From 8636b69ee14a7cc5d087f98f15f6565d0dcd46a9 Mon Sep 17 00:00:00 2001
From: jknapp <jknapp85@gmail.com>
Date: Mon, 22 Sep 2025 19:42:54 -0700
Subject: [PATCH] Fix AWK syntax errors in monitoring scripts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Remove semicolons from variable initialization in AWK scripts
- Each variable now on separate line to prevent syntax errors
- Fixes "syntax error at or near ," in monitor-attacks.sh and manage-blocked-ips.sh
- Scripts now properly parse HAProxy 3.0.11 threat intelligence data

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 scripts/manage-blocked-ips.sh |  6 +++++-
 scripts/monitor-attacks.sh    | 18 ++++++++++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/scripts/manage-blocked-ips.sh b/scripts/manage-blocked-ips.sh
index 5da0aab..9a88989 100755
--- a/scripts/manage-blocked-ips.sh
+++ b/scripts/manage-blocked-ips.sh
@@ -57,7 +57,11 @@ case "$1" in
         echo "show table web" | socat stdio "$SOCKET" | awk '
         NR>1 {
             ip = $1
-            auth_fail = 0; authz_fail = 0; scanner = 0; repeat_off = 0; manual_bl = 0
+            auth_fail = 0
+            authz_fail = 0
+            scanner = 0
+            repeat_off = 0
+            manual_bl = 0
 
             if ($0 ~ /gpc\(0\)=([0-9]+)/) { match($0, /gpc\(0\)=([0-9]+)/, arr); auth_fail = arr[1] }
             if ($0 ~ /gpc\(1\)=([0-9]+)/) { match($0, /gpc\(1\)=([0-9]+)/, arr); authz_fail = arr[1] }
diff --git a/scripts/monitor-attacks.sh b/scripts/monitor-attacks.sh
index b0c72de..0d9bdbe 100755
--- a/scripts/monitor-attacks.sh
+++ b/scripts/monitor-attacks.sh
@@ -19,10 +19,20 @@ show_threats() {
             # Parse the stick table output for array-based GPC values
             ip = $1
             # Look for GPC array values in the data
-            auth_fail = 0; authz_fail = 0; rate_viol = 0; scanner = 0
-            sql_inj = 0; traversal = 0; wp_brute = 0; admin_scan = 0
-            shell_att = 0; repeat_off = 0; manual_bl = 0; auto_bl = 0
-            glitch_rate = 0; threat_score = 0
+            auth_fail = 0
+            authz_fail = 0
+            rate_viol = 0
+            scanner = 0
+            sql_inj = 0
+            traversal = 0
+            wp_brute = 0
+            admin_scan = 0
+            shell_att = 0
+            repeat_off = 0
+            manual_bl = 0
+            auto_bl = 0
+            glitch_rate = 0
+            threat_score = 0
 
             # Extract relevant metrics (simplified parsing)
             if ($0 ~ /gpc\(0\)=([0-9]+)/) {