vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: vh:v25.10.1
Branches Tags
vh:main vh:fix-pr-1309 vh:gh-pages vh:mcp-endpoint-branch vh:next_release vh:linting-fixes vh:pr-1279 vh:rewrite
vh:v25.11.29 vh:v25.10.1 vh:v25.8.6 vh:v25.7.30 vh:v25.7.4 vh:v25.7.3 vh:v25.6.7 vh:v25.5.24 vh:v25.4.14 vh:v25.4.1 vh:v25.3.1 vh:v25.2.8 vh:v24.1.19 vh:v25.1.19 vh:v25.1.8 vh:v24.12.23 vh:v24.10.31 vh:v24.10.12 vh:v24.9.26 vh:v24.9.12 vh:v24.7.18 vh:v24.6.8 vh:v24.5.9 vh:v24.4.17 vh:v24.3.19 vh:v24.2.17 vh:v24.2.16 vh:v24.01.18 vh:v23.12.16 vh:v23.11.11 vh:v23.10.2 vh:v23.9.12 vh:v23.9.11 vh:v23.9.10 vh:v23.7.22 vh:v23.6.16 vh:v23.5.7 vh:v23.04.01 vh:v23.03.11 vh:v23.02.02 vh:v23.01.22-HF02 vh:23.01.22-HF01 vh:v23.01.22 vh:23.01.14 vh:v23.01.02 vh:v3.02 vh:v3.00 vh:v2.70 vh:v2.61 vh:v2.60 vh:v2.56 vh:v2.55 vh:v2.52 vh:v2.51 vh:v2.50
..
compare: vh:6a20128960191c61cccb6dcd1f0c84cb17c86f59
Branches Tags
vh:fix-pr-1309 vh:gh-pages vh:main vh:mcp-endpoint-branch vh:next_release vh:linting-fixes vh:pr-1279 vh:rewrite
vh:v25.11.29 vh:v25.10.1 vh:v25.8.6 vh:v25.7.30 vh:v25.7.4 vh:v25.7.3 vh:v25.6.7 vh:v25.5.24 vh:v25.4.14 vh:v25.4.1 vh:v25.3.1 vh:v25.2.8 vh:v24.1.19 vh:v25.1.19 vh:v25.1.8 vh:v24.12.23 vh:v24.10.31 vh:v24.10.12 vh:v24.9.26 vh:v24.9.12 vh:v24.7.18 vh:v24.6.8 vh:v24.5.9 vh:v24.4.17 vh:v24.3.19 vh:v24.2.17 vh:v24.2.16 vh:v24.01.18 vh:v23.12.16 vh:v23.11.11 vh:v23.10.2 vh:v23.9.12 vh:v23.9.11 vh:v23.9.10 vh:v23.7.22 vh:v23.6.16 vh:v23.5.7 vh:v23.04.01 vh:v23.03.11 vh:v23.02.02 vh:v23.01.22-HF02 vh:23.01.22-HF01 vh:v23.01.22 vh:23.01.14 vh:v23.01.02 vh:v3.02 vh:v3.00 vh:v2.70 vh:v2.61 vh:v2.60 vh:v2.56 vh:v2.55 vh:v2.52 vh:v2.51 vh:v2.50

