a new list of checksums and compare it against `baseline.txt` using `diff`.
- [ ] Report whether changes were detected or not.

**Enhancements & Features:**
- [ ] **Exclusion List:** Create a `.fimignore` file where you can list files or directories to be ignored during the scan.
- [ ] **Better Reporting:** Parse the `diff` output to give clean reports like "MODIFIED: /etc/passwd" or "ADDED: /etc/newfile.conf".
- [ ] **Email Alerts:** If a change is detected, send an email notification to the system administrator.
- [ ] **Cron Automation:** Provide instructions in the README on how to set up a cron job to run the check automatically every hour or day.

---

### 7. Web Server Log Aggregator

**Core Functionality:**
- [ ] Create a script file `weblog-analyzer.sh`.
- [ ] Accept the path to an access log as an argument.
- [ ] Use `awk`, `sort`, `uniq`, and `head` to find and display the top 10 most frequent IP addresses.
- [ ] Use `awk`, `sort`, `uniq`, and `head` to find and display the top 10 most requested URLs.

**Enhancements & Features:**
- [ ] **HTTP Status Codes:** Add a section to summarize HTTP response codes (e.g., 200s, 404s, 500s).
- [ ] **User-Agent Analysis:** Add a feature to search for and flag requests from common security scanners (like `sqlmap`, `nmap`, `nikto`).
- [ ] **Date Filtering:** Add flags to analyze entries only from a specific date or time range.
- [ ] **HTML Reports:** Add an option to generate a simple HTML file with the report for easier viewing.

---

### 8. Automated SSH Configuration Hardening

**Core Functionality:**
- [ ] Create a script file `ssh-harden.sh`.
- [ ] Check for root privileges.
- [ ] **Crucially, create a timestamped backup of `/etc/ssh/sshd_config` before making any changes.**
- [ ] Use `sed` to find and replace key parameters to enforce best practices (e.g., set `PermitRootLogin no`).
- [ ] After making changes, restart the SSH service to apply them.

**Enhancements & Features:**
- [ ] **Audit Mode:** Add a `--check` flag that only reports on non-compliant settings without actually changing them.
- [ ] **Idempotency:** Before changing a setting, check its current value. If it's already compliant, do nothing. This makes the script safe to run multiple times.
- [ ] **More Rules:** Expand the script to check for other important settings like `PasswordAuthentication`, `X11Forwarding`, `AllowUsers`, etc.
- [ ] **Interactive Mode:** Add an `--interactive` flag that prompts the admin for confirmation before applying each change.

---

### 9. Simple Network Honeypot Logger

**Core Functionality:**
- [ ] Create a script file `honeypot.sh`.
- [ ] Define a port to listen on and a log file path.
- [ ] Use a `while true` loop to ensure the listener restarts after a connection closes.
- [ ] Use `netcat` (`nc -l -p <port>`) to listen for incoming connections.
- [ ] Pipe all output from the `nc` command to a log file, appending the data.
- [ ] Log the date and time of each connection attempt.

**Enhancements & Features:**
- [ ] **Fake Banners:** Before the `nc` command, `echo` a convincing fake banner (e.g., "Cisco IOS Login:") to entice attackers and log their interactions.
- [ ] **Run as a Service:** Provide instructions or a helper function to run the script as a detached background process.
- [ ] **Source IP Logging:** Ensure the source IP of the connection is reliably logged for every attempt.
- [ ] **Real-time Alerting:** When a connection is detected, trigger an immediate notification (e.g., via email or a local `wall` message).

---

### 10. SSL/TLS Certificate Expiry Checker

**Core Functionality:**
- [ ] Create a script file `cert-check.sh`.
- [ ] Accept a domain name as a command-line argument.
- [ ] Use `openssl s_client` piped to `openssl x509` to get the certificate's expiration date.
- [ ] Parse the expiration date string.
- [ ] Use the `date` command to calculate the number of days remaining until the certificate expires.
- [ ] Print a human-readable summary of the result.

**Enhancements & Features:**
- [ ] **Batch Processing:** Allow the script to read a list of domains from a text file and check all of them.
- [ ] **Warning Threshold:** Set a threshold (e.g., 30 days) and print a prominent warning if a certificate is expiring soon. The script should exit with a non-zero status code in this case for easier automation.
- [ ] **CSV/JSON Output:** Add a flag to output the results in a machine-readable format like CSV or JSON.
- [ ] **More Certificate Details:** Add options to also display the certificate issuer, subject, and signature algorithm.