vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-03-31 07:12:23 -07:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Merge pull request #1544 from adamoutler/built-in-tests

Browse Source 
Improve built-in test used during system startup - thanks @adamoutler 🙏
This commit is contained in:
Jokob @NetAlertX
2026-03-05 06:48:46 +11:00
committed by GitHub
parent c73ce839f2 b854206599
commit 89811cd133
14 changed files with 265 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/DOCKER_COMPOSE.md
View File

@@ -30,6 +30,9 @@ services:
- CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges
- SETUID # Required for root-entrypoint to switch to non-root user
- SETGID # Required for root-entrypoint to switch to non-root group
sysctls: # ARP flux mitigation (reduces duplicate/ambiguous ARP behavior on host networking)
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2
volumes:
- type: volume # Persistent Docker-managed named volume for config + database

51
docs/docker-troubleshooting/arp-flux-sysctls.md Normal file
View File

@@ -0,0 +1,51 @@
# ARP Flux Sysctls Not Set
## Issue Description
NetAlertX detected that ARP flux protection sysctls are not set as expected:
- `net.ipv4.conf.all.arp_ignore=1`
- `net.ipv4.conf.all.arp_announce=2`
## Security Ramifications
This is not a direct container breakout risk, but detection quality can degrade:
- Incorrect IP/MAC associations
- Device state flapping
- Unreliable topology or presence data
## Why You're Seeing This Issue
The running environment does not provide the expected kernel sysctl values. This is common in Docker setups where sysctls were not explicitly configured.
## How to Correct the Issue
Set these sysctls at container runtime.
- In `docker-compose.yml` (preferred):
```yaml
services:
netalertx:
sysctls:
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2
```
- For `docker run`:
```bash
docker run \
--sysctl net.ipv4.conf.all.arp_ignore=1 \
--sysctl net.ipv4.conf.all.arp_announce=2 \
ghcr.io/netalertx/netalertx:latest
```
> **Note:** Setting `net.ipv4.conf.all.arp_ignore` and `net.ipv4.conf.all.arp_announce` may fail with "operation not permitted" unless the container is run with elevated privileges. To resolve this, you can:
> - Use `--privileged` with `docker run`.
> - Use the more restrictive `--cap-add=NET_ADMIN` (or `cap_add: [NET_ADMIN]` in `docker-compose` service definitions) to allow the sysctls to be applied at runtime.
## Additional Resources
For broader Docker Compose guidance, see:
- [DOCKER_COMPOSE.md](https://docs.netalertx.com/DOCKER_COMPOSE)