132 Commits
v25.10.1 ... 6a20128960

Author SHA1 Message Date
jokob-sk
6a20128960 BE: install refactor work
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-22 07:48:50 +11:00
Jokob @NetAlertX
5d7af88130 Merge pull request #1230 from adamoutler/hardening
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Feat: Enterprise-Grade Security Hardening and Build Overhaul
 2025-10-21 12:35:08 +11:00
Adam Outler
6f2e556112 Remove duplicate file replacement logic in update_vendors.sh 
Dang it coderabbit. We expect more of your diffs.
 2025-10-19 12:18:16 -04:00
Adam Outler
ea4c70ee7f Update install/production-filesystem/services/scripts/check-first-run-config.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-10-19 12:15:55 -04:00
Adam Outler
5ed46da1dc Set caps on actual python3.12 2025-10-19 15:55:28 +00:00
Adam Outler
628f35c15d Remove unused pythonpathpath variable 2025-10-19 15:41:57 +00:00
Adam Outler
066fecfd88 add caps to python instead of scapy. 2025-10-19 15:39:54 +00:00
Adam Outler
660f0c2c48 Update install/production-filesystem/services/scripts/update_vendors.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-10-19 11:37:04 -04:00
Adam Outler
999feb27f9 Update install/production-filesystem/services/scripts/update_vendors.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-10-19 11:36:09 -04:00
Adam Outler
86bf0a3672 Update install/production-filesystem/services/scripts/check-first-run-config.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-10-19 11:35:27 -04:00
Adam Outler
8eab7eeae9 Update .devcontainer/scripts/setup.sh 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-10-19 11:33:07 -04:00
Adam Outler
84f1283cd0 Add novel coderabit no-write database creation 2025-10-19 15:27:55 +00:00
Adam Outler
dcf250d36f Coderabbit nitpicks. 2025-10-19 15:12:27 +00:00
Adam Outler
131c0c0f4b Fix fish terminal. Smarter code completion and other nicities. 2025-10-19 14:28:09 +00:00
Adam Outler
a58b3e35b9 Coderabbit suggestions 2025-10-19 14:18:07 +00:00
Adam Outler
14be7a2bcc Missing Slash 2025-10-19 02:45:19 +00:00
Adam Outler
9b3ddda381 Fix persistent environment issues 2025-10-19 02:35:57 +00:00
Adam Outler
1f46f204bc Generate devcontainer configs 2025-10-19 01:06:42 +00:00
Adam Outler
80c1459442 Final touches on devcontainer 2025-10-19 00:39:26 +00:00
Adam Outler
62536e4bfb Coderabit suggestions 2025-10-18 14:07:27 -04:00
Adam Outler
028335c1a9 Coderabit suggestions 2025-10-18 13:45:48 -04:00
Adam Outler
7483e46dce Merge remote-tracking branch 'origin/main' into hardening 2025-10-18 13:23:57 -04:00
Adam Outler
c1b573f1db Add some todos 2025-10-18 13:16:35 -04:00
Adam Outler
d11c9d7c4a Improve warnings. 2025-10-17 16:36:48 -04:00
jokob-sk
b916542584 BE: DB generate=ing script
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-17 21:33:43 +11:00
jokob-sk
6da3cfdcb9 FE: docs mikrotik 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-17 21:33:22 +11:00
jokob-sk
d38e77f801 docs 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-17 21:32:53 +11:00
jokob-sk
18eaee4906 FE: lang 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-17 21:32:22 +11:00
Safeguard
59e7463832 Translated using Weblate (Russian) 
Currently translated at 100.0% (762 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/ru/
 2025-10-17 09:07:42 +00:00
Adam Outler
dc444117b6 Improve mount permissions 2025-10-16 21:49:54 -04:00
Adam Outler
a3dae0817a Fix debian docker start 2025-10-16 19:51:57 -04:00
Adam Outler
e733f8a089 Relay failed status to docker. 2025-10-16 16:17:37 -04:00
Jokob @NetAlertX
ad0ddda943 Merge pull request #1229 from adamoutler/patch-5
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Add script to regenerate the database from schema
 2025-10-16 12:50:08 +11:00
Adam Outler
28e0e4aab4 Fix database regeneration script to use correct file 2025-10-15 20:53:03 -04:00
Adam Outler
324cde9c4a Add script to regenerate the database from schema 
This script recreates the database from schema code and imports the schema into the new database file.
 2025-10-15 20:50:42 -04:00
Adam Outler
f57ec74cc1 Minor alterations to ddevcontainer. 2025-10-16 00:09:07 +00:00
Adam Outler
de92c9563e break apart services, fix startup 2025-10-15 18:18:30 -04:00
anton garcias
3686a4a07e Translated using Weblate (Catalan)
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Currently translated at 100.0% (762 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/ca/
 2025-10-13 21:07:26 +00:00
Ettore Atalan
44ba9455b6 Translated using Weblate (German) 
Currently translated at 81.3% (620 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/de/
 2025-10-13 21:07:25 +00:00
Adam Outler
5109a0881d Additional hardening 2025-10-12 21:00:27 -04:00
Adam Outler
1be91559d2 Set container parameters 2025-10-12 15:05:20 -04:00
R
3bf6ce698a Translated using Weblate (Chinese (Simplified Han script))
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Currently translated at 100.0% (762 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/zh_Hans/
 2025-10-12 15:52:14 +02:00
Massimo Pissarello
1532256bac Translated using Weblate (Italian)
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Currently translated at 100.0% (762 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/it/
 2025-10-11 13:25:29 +02:00
Максим Горпиніч
a8b62dee03 Translated using Weblate (Ukrainian)
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Currently translated at 100.0% (762 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/uk/
 2025-10-10 12:04:36 +02:00
Sylvain Pichon
fe434b41ae Translated using Weblate (French) 
Currently translated at 100.0% (762 of 762 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/fr/
 2025-10-10 12:04:35 +02:00
jokob-sk
e4d3a50391 FE: API in-app messaging endpoint 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 17:01:14 +11:00
jokob-sk
b59bca2967 BE: API in-app messaging endpoint 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 17:00:53 +11:00
jokob-sk
8ae0367e8e FE: Cleanup 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 15:45:14 +11:00
jokob-sk
0cb038d1c1 BE: UNIFIAPI handle missing id #1224 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 14:37:26 +11:00
jokob-sk
fe018fb3c3 FE: prevent error on no devices selected #1219 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 14:28:08 +11:00
jokob-sk
161723ae35 merge_translations fix 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 14:27:21 +11:00
jokob-sk
6b3f02fcc6 weblate 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 14:26:52 +11:00
jokob-sk
ffc45c5a8d BE: AVAHISCAN -> zeroconf --mockdata
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 14:00:14 +11:00
jokob-sk
902e5360e5 Merge branch 'main' of https://github.com/jokob-sk/NetAlertX 2025-10-10 13:48:50 +11:00
jokob-sk
0093441457 BE: AVAHISCAN -> zeroconf 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-10 13:48:39 +11:00
Jokob @NetAlertX
45fa9a4ca8 Merge pull request #1223 from JVKeller/patch-2 
Update README.md
 2025-10-10 11:46:59 +11:00
Adam Outler
be73e3a7f5 debian dockerfile completed properly. 2025-10-09 20:30:25 -04:00
Adam Outler
016a6adf42 Dockerfile.debian building and running 2025-10-08 19:55:16 -04:00
rell3k
5533beb76d Update README.md 
Remove contend from copy block
 2025-10-07 15:01:32 -04:00
Adam Outler
558ab44d3f Minimize differences between devcontainer and production 2025-10-06 23:31:20 +00:00
Jokob @NetAlertX
33093dba65 Merge pull request #1222 from JVKeller/patch-1
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Update HW_INSTALL.md
 2025-10-07 08:36:05 +11:00
jokob-sk
81ac72bbd6 FE: UI_DEFAULT_PAGE_SIZE #1181 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-07 07:17:00 +11:00
rell3k
b5062f6838 Update HW_INSTALL.md 
Adding new script.
 2025-10-06 08:16:41 -04:00
jokob-sk
417081242f FE: UI_DEFAULT_PAGE_SIZE #1181
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-06 11:44:34 +11:00
jokob-sk
314b7e0974 weblate - Farsi - fa_fa + cleanup 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-06 11:21:33 +11:00
jokob-sk
41e9276ebb BE: multiedit 431 Request Header Fields Too Large #1219 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-06 09:38:31 +11:00
jokob-sk
333d23d704 FE: device name in tab title #1162 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-06 09:23:23 +11:00
jokob-sk
6e24d9b5f7 Better multiEdit logs 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-06 08:59:48 +11:00
jokob-sk
d73a3ebe66 ARPSCAN docs 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 15:42:26 +11:00
jokob-sk
491c202eba ARPSCAN DURATION #1172
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 15:38:17 +11:00
jokob-sk
611911b5dd ICMP docs 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 15:37:34 +11:00
jokob-sk
e242de0ddf ARPSCAN DURATION #1172 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 15:37:17 +11:00
jokob-sk
086cd30355 Prevent Internet root node flipping w/ SYNC plugin enabled #1207 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 14:36:03 +11:00
jokob-sk
9b76f3c273 LOG_LEVEL not respected #1217 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 14:21:29 +11:00
jokob-sk
d05ddafdd3 logger not repsecting new lines #1217 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 14:02:00 +11:00
jokob-sk
bdaa53cc53 Merge branch 'main' of https://github.com/jokob-sk/NetAlertX
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details
2025-10-05 08:09:03 +11:00
jokob-sk
b2428803a5 LOG_LEVEL not respected #1217 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-05 08:08:44 +11:00
Adam Outler
290b6c6f3b Remove nohup.out 2025-10-04 18:51:10 +00:00
Jokob @NetAlertX
fc72abca85 Merge pull request #1213 from gonzague/patch-1
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Fix install script references in HW_INSTALL.md
 2025-10-04 11:38:05 +10:00
Jokob @NetAlertX
2b52d5aec4 Merge pull request #1216 from adamoutler/patch-4 
Update timestamp format to use UTC timezone
 2025-10-04 11:35:55 +10:00
Adam Outler
ada92715a8 all debugging online. 2025-10-03 22:12:42 +00:00
Adam Outler
ab3f9046d2 Update timestamp format to use UTC timezone 
Remove deprecated API utilization.
 2025-10-03 17:27:27 -04:00
Gonzague Dambricourt
521bf54123 Update HW_INSTALL.md 
Fixing references to the Ubuntu install script
 2025-10-03 10:40:03 +02:00
Adam Outler
1e04e9f571 Remove .git-placeholder, add dockerignore 2025-10-03 00:33:20 +00:00
Adam Outler
c81a054d89 Coderabit 2025-10-03 00:08:26 +00:00
Jokob @NetAlertX
42eae405ae Merge pull request #1212 from JVKeller/baremetal-installer
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Baremetal installer
 2025-10-03 07:51:23 +10:00
Adam Outler
33aa8492bb Debugging operational in vscode 2025-10-02 21:19:29 +00:00
Jeff Keller
d7e6ff2688 Fix log permissions 2025-10-02 19:41:06 +00:00
Jeff Keller
b34269d043 Misc tweaks 2025-10-02 19:04:46 +00:00
Jeff Keller
683f4e6c2d Move clone before setting up python env 2025-10-02 18:53:37 +00:00
Jeff Keller
35cd8003b8 Fix logs 2025-10-02 18:38:00 +00:00
Jeff Keller
98d69e1ce8 Restart nginx 2025-10-02 18:17:43 +00:00
Jeff Keller
70d63febda Tweak log file paths 2025-10-02 18:14:51 +00:00
Jeff Keller
dd113f7940 testing 2025-10-02 16:45:59 +00:00
Jeff Keller
0aceb097ba Testing 2025-10-02 16:41:30 +00:00
Jeff Keller
7790530d08 Revert source repo 2025-10-02 16:05:31 +00:00
Jeff Keller
79cec583d9 NGINX configuration 2025-10-02 16:03:23 +00:00
rell3k
dd91d1e7da Merge branch 'jokob-sk:main' into baremetal-installer 2025-10-02 12:01:39 -04:00
Jeff Keller
aad5bec7e2 Single Debian/Ubuntu Installer 2025-10-02 16:00:19 +00:00
Jokob @NetAlertX
a9841157a7 Merge pull request #1211 from PreistlyPython/fix/issue-1210-compound-conditions
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
fix: Support compound conditions in SafeConditionBuilder (Issue #1210)
 2025-10-02 16:11:30 +10:00
priestlypython
1c2721549b fix: Support compound conditions in SafeConditionBuilder (Issue #1210) 
## Problem
PR #1182 introduced SafeConditionBuilder to prevent SQL injection, but it only
supported single-clause conditions. This broke notification filters using multiple
AND/OR clauses, causing user filters like:
`AND devLastIP NOT LIKE '192.168.50.%' AND devLastIP NOT LIKE '192.168.60.%'...`
to be rejected with "Unsupported condition pattern" errors.

