diff --git a/docs/docker-troubleshooting/arp-flux-sysctls.md b/docs/docker-troubleshooting/arp-flux-sysctls.md index d73c5cb0..29a40456 100644 --- a/docs/docker-troubleshooting/arp-flux-sysctls.md +++ b/docs/docker-troubleshooting/arp-flux-sysctls.md @@ -40,6 +40,10 @@ Set these sysctls at container runtime. jokob-sk/netalertx:latest ``` +> **Note:** Setting `net.ipv4.conf.all.arp_ignore` and `net.ipv4.conf.all.arp_announce` may fail with "operation not permitted" unless the container is run with elevated privileges. To resolve this, you can: +> - Use `--privileged` with `docker run`. +> - Use the more restrictive `--cap-add=NET_ADMIN` (or `cap_add: [NET_ADMIN]` in `docker-compose` service definitions) to allow the sysctls to be applied at runtime. + ## Additional Resources For broader Docker Compose guidance, see: diff --git a/install/production-filesystem/entrypoint.d/36-override-individual-settings.sh b/install/production-filesystem/entrypoint.d/36-override-individual-settings.sh index 64b095e3..d5196085 100644 --- a/install/production-filesystem/entrypoint.d/36-override-individual-settings.sh +++ b/install/production-filesystem/entrypoint.d/36-override-individual-settings.sh @@ -12,10 +12,13 @@ fi if [ -n "${LOADED_PLUGINS:-}" ]; then echo "[ENV] Applying LOADED_PLUGINS override" value=$(printf '%s' "$LOADED_PLUGINS" | tr -d '\n\r') - escaped=$(printf '%s\n' "$value" | sed 's/[\/&]/\\&/g') + # declare delimiter for sed and escape it along with / and & + delim='|' + escaped=$(printf '%s\n' "$value" | sed "s/[\/${delim}&]/\\&/g") if grep -q '^LOADED_PLUGINS=' "${NETALERTX_CONFIG}/app.conf"; then - sed -i "s|^LOADED_PLUGINS=.*|LOADED_PLUGINS=${escaped}|" "${NETALERTX_CONFIG}/app.conf" + # use same delimiter when substituting + sed -i "s${delim}^LOADED_PLUGINS=.*${delim}LOADED_PLUGINS=${escaped}${delim}" "${NETALERTX_CONFIG}/app.conf" else echo "LOADED_PLUGINS=${value}" >> "${NETALERTX_CONFIG}/app.conf" fi diff --git a/install/production-filesystem/entrypoint.sh b/install/production-filesystem/entrypoint.sh index 501e67c4..927d4dc8 100755 --- a/install/production-filesystem/entrypoint.sh +++ b/install/production-filesystem/entrypoint.sh @@ -86,10 +86,11 @@ for script in "${ENTRYPOINT_CHECKS}"/*; do fi script_name=$(basename "$script" | sed 's/^[0-9]*-//;s/\.(sh|py)$//;s/-/ /g') echo "--> ${script_name} " - if [ -n "${SKIP_STARTUP_CHECKS:-}" ] && echo "${SKIP_STARTUP_CHECKS}" | grep -Fq "${script_name}"; then - printf "%sskip%s\n" "${GREY}" "${RESET}" - continue - fi + if [ -n "${SKIP_STARTUP_CHECKS:-}" ] && + printf '%s' "${SKIP_STARTUP_CHECKS}" | grep -wFq -- "${script_name}"; then + printf "%sskip%s\n" "${GREY}" "${RESET}" + continue + fi "$script" NETALERTX_DOCKER_ERROR_CHECK=$? diff --git a/install/production-filesystem/services/healthcheck.sh b/install/production-filesystem/services/healthcheck.sh index f45dc1ab..bd19f7bd 100755 --- a/install/production-filesystem/services/healthcheck.sh +++ b/install/production-filesystem/services/healthcheck.sh @@ -48,8 +48,9 @@ else log_error "python /app/server is not running" fi -# 5. Check port 20211 is open and contains "netalertx" -[ "${LISTEN_ADDR}" == "0.0.0.0" ] && CHECK_ADDR="127.0.0.1" || CHECK_ADDR="${LISTEN_ADDR}"; +# 5. Check port 20211 is open +CHECK_ADDR="${LISTEN_ADDR:-127.0.0.1}" +[ "${CHECK_ADDR}" == "0.0.0.0" ] && CHECK_ADDR="127.0.0.1" if timeout 10 bash -c "/dev/null; then log_success "Port ${PORT:-20211} is responding" else diff --git a/test/api_endpoints/test_devices_endpoints.py b/test/api_endpoints/test_devices_endpoints.py index b90f0a32..4dd2a4ab 100644 --- a/test/api_endpoints/test_devices_endpoints.py +++ b/test/api_endpoints/test_devices_endpoints.py @@ -168,8 +168,12 @@ def test_devices_totals(client, api_token, test_mac): expected_length = len(conditions) assert len(data) == expected_length - # 4. Check that at least 1 device exists - assert data[0] >= 1 # 'devices' count includes the dummy device + # 4. Check that at least 1 device exists when there are any conditions + if expected_length > 0: + assert data[0] >= 1 # 'devices' count includes the dummy device + else: + # no conditions defined; data should be an empty list + assert data == [] finally: delete_dummy(client, api_token, test_mac)