From 466aa62a020f96c77b9a9078142d82508c9efd03 Mon Sep 17 00:00:00 2001 From: jokob-sk Date: Mon, 23 Dec 2024 11:28:46 +1100 Subject: [PATCH] DB cleanup script + docs --- docs/REMOTE_NETWORKS.md | 2 +- front/plugins/omada_sdn_imp/README.md | 4 +- scripts/db_cleanup/README.md | 38 +++++++++ scripts/db_cleanup/db_cleanup.py | 111 ++++++++++++++++++++++++++ 4 files changed, 152 insertions(+), 3 deletions(-) create mode 100644 scripts/db_cleanup/README.md create mode 100755 scripts/db_cleanup/db_cleanup.py diff --git a/docs/REMOTE_NETWORKS.md b/docs/REMOTE_NETWORKS.md index 5fd96da4..3a21ed14 100755 --- a/docs/REMOTE_NETWORKS.md +++ b/docs/REMOTE_NETWORKS.md @@ -44,6 +44,6 @@ To create truly dummy devices, you can use a loopback IP address (e.g., `0.0.0.0 ## NMAP and Fake MAC Addresses -Scanning remote networks with NMAP is possible (vai the `NMAPDEV` plugin), but since it cannot retrieve the MAC address, you need to enable the `NMAPDEV_FAKE_MAC` setting. This will generate a fake MAC address based on the IP address, allowing you to track devices. However, this can lead to inconsistencies, especially if the IP address changes or a previously logged device is rediscovered. If this setting is disabled, only the IP address will be discovered, and devices with missing MAC addresses will be skipped. +Scanning remote networks with NMAP is possible (via the `NMAPDEV` plugin), but since it cannot retrieve the MAC address, you need to enable the `NMAPDEV_FAKE_MAC` setting. This will generate a fake MAC address based on the IP address, allowing you to track devices. However, this can lead to inconsistencies, especially if the IP address changes or a previously logged device is rediscovered. If this setting is disabled, only the IP address will be discovered, and devices with missing MAC addresses will be skipped. Check the [NMAPDEV plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nmap_dev_scan) for details diff --git a/front/plugins/omada_sdn_imp/README.md b/front/plugins/omada_sdn_imp/README.md index 671cc73d..28074662 100755 --- a/front/plugins/omada_sdn_imp/README.md +++ b/front/plugins/omada_sdn_imp/README.md @@ -65,7 +65,7 @@ can not fix some of tplinks OMADA SDN own limitations/bugs: -### Other infos +### Other info -- Author : Flying Toto +- Author : [Flying Toto](https://github.com/FlyingToto) - Date : 04-Jul-2024 - version 1.0 diff --git a/scripts/db_cleanup/README.md b/scripts/db_cleanup/README.md new file mode 100644 index 00000000..bcb622e2 --- /dev/null +++ b/scripts/db_cleanup/README.md @@ -0,0 +1,38 @@ +# Usage + +1. **Run the Script** + +`python ./db_cleanup.py` + +2. **Menu Options** +- **1. Check/Clean by MAC address** + - Enter a MAC address in the format `xx:xx:xx:xx:xx:xx`. + - The script will query the database and display any matching entries. + - Confirm to delete the entries if desired. +- **2. Check/Clean by IP address** + - Enter an IP address in the format `xxx.xxx.xxx.xxx`. + - The script will query the database and display any matching entries. + - Confirm to delete the entries if desired. +- **3. Exit** + - Quit the script. + +## Database Queries + +The script checks the following tables: +- `Events` +- `Devices` +- `CurrentScan` +- `Notifications` +- `AppEvents` +- `Plugins_Objects` + +For each MAC or IP address provided, the script: + +1. Queries the tables for matching entries. +2. Prompts to delete the entries if any are found. + + +### Other info + +- Date : 23-Dec-2024 - version 1.0 +- Author: [laxduke](https://github.com/laxduke) \ No newline at end of file diff --git a/scripts/db_cleanup/db_cleanup.py b/scripts/db_cleanup/db_cleanup.py new file mode 100755 index 00000000..cf321be5 --- /dev/null +++ b/scripts/db_cleanup/db_cleanup.py @@ -0,0 +1,111 @@ +#!