## Root Cause
The `_parse_condition()` method used regex patterns that only matched single
conditions. When multiple clauses were chained, the entire string failed to match
any pattern and was rejected for security.

## Solution
Enhanced SafeConditionBuilder with compound condition support:

1. **Added `_is_compound_condition()`** - Detects multiple logical operators
   while respecting quoted strings

2. **Added `_parse_compound_condition()`** - Splits compound conditions into
   individual clauses and parses each one

3. **Added `_split_by_logical_operators()`** - Intelligently splits on AND/OR
   while preserving operators in quoted strings

4. **Refactored `_parse_condition()`** - Routes to compound or single parser

5. **Created `_parse_single_condition()`** - Handles individual clauses (from
   original `_parse_condition` logic)

## Testing
- Added comprehensive test suite (19 tests, 100% passing)
- Tested user's exact failing filter (6 AND clauses with NOT LIKE)
- Verified backward compatibility with single conditions
- Validated security (SQL injection attempts still blocked)
- Tested edge cases (mixed AND/OR, whitespace, empty conditions)

## Impact
-  Fixes reported issue #1210
-  Maintains all security protections from PR #1182
-  Backward compatible with existing single-clause filters
-  No breaking changes to API

Fixes #1210

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-01 18:31:49 -07:00
jokob-sk
4534ab053d TIMEZONE not respected in System Info -> System #1055
Some checks failed
Code checks / check-url-paths (push) Has been cancelled
Details
docker / docker_dev (push) Has been cancelled
Details
Deploy MkDocs / deploy (push) Has been cancelled
Details 
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
 2025-10-02 06:45:37 +10:00
Jeff Keller
cdee9b3b0d Permissions 2025-10-01 20:33:12 +00:00
Jeff Keller
55cfced3f6 Comment out line 2025-10-01 19:41:51 +00:00
Jeff Keller
af6394a334 Tweak permissions 
Tighten security
 2025-10-01 19:34:47 +00:00
Jeff Keller
d9ecffdd22 Cleanup 2025-10-01 19:09:49 +00:00
Jeff Keller
5f0a482556 bug fix 2025-10-01 18:58:05 +00:00
Jeff Keller
09c345796f fix typo 2025-10-01 18:33:44 +00:00
Jeff Keller
e7d067dd38 tweaks 2025-10-01 18:15:28 +00:00
Jeff Keller
223aa29d4d tweaks 2025-10-01 17:40:12 +00:00
rell3k
21e770a4bd Create netalertx.conf 2025-10-01 11:25:15 -04:00
Jeff Keller
c086ac3cf8 Merge Deb/Ubuntu 2025-10-01 15:22:21 +00:00
Adam Outler
0cd1dc8987 Scanning Operational with monitoring 2025-09-30 22:01:03 -04:00
Jeff Keller
f900f3f0d5 Resolve merge: keep proxmox installer and add README for Proxmox installer 2025-09-30 13:38:31 +00:00
Adam Outler
044035ef62 Devcontainer overlay 2025-09-30 01:55:26 +00:00
Adam Outler
dc4848acd0 Information on default config and entrypoints for debug 2025-09-28 21:59:06 -04:00
Adam Outler
c6efe5ac06 All services moved to deployed filesystem 2025-09-28 17:10:15 -04:00
Adam Outler
d182a552b8 Move filesystem to more generic name & add perms 2025-09-27 21:58:00 -04:00
Adam Outler
b47df7b33f capcheck 2025-09-27 19:48:36 -04:00
Adam Outler
46097bb6e8 solid hardened config 2025-09-27 19:15:07 -04:00
Adam Outler
c5d7480e6c Merge branch 'jokob-sk:main' into hardening 2025-09-27 09:00:46 -04:00
Adam Outler
2def3f1dac Validated launch on runner & hardend 2025-09-26 21:01:58 -04:00
Adam Outler
2419a268b2 updated devcontainer dockerfile 2025-09-26 17:52:17 +00:00
Adam Outler
bad67b2e69 fix dockerfile error 2025-09-26 17:52:11 +00:00
Adam Outler
178fb54bb4 Python up and debuggable 2025-09-26 17:32:58 +00:00
Adam Outler
b0a6f889aa Update gitignore 2025-09-26 17:14:20 +00:00
Adam Outler
798d2462d6 expand initial filesystem 2025-09-26 11:56:27 +00:00
Adam Outler
c228d45cea Devcontainer operational, services all down 2025-09-25 23:03:55 +00:00
Adam Outler
dfcc375fba Non-root launch 2025-09-25 14:10:06 -04:00
Adam Outler
8ed21a8c07 monolithic alpine container 2025-09-25 07:43:42 -04:00
Adam Outler
2e694a752d using 4 startup scripts instead of RC6 2025-09-24 19:46:11 -04:00
Adam Outler
29aa884836 architectural change 1 2025-09-24 16:29:15 -04:00
149 changed files with 119834 additions and 4072 deletions
Expand all files Collapse all files

