Dockerfile.debian building and running

install/production-filesystem/entrypoint.sh

@@ -2,7 +2,7 @@
 
 set -u
 
-/services/capcheck.sh
+bash /services/capcheck.sh
 
 SERVICES=""
 FAILED_NAME=""
@@ -59,13 +59,17 @@ on_signal() {
     handle_exit
 }
 
+/services/update_vendors.sh &
+
 trap on_signal INT TERM
 
 [ ! -d "${NETALERTX_PLUGINS_LOG}" ] && mkdir -p "${NETALERTX_PLUGINS_LOG}"
 [ ! -f "${LOG_DB_IS_LOCKED}" ] && touch "${LOG_DB_IS_LOCKED}"
 [ ! -f "${LOG_EXECUTION_QUEUE}" ] && touch "${LOG_EXECUTION_QUEUE}"
 
-add_service "/services/start-crond.sh" "crond"
+if [ "${ENVIRONMENT:-}" ] && [ "${ENVIRONMENT:-}" != "debian" ]; then
+    add_service "/services/start-crond.sh" "crond"
+fi
 add_service "/services/start-php-fpm.sh" "php-fpm"
 add_service "/services/start-nginx.sh" "nginx"
 add_service "/services/start-backend.sh" "backend"
@@ -79,7 +83,8 @@ if [ "${NETALERTX_DEBUG:-0}" -eq 1 ]; then
 fi
 
 
-# This is the default action
+# If any service fails, we will shut down all others and exit with the same status.
+# This improves reliability in production environments by reinitializing the entire stack if one service fails.
 while [ -n "${SERVICES}" ]; do
     for entry in ${SERVICES}; do
         pid="${entry%%:*}"

install/production-filesystem/services/config/crond/netalertx

@@ -1,2 +1,4 @@
-# Schedule cron jobs
-* * * * * /app/back/cron_script.sh
+# Every minute check for cron jobs
+* * * * * /services/cron_script.sh
+# Update vendors 4x/d
+0 */6 * * * /services/update_vendors.sh

install/production-filesystem/services/cron_script.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+export INSTALL_DIR=/app
+
+
+
+# Check if there are any entries with cron_restart_backend
+if grep -q "cron_restart_backend" "${LOG_EXECUTION_QUEUE}"; then
+  # Restart python application using s6
+  killall python3
+  /services/start-backend.sh &
+  echo 'done'
+
+  # Remove all lines containing cron_restart_backend from the log file
+  sed -i '/cron_restart_backend/d' "${LOG_EXECUTION_QUEUE}"
+fi

install/production-filesystem/services/start-nginx.sh

@@ -32,8 +32,12 @@ while $(ps ax | grep -v -e "grep" -e "nginx.sh" | grep nginx >/dev/null); do
 	sleep 0.2
 done
 
-if ! envsubst '${LISTEN_ADDR} ${PORT}'< "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${SYSTEM_NGINX_CONFIG_FILE}" 2>/dev/null; then
-    echo "Note: Unable to write to ${SYSTEM_NGINX_CONFIG_FILE}. Using default configuration."
+TEMP_CONFIG_FILE=$(mktemp "${TMP_DIR}/netalertx.conf.XXXXXX")
+if envsubst '${LISTEN_ADDR} ${PORT}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then
+	mv "${TEMP_CONFIG_FILE}" "${SYSTEM_NGINX_CONFIG_FILE}"
+else
+	echo "Note: Unable to write to ${SYSTEM_NGINX_CONFIG_FILE}. Using default configuration."
+	rm -f "${TEMP_CONFIG_FILE}"
 fi
 
 trap cleanup EXIT

install/production-filesystem/services/update_vendors.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# ------------------------------------------------------------------------------
+#  NetAlertX
+#  Open Source Network Guard / WIFI & LAN intrusion detector 
+#
+#  update_vendors.sh - Back module. IEEE Vendors db update
+# ------------------------------------------------------------------------------
+#  Puche 2021 / 2022+ jokob             jokob@duck.com                GNU GPLv3
+# ------------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------
+#  Main directories to update:
+#    /usr/share/arp-scan
+# ----------------------------------------------------------------------
+
+# Download the file using wget to stdout and process it
+wget -q "http://standards-oui.ieee.org/oui/oui.txt" -O /dev/stdout | \
+    sed -E 's/ *\(base 16\)//' | \
+    awk -F' ' '{printf "%s\t%s\n", $1, substr($0, index($0, $2))}' | \
+    sort | \
+    awk '{$1=$1; print}' | \
+    sort -u | \
+    awk -F' ' '{printf "%s\t%s\n", $1, substr($0, index($0, $2))}' \
+    > /services/run/tmp/ieee-oui.txt
+