/usr/bin/env python3 +import subprocess +import sys + +def run_sqlite_command(command): + full_command = f"sudo docker exec -i netalertx sqlite3 /app/db/app.db \"{command}\"" + try: + result = subprocess.run(full_command, shell=True, text=True, capture_output=True) + if result.stderr: + print(f"Error: {result.stderr}") + return result.stdout + except subprocess.CalledProcessError as e: + print(f"Error executing command: {e}") + return None + +def check_and_clean_device(): + while True: + print("\nDevice Cleanup Tool") + print("1. Check/Clean by MAC address") + print("2. Check/Clean by IP address") + print("3. Exit") + + choice = input("\nSelect option (1-3): ") + + if choice == "1": + mac = input("Enter MAC address (format: xx:xx:xx:xx:xx:xx): ").lower() + + # Check all tables for MAC + tables_checks = [ + f"SELECT 'Events' as source, * FROM Events WHERE eve_MAC='{mac}'", + f"SELECT 'Devices' as source, * FROM Devices WHERE dev_MAC='{mac}'", + f"SELECT 'CurrentScan' as source, * FROM CurrentScan WHERE cur_MAC='{mac}'", + f"SELECT 'Notifications' as source, * FROM Notifications WHERE JSON LIKE '%{mac}%'", + f"SELECT 'AppEvents' as source, * FROM AppEvents WHERE ObjectPrimaryID LIKE '%{mac}%' OR ObjectSecondaryID LIKE '%{mac}%'", + f"SELECT 'Plugins_Objects' as source, * FROM Plugins_Objects WHERE Object_PrimaryID LIKE '%{mac}%'" + ] + + found = False + for check in tables_checks: + result = run_sqlite_command(check) + if result and result.strip(): + found = True + print(f"\nFound entries:\n{result}") + + if found: + confirm = input("\nWould you like to clean these entries? (y/n): ") + if confirm.lower() == 'y': + # Delete from all tables + deletes = [ + f"DELETE FROM Events WHERE eve_MAC='{mac}'", + f"DELETE FROM Devices WHERE dev_MAC='{mac}'", + f"DELETE FROM CurrentScan WHERE cur_MAC='{mac}'", + f"DELETE FROM Notifications WHERE JSON LIKE '%{mac}%'", + f"DELETE FROM AppEvents WHERE ObjectPrimaryID LIKE '%{mac}%' OR ObjectSecondaryID LIKE '%{mac}%'", + f"DELETE FROM Plugins_Objects WHERE Object_PrimaryID LIKE '%{mac}%'" + ] + + for delete in deletes: + run_sqlite_command(delete) + print("Cleanup completed!") + else: + print("\nNo entries found for this MAC address") + + elif choice == "2": + ip = input("Enter IP address (format: xxx.xxx.xxx.xxx): ") + + # Check all tables for IP + tables_checks = [ + f"SELECT 'Events' as source, * FROM Events WHERE eve_IP='{ip}'", + f"SELECT 'Devices' as source, * FROM Devices WHERE dev_LastIP='{ip}'", + f"SELECT 'CurrentScan' as source, * FROM CurrentScan WHERE cur_IP='{ip}'", + f"SELECT 'Notifications' as source, * FROM Notifications WHERE JSON LIKE '%{ip}%'", + f"SELECT 'AppEvents' as source, * FROM AppEvents WHERE ObjectSecondaryID LIKE '%{ip}%'", + f"SELECT 'Plugins_Objects' as source, * FROM Plugins_Objects WHERE Object_SecondaryID LIKE '%{ip}%'" + ] + + found = False + for check in tables_checks: + result = run_sqlite_command(check) + if result and result.strip(): + found = True + print(f"\nFound entries:\n{result}") + + if found: + confirm = input("\nWould you like to clean these entries? (y/n): ") + if confirm.lower() == 'y': + # Delete from all tables + deletes = [ + f"DELETE FROM Events WHERE eve_IP='{ip}'", + f"DELETE FROM Devices WHERE dev_LastIP='{ip}'", + f"DELETE FROM CurrentScan WHERE cur_IP='{ip}'", + f"DELETE FROM Notifications WHERE JSON LIKE '%{ip}%'", + f"DELETE FROM AppEvents WHERE ObjectSecondaryID LIKE '%{ip}%'", + f"DELETE FROM Plugins_Objects WHERE Object_SecondaryID LIKE '%{ip}%'" + ] + + for delete in deletes: + run_sqlite_command(delete) + print("Cleanup completed!") + else: + print("\nNo entries found for this IP address") + + elif choice == "3": + print("\nExiting...") + break + + else: + print("\nInvalid option, please try again") + +if __name__ == "__main__": + check_and_clean_device()