268
.devcontainer/Dockerfile
View File

@@ -1,112 +1,236 @@
# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh
# ---/Dockerfile---
# The NetAlertX Dockerfile has 3 stages:
#
# Stage 1. Builder - NetAlertX Requires special tools and packages to build our virtual environment, but
# which are not needed in future stages. We build the builder and extract the venv for runner to use as
# a base.
#
# Stage 2. Runner builds the bare minimum requirements to create an operational NetAlertX. The primary
# reason for breaking at this stage is it leaves the system in a proper state for devcontainer operation
# This image also provides a break-out point for uses who wish to execute the anti-pattern of using a
# docker container as a VM for experimentation and various development patterns.
#
# Stage 3. Hardened removes root, sudoers, folders, permissions, and locks the system down into a read-only
# compatible image. While NetAlertX does require some read-write operations, this image can guarantee the
# code pushed out by the project is the only code which will run on the system after each container restart.
# It reduces the chance of system hijacking and operates with all modern security protocols in place as is
# expected from a security appliance.
#
# This file can be built with `docker-compose -f docker-compose.yml up --build --force-recreate`
FROM alpine:3.22 AS builder
ARG INSTALL_DIR=/app
ENV PYTHONUNBUFFERED=1
ENV PATH="/opt/venv/bin:$PATH"
# Install build dependencies
COPY requirements.txt /tmp/requirements.txt
RUN apk add --no-cache bash shadow python3 python3-dev gcc musl-dev libffi-dev openssl-dev git \
&& python -m venv /opt/venv
# Enable venv
ENV PATH="/opt/venv/bin:$PATH"
# Create virtual environment owned by root, but readable by everyone else. This makes it easy to copy
# into hardened stage without worrying about permissions and keeps image size small. Keeping the commands
# together makes for a slightly smaller image size.
RUN pip install -r /tmp/requirements.txt && \
chmod -R u-rwx,g-rwx /opt
RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git
# Append Iliadbox certificate to aiofreepybox
# second stage
# second stage is the main runtime stage with just the minimum required to run the application
# The runner is used for both devcontainer, and as a base for the hardened stage.
FROM alpine:3.22 AS runner
ARG INSTALL_DIR=/app
COPY --from=builder /opt/venv /opt/venv
COPY --from=builder /usr/sbin/usermod /usr/sbin/groupmod /usr/sbin/
# NetAlertX app directories
ENV NETALERTX_APP=${INSTALL_DIR}
ENV NETALERTX_CONFIG=${NETALERTX_APP}/config
ENV NETALERTX_FRONT=${NETALERTX_APP}/front
ENV NETALERTX_SERVER=${NETALERTX_APP}/server
ENV NETALERTX_API=${NETALERTX_APP}/api
ENV NETALERTX_DB=${NETALERTX_APP}/db
ENV NETALERTX_DB_FILE=${NETALERTX_DB}/app.db
ENV NETALERTX_BACK=${NETALERTX_APP}/back
ENV NETALERTX_LOG=${NETALERTX_APP}/log
ENV NETALERTX_PLUGINS_LOG=${NETALERTX_LOG}/plugins
ENV NETALERTX_CONFIG_FILE=${NETALERTX_CONFIG}/app.conf
# Enable venv
ENV PATH="/opt/venv/bin:$PATH"
# NetAlertX log files
ENV LOG_IP_CHANGES=${NETALERTX_LOG}/IP_changes.log
ENV LOG_APP=${NETALERTX_LOG}/app.log
ENV LOG_APP_FRONT=${NETALERTX_LOG}/app_front.log
ENV LOG_REPORT_OUTPUT_TXT=${NETALERTX_LOG}/report_output.txt
ENV LOG_DB_IS_LOCKED=${NETALERTX_LOG}/db_is_locked.log
ENV LOG_REPORT_OUTPUT_HTML=${NETALERTX_LOG}/report_output.html
ENV LOG_STDERR=${NETALERTX_LOG}/stderr.log
ENV LOG_APP_PHP_ERRORS=${NETALERTX_LOG}/app.php_errors.log
ENV LOG_EXECUTION_QUEUE=${NETALERTX_LOG}/execution_queue.log
ENV LOG_REPORT_OUTPUT_JSON=${NETALERTX_LOG}/report_output.json
ENV LOG_STDOUT=${NETALERTX_LOG}/stdout.log
ENV LOG_CROND=${NETALERTX_LOG}/crond.log
# default port and listen address
ENV PORT=20211 LISTEN_ADDR=0.0.0.0
# System Services configuration files
ENV SYSTEM_SERVICES=/services
ENV SYSTEM_SERVICES_SCRIPTS=${SYSTEM_SERVICES}/scripts
ENV SYSTEM_SERVICES_CONFIG=${SYSTEM_SERVICES}/config
ENV SYSTEM_NGINX_CONFIG=${SYSTEM_SERVICES_CONFIG}/nginx
ENV SYSTEM_NGINX_CONFIG_FILE=${SYSTEM_NGINX_CONFIG}/nginx.conf
ENV SYSTEM_SERVICES_PHP_FOLDER=${SYSTEM_SERVICES_CONFIG}/php
ENV SYSTEM_SERVICES_PHP_FPM_D=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.d
ENV SYSTEM_SERVICES_CROND=${SYSTEM_SERVICES_CONFIG}/crond
ENV SYSTEM_SERVICES_RUN=${SYSTEM_SERVICES}/run
ENV SYSTEM_SERVICES_RUN_TMP=${SYSTEM_SERVICES_RUN}/tmp
ENV SYSTEM_SERVICES_RUN_LOG=${SYSTEM_SERVICES_RUN}/logs
ENV PHP_FPM_CONFIG_FILE=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.conf
ENV READ_ONLY_FOLDERS="${NETALERTX_BACK} ${NETALERTX_FRONT} ${NETALERTX_SERVER} ${SYSTEM_SERVICES} \
${SYSTEM_SERVICES_CONFIG}"
ENV READ_WRITE_FOLDERS="${NETALERTX_CONFIG} ${NETALERTX_DB} ${NETALERTX_API} ${NETALERTX_LOG} \
${NETALERTX_PLUGINS_LOG} ${SYSTEM_SERVICES_RUN} ${SYSTEM_SERVICES_RUN_TMP} \
${SYSTEM_SERVICES_RUN_LOG}"
# needed for s6-overlay
ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
#Python environment
ENV PYTHONUNBUFFERED=1
ENV VIRTUAL_ENV=/opt/venv
ENV VIRTUAL_ENV_BIN=/opt/venv/bin
ENV PYTHONPATH=${NETALERTX_APP}:${NETALERTX_SERVER}:${VIRTUAL_ENV}/lib/python3.12/site-packages
ENV PATH="${SYSTEM_SERVICES}:${VIRTUAL_ENV_BIN}:$PATH"
# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.sh file as well ❗
RUN apk update --no-cache \
&& apk add --no-cache bash libbsd zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
&& apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates \
&& apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
&& apk add --no-cache python3 nginx \
&& ln -s /usr/bin/awake /usr/bin/wakeonlan \
&& rm -f /etc/nginx/http.d/default.conf
# App Environment
ENV LISTEN_ADDR=0.0.0.0
ENV PORT=20211
ENV NETALERTX_DEBUG=0
ENV VENDORSPATH=/app/back/ieee-oui.txt
ENV VENDORSPATH_NEWEST=/services/run/tmp/ieee-oui.txt
ENV PYTHONPATHPATH="${NETALERTX_APP}:${VIRTUAL_ENV}/bin:${PATH}"
ENV ENVIRONMENT=alpine
ENV READ_ONLY_USER=readonly READ_ONLY_GROUP=readonly
ENV NETALERTX_USER=netalertx NETALERTX_GROUP=netalertx
ENV LANG=C.UTF-8
# Add crontab file
COPY --chmod=600 --chown=root:root install/crontab /etc/crontabs/root
RUN apk add --no-cache bash mtr libbsd zip lsblk tzdata curl arp-scan iproute2 iproute2-ss nmap \
nmap-scripts traceroute nbtscan net-tools net-snmp-tools bind-tools awake ca-certificates \
sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session python3 envsubst \
nginx shadow && \
rm -Rf /var/cache/apk/* && \
rm -Rf /etc/nginx && \
addgroup -g 20211 ${NETALERTX_GROUP} && \
adduser -u 20211 -D -h ${NETALERTX_APP} -G ${NETALERTX_GROUP} ${NETALERTX_USER} && \
apk del shadow
# Start all required services
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=2 \
CMD curl -sf -o /dev/null ${LISTEN_ADDR}:${PORT}/php/server/query_json.php?file=app_state.json
ENTRYPOINT ["/init"]
# Install application, copy files, set permissions
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} install/production-filesystem/ /
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 back ${NETALERTX_BACK}
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 front ${NETALERTX_FRONT}
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 server ${NETALERTX_SERVER}
RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 755 ${NETALERTX_API} \
${NETALERTX_LOG} ${SYSTEM_SERVICES_RUN_TMP} ${SYSTEM_SERVICES_RUN_LOG} && \
sh -c "find ${NETALERTX_APP} -type f \( -name '*.sh' -o -name 'speedtest-cli' \) \
-exec chmod 750 {} \;"
# Copy the virtualenv from the builder stage
COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
# Initialize each service with the dockerfiles/init-*.sh scripts, once.
# This is done after the copy of the venv to ensure the venv is in place
# although it may be quicker to do it before the copy, it keeps the image
# layers smaller to do it after.
RUN apk add libcap && \
setcap cap_net_raw+ep /bin/busybox && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \
setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nbtscan && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/traceroute && \
setcap cap_net_raw,cap_net_admin+eip ${VIRTUAL_ENV_BIN}/scapy && \
/bin/sh /build/init-nginx.sh && \
/bin/sh /build/init-php-fpm.sh && \
/bin/sh /build/init-crond.sh && \
/bin/sh /build/init-backend.sh && \
rm -rf /build && \
apk del libcap
ENTRYPOINT ["/bin/sh","/entrypoint.sh"]
# Final hardened stage to improve security by setting least possible permissions and removing sudo access.
# When complete, if the image is compromised, there's not much that can be done with it.
# This stage is separate from Runner stage so that devcontainer can use the Runner stage.
FROM runner AS hardened
ENV UMASK=0077
# Create readonly user and group with no shell access.
# Readonly user marks folders that are created by NetAlertX, but should not be modified.
# AI may claim this is stupid, but it's actually least possible permissions as
# read-only user cannot login, cannot sudo, has no write permission, and cannot even
# read the files it owns. The read-only user is ownership-as-a-lock hardening pattern.
RUN addgroup -g 20212 ${READ_ONLY_GROUP} && \
adduser -u 20212 -G ${READ_ONLY_GROUP} -D -h /app ${READ_ONLY_USER}
# reduce permissions to minimum necessary for all NetAlertX files and folders
# Permissions 005 and 004 are not typos, they enable read-only. Everyone can
# read the read-only files, and nobody can write to them, even the readonly user.
RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
chmod -R 004 ${READ_ONLY_FOLDERS} && \
find ${READ_ONLY_FOLDERS} -type d -exec chmod 005 {} + && \
install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FOLDERS} && \
chown -R ${NETALERTX_USER}:${NETALERTX_GROUP} ${READ_WRITE_FOLDERS} && \
chmod -R 600 ${READ_WRITE_FOLDERS} && \
find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
apk del apk-tools && \
rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
/lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \
/srv /media && \
sed -i "/^\(${READ_ONLY_USER}\|${NETALERTX_USER}\):/!d" /etc/passwd && \
sed -i "/^\(${READ_ONLY_GROUP}\|${NETALERTX_GROUP}\):/!d" /etc/group && \
echo -ne '#!/bin/sh\n"$@"\n' > /usr/bin/sudo && chmod +x /usr/bin/sudo
USER netalertx
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD /services/healthcheck.sh
# ---/resources/devcontainer-Dockerfile---
# Devcontainer build stage (do not build directly)
# This file is combined with the root /Dockerfile by
# .devcontainer/scripts/generate-dockerfile.sh
# .devcontainer/scripts/generate-configs.sh
# The generator appends this stage to produce .devcontainer/Dockerfile.
# Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
FROM runner AS devcontainer
ENV INSTALL_DIR=/app
FROM runner AS netalertx-devcontainer
ENV INSTALL_DIR=/app
ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
ENV PATH=/services:${PATH}
ENV PHP_INI_SCAN_DIR=/services/config/php/conf.d:/etc/php83/conf.d
ENV LISTEN_ADDR=0.0.0.0
ENV PORT=20211
ENV NETALERTX_DEBUG=1
ENV PYDEVD_DISABLE_FILE_VALIDATION=1
COPY .devcontainer/resources/devcontainer-overlay/ /
# Install common tools, create user, and set up sudo
RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov && \
adduser -D -s /bin/sh netalertx && \
addgroup netalertx nginx && \
addgroup netalertx www-data && \
echo "netalertx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-netalertx && \
chmod 440 /etc/sudoers.d/90-netalertx
RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov fish shfmt sudo
RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \
cp -a /usr/lib/php83/modules/. /services/php/modules/ && \
echo "${NETALERTX_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Install debugpy in the virtualenv if present, otherwise into system python3
RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true'
# setup nginx
COPY .devcontainer/resources/netalertx-devcontainer.conf /etc/nginx/http.d/netalert-frontend.conf
RUN set -e; \
chown netalertx:nginx /etc/nginx/http.d/netalert-frontend.conf; \
install -d -o netalertx -g www-data -m 775 /app; \
install -d -o netalertx -g www-data -m 755 /run/nginx; \
install -d -o netalertx -g www-data -m 755 /var/lib/nginx/logs; \
rm -f /var/lib/nginx/logs/* || true; \
for f in error access; do : > /var/lib/nginx/logs/$f.log; done; \
install -d -o netalertx -g www-data -m 777 /run/php; \
install -d -o netalertx -g www-data -m 775 /var/log/php; \
chown -R netalertx:www-data /etc/nginx/http.d; \
chmod -R 775 /etc/nginx/http.d; \
chown -R netalertx:www-data /var/lib/nginx; \
chmod -R 755 /var/lib/nginx && \
chown -R netalertx:www-data /var/log/nginx/ && \
sed -i '/^user /d' /etc/nginx/nginx.conf; \
sed -i 's|^error_log .*|error_log /dev/stderr warn;|' /etc/nginx/nginx.conf; \
sed -i 's|^access_log .*|access_log /dev/stdout main;|' /etc/nginx/nginx.conf; \
sed -i 's|error_log .*|error_log /dev/stderr warn;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
sed -i 's|access_log .*|access_log /dev/stdout main;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
mkdir -p /run/openrc; \
chown netalertx:nginx /run/openrc/; \
rm -Rf /run/openrc/*;
RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true' && \
mkdir /workspaces && \
install -d -o netalertx -g netalertx -m 777 /services/run/logs && \
install -d -o netalertx -g netalertx -m 777 /app/run/tmp/client_body && \
sed -i -e 's|:/app:|:/workspaces:|' /etc/passwd && \
python -m pip install -U pytest pytest-cov
# setup pytest
RUN sudo /opt/venv/bin/python -m pip install -U pytest pytest-cov
WORKDIR /workspaces/NetAlertX
ENTRYPOINT ["/bin/sh","-c","sleep infinity"]
ENTRYPOINT ["/bin/sh","-c","sleep infinity"]

