vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-05 09:41:56 -07:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
Adam Outler
2026-03-02 19:43:38 +00:00
parent c1d53ff93f
commit 8ab9d9f395
3 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/DOCKER_COMPOSE.md
View File

@@ -30,6 +30,9 @@ services:
- CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges - CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges
- SETUID # Required for root-entrypoint to switch to non-root user - SETUID # Required for root-entrypoint to switch to non-root user
- SETGID # Required for root-entrypoint to switch to non-root group - SETGID # Required for root-entrypoint to switch to non-root group
sysctls: # ARP flux mitigation (reduces duplicate/ambiguous ARP behavior on host networking)
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2
volumes: volumes:
- type: volume # Persistent Docker-managed named volume for config + database - type: volume # Persistent Docker-managed named volume for config + database

47
docs/docker-troubleshooting/arp-flux-sysctls.md Normal file
View File

@@ -0,0 +1,47 @@
# ARP Flux Sysctls Not Set
## Issue Description
NetAlertX detected that ARP flux protection sysctls are not set as expected:
- `net.ipv4.conf.all.arp_ignore=1`
- `net.ipv4.conf.all.arp_announce=2`
## Security Ramifications
This is not a direct container breakout risk, but detection quality can degrade:
- Incorrect IP/MAC associations
- Device state flapping
- Unreliable topology or presence data
## Why You're Seeing This Issue
The running environment does not provide the expected kernel sysctl values. This is common in Docker setups where sysctls were not explicitly configured.
## How to Correct the Issue
Set these sysctls at container runtime.
- In `docker-compose.yml` (preferred):
```yaml
services:
netalertx:
sysctls:
net.ipv4.conf.all.arp_ignore: 1
net.ipv4.conf.all.arp_announce: 2
```
- For `docker run`:
```bash
docker run \
--sysctl net.ipv4.conf.all.arp_ignore=1 \
--sysctl net.ipv4.conf.all.arp_announce=2 \
jokob-sk/netalertx:latest
```
## Additional Resources
For broader Docker Compose guidance, see:
- [DOCKER_COMPOSE.md](https://docs.netalertx.com/DOCKER_COMPOSE)

1
mkdocs.yml
View File

@@ -20,6 +20,7 @@ nav:
- Docker Updates: UPDATES.md - Docker Updates: UPDATES.md
- Docker Maintenance: DOCKER_MAINTENANCE.md - Docker Maintenance: DOCKER_MAINTENANCE.md
- Docker Startup Troubleshooting: - Docker Startup Troubleshooting:
- ARP flux sysctls: docker-troubleshooting/arp-flux-sysctls.md
- Aufs capabilities: docker-troubleshooting/aufs-capabilities.md - Aufs capabilities: docker-troubleshooting/aufs-capabilities.md
- Excessive capabilities: docker-troubleshooting/excessive-capabilities.md - Excessive capabilities: docker-troubleshooting/excessive-capabilities.md
- File permissions: docker-troubleshooting/file-permissions.md - File permissions: docker-troubleshooting/file-permissions.md