93
.devcontainer/devcontainer.json
View File

@@ -1,27 +1,47 @@
{
"name": "NetAlertX DevContainer",
"remoteUser": "netalertx",
"build": {
"dockerfile": "Dockerfile",
"context": "..",
"target": "devcontainer"
},
"workspaceFolder": "/workspaces/NetAlertX",
"runArgs": [
"--add-host=host.docker.internal:host-gateway",
"--security-opt", "apparmor=unconfined" // for alowing ramdisk mounts
],
"build": {
"dockerfile": "./Dockerfile", // Dockerfile generated by script
"context": "../", // Context is the root of the repository
"target": "netalertx-devcontainer"
},
"capAdd": [
"SYS_ADMIN", // For mounting ramdisks
"NET_ADMIN", // For network interface configuration
"NET_RAW" // For raw packet manipulation
"NET_RAW" // For raw packet manipulation
],
"runArgs": [
"--security-opt",
"apparmor=unconfined", // for allowing ramdisk mounts
"--add-host=host.docker.internal:host-gateway"
// Uncomment --network=host to run full NetAlertX scanning capabilities of network scanning in
// container. This runs too slowly in a large network to be practical for development purposes.
// You can start services such as avahi on the host, in other containers within the network, or
// even within this container and connect to them as needed.
// "--network=host",
],
// ATTENTION: If running with --network=host, COMMENT `forwardPorts` OR ELSE THERE WILL BE NO WEBUI!
"forwardPorts": [20211, 20212, 5678],
"portsAttributes": { // the ports we care about
"20211": {
"label": "Frontend:Nginx+PHP"
},
"20212": {
"label": "Backend:GraphQL"
},
"9003": {
"label": "PHP Debug:Xdebug"
},
"5678": {
"label": "Python Debug:debugpy"
}
},
"postStartCommand": "${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh",
"customizations": {
"vscode": {
"extensions": [
@@ -33,17 +53,24 @@
"ms-python.vscode-pylance",
"pamaron.pytest-runner",
"coderabbit.coderabbit-vscode",
"ms-python.black-formatter"
]
,
"ms-python.black-formatter",
"jeff-hykin.better-dockerfile-syntax",
"GitHub.codespaces",
"ms-azuretools.vscode-containers",
"ms-python.vscode-python-envs",
"dbaeumer.vscode-eslint",
"esbenp.prettier-vscode",
"eamodio.gitlens",
"alexcvzz.vscode-sqlite",
"yzhang.markdown-all-in-one",
"mkhl.shfmt"
],
"settings": {
"terminal.integrated.cwd": "${containerWorkspaceFolder}",
// Python testing configuration
"python.testing.pytestEnabled": true,
"python.testing.unittestEnabled": false,
"python.testing.pytestArgs": [
"test"
],
"python.testing.pytestArgs": ["test"],
// Make sure we discover tests and import server correctly
"python.analysis.extraPaths": [
"/workspaces/NetAlertX",
@@ -54,26 +81,6 @@
}
}
},
"forwardPorts": [5678, 9000, 9003, 20211, 20212],
"portsAttributes": {
"20211": {
"label": "Frontend:Nginx+PHP"
},
"20212": {
"label": "Backend:GraphQL"
},
"9003": {
"label": "PHP Debug:Xdebug"
},
"9000": {
"label": "PHP-FPM:FastCGI"
},
"5678": {
"label": "Python Debug:debugpy"
}
},
// Optional: ensures compose services are stopped when you close the window
"shutdownAction": "stopContainer"
}
"shutdownAction": "stopContainer" // stop container when VSCode is closed
}

8
.devcontainer/resources/99-xdebug.ini
View File

@@ -1,8 +0,0 @@
zend_extension="xdebug.so"
[xdebug]
xdebug.mode=develop,debug
xdebug.log_level=0
xdebug.client_host=host.docker.internal
xdebug.client_port=9003
xdebug.start_with_request=yes
xdebug.discover_client_host=1

64
.devcontainer/resources/devcontainer-Dockerfile
View File

@@ -1,51 +1,33 @@
# Devcontainer build stage (do not build directly)
# This file is combined with the root /Dockerfile by
# .devcontainer/scripts/generate-dockerfile.sh
# .devcontainer/scripts/generate-configs.sh
# The generator appends this stage to produce .devcontainer/Dockerfile.
# Prefer to place dev-only setup here; use setup.sh only for runtime fixes.
FROM runner AS devcontainer
ENV INSTALL_DIR=/app
FROM runner AS netalertx-devcontainer
ENV INSTALL_DIR=/app
ENV PYTHONPATH=/workspaces/NetAlertX/test:/workspaces/NetAlertX/server:/app:/app/server:/opt/venv/lib/python3.12/site-packages
ENV PATH=/services:${PATH}
ENV PHP_INI_SCAN_DIR=/services/config/php/conf.d:/etc/php83/conf.d
ENV LISTEN_ADDR=0.0.0.0
ENV PORT=20211
ENV NETALERTX_DEBUG=1
ENV PYDEVD_DISABLE_FILE_VALIDATION=1
COPY .devcontainer/resources/devcontainer-overlay/ /
# Install common tools, create user, and set up sudo
RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov && \
adduser -D -s /bin/sh netalertx && \
addgroup netalertx nginx && \
addgroup netalertx www-data && \
echo "netalertx ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-netalertx && \
chmod 440 /etc/sudoers.d/90-netalertx
RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov fish shfmt github-cli
RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \
cp -a /usr/lib/php83/modules/. /services/php/modules/ && \
echo "${NETALERTX_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Install debugpy in the virtualenv if present, otherwise into system python3
RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true'
# setup nginx
COPY .devcontainer/resources/netalertx-devcontainer.conf /etc/nginx/http.d/netalert-frontend.conf
RUN set -e; \
chown netalertx:nginx /etc/nginx/http.d/netalert-frontend.conf; \
install -d -o netalertx -g www-data -m 775 /app; \
install -d -o netalertx -g www-data -m 755 /run/nginx; \
install -d -o netalertx -g www-data -m 755 /var/lib/nginx/logs; \
rm -f /var/lib/nginx/logs/* || true; \
for f in error access; do : > /var/lib/nginx/logs/$f.log; done; \
install -d -o netalertx -g www-data -m 777 /run/php; \
install -d -o netalertx -g www-data -m 775 /var/log/php; \
chown -R netalertx:www-data /etc/nginx/http.d; \
chmod -R 775 /etc/nginx/http.d; \
chown -R netalertx:www-data /var/lib/nginx; \
chmod -R 755 /var/lib/nginx && \
chown -R netalertx:www-data /var/log/nginx/ && \
sed -i '/^user /d' /etc/nginx/nginx.conf; \
sed -i 's|^error_log .*|error_log /dev/stderr warn;|' /etc/nginx/nginx.conf; \
sed -i 's|^access_log .*|access_log /dev/stdout main;|' /etc/nginx/nginx.conf; \
sed -i 's|error_log .*|error_log /dev/stderr warn;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
sed -i 's|access_log .*|access_log /dev/stdout main;|g' /etc/nginx/http.d/*.conf 2>/dev/null || true; \
mkdir -p /run/openrc; \
chown netalertx:nginx /run/openrc/; \
rm -Rf /run/openrc/*;
RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true' && \
mkdir /workspaces && \
install -d -o netalertx -g netalertx -m 777 /services/run/logs && \
install -d -o netalertx -g netalertx -m 777 /app/run/tmp/client_body && \
sed -i -e 's|:/app:|:/workspaces:|' /etc/passwd && \
python -m pip install -U pytest pytest-cov
# setup pytest
RUN sudo /opt/venv/bin/python -m pip install -U pytest pytest-cov
WORKDIR /workspaces/NetAlertX
ENTRYPOINT ["/bin/sh","-c","sleep infinity"]
ENTRYPOINT ["/bin/sh","-c","sleep infinity"]

118
.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template Executable file
View File

@@ -0,0 +1,118 @@
# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-configs.sh
# Generated from: install/production-filesystem/services/config/nginx/netalertx.conf.template
# Set number of worker processes automatically based on number of CPU cores.
worker_processes auto;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Configures default error logger.
error_log /app/log/nginx-error.log warn;
events {
# The maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
}
http {
# Mapping of temp paths for various nginx modules.
client_body_temp_path /services/run/tmp/client_body;
proxy_temp_path /services/run/tmp/proxy;
fastcgi_temp_path /services/run/tmp/fastcgi;
uwsgi_temp_path /services/run/tmp/uwsgi;
scgi_temp_path /services/run/tmp/scgi;
# Includes mapping of file name extensions to MIME types of responses
# and defines the default type.
include /services/config/nginx/mime.types;
default_type application/octet-stream;
# Name servers used to resolve names of upstream servers into addresses.
# It's also needed when using tcpsocket and udpsocket in Lua modules.
#resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
# Don't tell nginx version to the clients. Default is 'on'.
server_tokens off;
# Specifies the maximum accepted body size of a client request, as
# indicated by the request header Content-Length. If the stated content
# length is greater than this size, then the client receives the HTTP
# error code 413. Set to 0 to disable. Default is '1m'.
client_max_body_size 1m;
# Sendfile copies data between one FD and other from within the kernel,
# which is more efficient than read() + write(). Default is off.
sendfile on;
# Causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames. Default is 'off'.
tcp_nopush on;
# Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2.
# TIP: If you're not obligated to support ancient clients, remove TLSv1.1.
ssl_protocols TLSv1.2 TLSv1.3;
# Path of the file with Diffie-Hellman parameters for EDH ciphers.
# TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048`
#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
# Specifies that our cipher suits should be preferred over client ciphers.
# Default is 'off'.
ssl_prefer_server_ciphers on;
# Enables a shared SSL cache with size that can hold around 8000 sessions.
# Default is 'none'.
ssl_session_cache shared:SSL:2m;
# Specifies a time during which a client may reuse the session parameters.
# Default is '5m'.
ssl_session_timeout 1h;
# Disable TLS session tickets (they are insecure). Default is 'on'.
ssl_session_tickets off;
# Enable gzipping of responses.
gzip on;
# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
gzip_vary on;
# Specifies the main log format.
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Sets the path, format, and configuration for a buffered log write.
access_log /app/log/nginx-access.log main;
# Virtual host config
server {
listen 0.0.0.0:20211 default_server;
large_client_header_buffers 4 16k;
root /app/front;
index index.php;
add_header X-Forwarded-Prefix "/app" always;
location ~* \.php$ {
# Set Cache-Control header to prevent caching on the first load
add_header Cache-Control "no-store";
fastcgi_pass unix:/services/run/php.sock;
include /services/config/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PHP_VALUE "xdebug.remote_enable=1";
fastcgi_connect_timeout 75;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
}
}
}

11
.devcontainer/resources/devcontainer-overlay/services/config/php/conf.d/99-xdebug.ini Executable file
View File

@@ -0,0 +1,11 @@
zend_extension="/services/php/modules/xdebug.so"
extension_dir="/services/php/modules"
[xdebug]
xdebug.mode=develop,debug
xdebug.log=/app/log/xdebug.log
xdebug.log_level=7
xdebug.client_host=127.0.0.1
xdebug.client_port=9003
xdebug.start_with_request=yes
xdebug.discover_client_host=0

1
.devcontainer/resources/devcontainer-overlay/services/config/python/backend-extra-launch-parameters Executable file
View File

@@ -0,0 +1 @@
-m debugpy --listen 0.0.0.0:5678

26
.devcontainer/resources/netalertx-devcontainer.conf
View File

@@ -1,26 +0,0 @@
log_format netalertx '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log netalertx flush=1s;
error_log /var/log/nginx/error.log warn;
server {
listen 20211 default_server;
root /app/front;
index index.php;
add_header X-Forwarded-Prefix "/netalertx" always;
proxy_set_header X-Forwarded-Prefix "/netalertx";
location ~* \.php$ {
add_header Cache-Control "no-store";
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PHP_VALUE "xdebug.remote_enable=1";
fastcgi_connect_timeout 75;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
}
}

14
.devcontainer/scripts/confirm-docker-prune.sh Executable file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
set -euo pipefail
read -r -p "Are you sure you want to destroy your host docker containers and images? Type YES to continue: " reply
if [[ "${reply}" == "YES" ]]; then
docker system prune -af
docker builder prune -af
else
echo "Aborted."
exit 1
fi
echo "Done."

62
.devcontainer/scripts/generate-configs.sh Executable file
View File

@@ -0,0 +1,62 @@
#!/bin/sh
# Generator for .devcontainer/Dockerfile
# Combines the root /Dockerfile (with some COPY lines removed) and
# the dev-only stage in .devcontainer/resources/devcontainer-Dockerfile.
# Run this script after modifying the resource Dockerfile to refresh
# the final .devcontainer/Dockerfile used by the devcontainer.
echo "Generating .devcontainer/Dockerfile"
SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
DEVCONTAINER_DIR="${SCRIPT_DIR%/scripts}"
ROOT_DIR="${DEVCONTAINER_DIR%/.devcontainer}"
OUT_FILE="${DEVCONTAINER_DIR}/Dockerfile"
echo "Adding base Dockerfile from $ROOT_DIR..."
echo "# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-configs.sh" > "$OUT_FILE"
echo "" >> "$OUT_FILE"
echo "# ---/Dockerfile---" >> "$OUT_FILE"
cat "${ROOT_DIR}/Dockerfile" >> "$OUT_FILE"
echo "" >> "$OUT_FILE"
echo "# ---/resources/devcontainer-Dockerfile---" >> "$OUT_FILE"
echo "" >> "$OUT_FILE"
echo "Adding devcontainer-Dockerfile from $DEVCONTAINER_DIR/resources..."
cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile" >> "$OUT_FILE"
echo "Generated $OUT_FILE using root dir $ROOT_DIR" >&2
# Generate devcontainer nginx config from production template
echo "Generating devcontainer nginx config"
NGINX_TEMPLATE="${ROOT_DIR}/install/production-filesystem/services/config/nginx/netalertx.conf.template"
NGINX_OUT="${DEVCONTAINER_DIR}/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template"
# Create output directory if it doesn't exist
mkdir -p "$(dirname "$NGINX_OUT")"
# Start with header comment
cat > "$NGINX_OUT" << 'EOF'
# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-configs.sh
# Generated from: install/production-filesystem/services/config/nginx/netalertx.conf.template
EOF
# Process the template: replace listen directive and inject Xdebug params
sed 's/${LISTEN_ADDR}:${PORT}/0.0.0.0:20211/g' "$NGINX_TEMPLATE" | \
awk '
/fastcgi_param SCRIPT_NAME \$fastcgi_script_name;/ {
print $0
print ""
print " fastcgi_param PHP_VALUE \"xdebug.remote_enable=1\";"
next
}
{ print }
' >> "$NGINX_OUT"
echo "Generated $NGINX_OUT from $NGINX_TEMPLATE" >&2
echo "Done."

38
.devcontainer/scripts/generate-dockerfile.sh
View File

@@ -1,38 +0,0 @@
#!/bin/sh
# Generator for .devcontainer/Dockerfile
# Combines the root /Dockerfile (with some COPY lines removed) and
# the dev-only stage in .devcontainer/resources/devcontainer-Dockerfile.
# Run this script after modifying the resource Dockerfile to refresh
# the final .devcontainer/Dockerfile used by the devcontainer.
# Make a copy of the original Dockerfile to the .devcontainer folder
# but remove the COPY . ${INSTALL_DIR}/ command from it. This avoids
# overwriting /app (which uses symlinks to the workspace) and preserves
# debugging capabilities inside the devcontainer.
SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
DEVCONTAINER_DIR="${SCRIPT_DIR%/scripts}"
ROOT_DIR="${DEVCONTAINER_DIR%/.devcontainer}"
OUT_FILE="${DEVCONTAINER_DIR}/Dockerfile"
echo "# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh" > "$OUT_FILE"
echo "" >> "$OUT_FILE"
echo "# ---/Dockerfile---" >> "$OUT_FILE"
sed '/${INSTALL_DIR}/d' "${ROOT_DIR}/Dockerfile" >> "$OUT_FILE"
# sed the line https://github.com/foreign-sub/aiofreepybox.git \\ to remove trailing backslash
sed -i '/aiofreepybox.git/ s/ \\$//' "$OUT_FILE"
# don't cat the file, just copy it in because it doesn't exist at build time
sed -i 's|^ RUN cat ${INSTALL_DIR}/install/freebox_certificate.pem >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem$| COPY install/freebox_certificate.pem /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem |' "$OUT_FILE"
echo "" >> "$OUT_FILE"
echo "# ---/resources/devcontainer-Dockerfile---" >> "$OUT_FILE"
echo "" >> "$OUT_FILE"
cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile" >> "$OUT_FILE"
echo "Generated $OUT_FILE using root dir $ROOT_DIR" >&2

8
.devcontainer/scripts/isDevContainer.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
if [ ! -d /workspaces/NetAlertX/.devcontainer ]; then
echo ---------------------------------------------------
echo "This script may only be run inside a devcontainer."
echo "Not in a devcontainer, exiting..."
echo ---------------------------------------------------
exit 255
fi

26
.devcontainer/scripts/restart-backend.sh
View File

@@ -1,26 +0,0 @@
#!/bin/sh
# Start (or restart) the NetAlertX Python backend under debugpy in background.
# This script is invoked by the VS Code task "Restart GraphQL".
# It exists to avoid complex inline command chains that were being mangled by the task runner.
set -e
LOG_DIR=/app/log
APP_DIR=/app/server
PY=python3
PORT_DEBUG=5678
# Kill any prior debug/run instances
sudo killall python3 2>/dev/null || true
sleep 2
echo ''|tee $LOG_DIR/stdout.log $LOG_DIR/stderr.log $LOG_DIR/app.log
cd "$APP_DIR"
# Launch using absolute module path for clarity; rely on cwd for local imports
setsid nohup "${PY}" -m debugpy --listen "0.0.0.0:${PORT_DEBUG}" /app/server/__main__.py \
1>>"$LOG_DIR/stdout.log" \
2>>"$LOG_DIR/stderr.log" &
PID=$!
sleep 2

203
.devcontainer/scripts/setup.sh
View File

@@ -1,4 +1,4 @@
#! /bin/bash
#!/bin/bash
# Runtime setup for devcontainer (executed after container starts).
# Prefer building setup into resources/devcontainer-Dockerfile when possible.
# Use this script for runtime-only adjustments (permissions, sockets, ownership,
@@ -10,30 +10,28 @@ id
export APP_DIR="/app"
export APP_COMMAND="/workspaces/NetAlertX/.devcontainer/scripts/restart-backend.sh"
export PHP_FPM_BIN="/usr/sbin/php-fpm83"
export NGINX_BIN="/usr/sbin/nginx"
export CROND_BIN="/usr/sbin/crond -f"
export ALWAYS_FRESH_INSTALL=false
export INSTALL_DIR=/app
export APP_DATA_LOCATION=/app/config
export APP_CONFIG_LOCATION=/app/config
export LOGS_LOCATION=/app/logs
export CONF_FILE="app.conf"
export NGINX_CONF_FILE=netalertx.conf
export DB_FILE="app.db"
export FULL_FILEDB_PATH="${INSTALL_DIR}/db/${DB_FILE}"
export NGINX_CONFIG_FILE="/etc/nginx/http.d/${NGINX_CONF_FILE}"
export OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
export TZ=Europe/Paris
export PORT=20211
export SOURCE_DIR="/workspaces/NetAlertX"
main() {
echo "=== NetAlertX Development Container Setup ==="
killall php-fpm83 nginx crond python3 2>/dev/null
sleep 1
echo "Setting up ${SOURCE_DIR}..."
sudo chown $(id -u):$(id -g) /workspaces
sudo chmod 755 /workspaces
configure_source
echo "--- Starting Development Services ---"
@@ -43,158 +41,97 @@ main() {
start_services
}
# safe_link: create a symlink from source to target, removing existing target if necessary
# bypassing the default behavior of symlinking the directory into the target directory if it is a directory
safe_link() {
# usage: safe_link <source> <target>
local src="$1"
local dst="$2"
isRamDisk() {
if [ -z "$1" ] || [ ! -d "$1" ]; then
echo "Usage: isRamDisk <directory>" >&2
return 2
fi
# Ensure parent directory exists
install -d -m 775 "$(dirname "$dst")" >/dev/null 2>&1 || true
local fstype
fstype=$(df -T "$1" | awk 'NR==2 {print $2}')
# If target exists, remove it without dereferencing symlinks
if [ -L "$dst" ] || [ -e "$dst" ]; then
rm -rf "$dst"
fi
# Create link; -n prevents deref, -f replaces if somehow still exists
ln -sfn "$src" "$dst"
if [ "$fstype" = "tmpfs" ] || [ "$fstype" = "ramfs" ]; then
return 0 # Success (is a ramdisk)
else
return 1 # Failure (is not a ramdisk)
fi
}
# Setup source directory
configure_source() {
echo "[1/3] Configuring Source..."
echo " -> Linking source to ${INSTALL_DIR}"
echo "Dev">${INSTALL_DIR}/.VERSION
echo "[1/4] Configuring System..."
echo " -> Setting up /services permissions"
sudo chown -R netalertx /services
echo " -> Mounting ramdisks for /log and /api"
sudo mount -t tmpfs -o size=256M tmpfs "${SOURCE_DIR}/log"
sudo mount -t tmpfs -o size=512M tmpfs "${SOURCE_DIR}/api"
safe_link ${SOURCE_DIR}/api ${INSTALL_DIR}/api
safe_link ${SOURCE_DIR}/back ${INSTALL_DIR}/back
safe_link "${SOURCE_DIR}/config" "${INSTALL_DIR}/config"
safe_link "${SOURCE_DIR}/db" "${INSTALL_DIR}/db"
if [ ! -f "${SOURCE_DIR}/config/app.conf" ]; then
cp ${SOURCE_DIR}/back/app.conf ${INSTALL_DIR}/config/
cp ${SOURCE_DIR}/back/app.db ${INSTALL_DIR}/db/
fi
echo "[2/4] Configuring Source..."
echo " -> Cleaning up previous instances"
safe_link "${SOURCE_DIR}/docs" "${INSTALL_DIR}/docs"
safe_link "${SOURCE_DIR}/front" "${INSTALL_DIR}/front"
safe_link "${SOURCE_DIR}/install" "${INSTALL_DIR}/install"
safe_link "${SOURCE_DIR}/scripts" "${INSTALL_DIR}/scripts"
safe_link "${SOURCE_DIR}/server" "${INSTALL_DIR}/server"
safe_link "${SOURCE_DIR}/test" "${INSTALL_DIR}/test"
safe_link "${SOURCE_DIR}/log" "${INSTALL_DIR}/log"
safe_link "${SOURCE_DIR}/mkdocs.yml" "${INSTALL_DIR}/mkdocs.yml"
test -e ${NETALERTX_LOG} && sudo umount "${NETALERTX_LOG}" 2>/dev/null || true
test -e ${NETALERTX_API} && sudo umount "${NETALERTX_API}" 2>/dev/null || true
test -e ${NETALERTX_APP} && sudo rm -Rf ${NETALERTX_APP}/
echo " -> Copying static files to ${INSTALL_DIR}"
cp -R ${SOURCE_DIR}/CODE_OF_CONDUCT.md ${INSTALL_DIR}/
cp -R ${SOURCE_DIR}/dockerfiles ${INSTALL_DIR}/dockerfiles
sudo cp -na "${INSTALL_DIR}/back/${CONF_FILE}" "${INSTALL_DIR}/config/${CONF_FILE}"
sudo cp -na "${INSTALL_DIR}/back/${DB_FILE}" "${FULL_FILEDB_PATH}"
if [ -e "${INSTALL_DIR}/api/user_notifications.json" ]; then
echo " -> Removing existing user_notifications.json"
sudo rm "${INSTALL_DIR}"/api/user_notifications.json
fi
echo " -> Linking source to ${NETALERTX_APP}"
sudo ln -s ${SOURCE_DIR}/ ${NETALERTX_APP}
echo " -> Mounting ramdisks for /log and /api"
mkdir -p ${NETALERTX_LOG} ${NETALERTX_API}
sudo mount -o uid=$(id -u netalertx),gid=$(id -g netalertx),mode=775 -t tmpfs -o size=256M tmpfs "${NETALERTX_LOG}"
sudo mount -o uid=$(id -u netalertx),gid=$(id -g netalertx),mode=775 -t tmpfs -o size=256M tmpfs "${NETALERTX_API}"
mkdir -p ${NETALERTX_PLUGINS_LOG}
touch ${NETALERTX_PLUGINS_LOG}/.dockerignore ${NETALERTX_API}/.dockerignore
# tmpfs mounts configured with netalertx ownership and 775 permissions above
echo " -> Setting ownership and permissions"
sudo find ${INSTALL_DIR}/ -type d -exec chmod 775 {} \;
sudo find ${INSTALL_DIR}/ -type f -exec chmod 664 {} \;
sudo date +%s > "${INSTALL_DIR}/front/buildtimestamp.txt"
sudo chmod 640 "${INSTALL_DIR}/config/${CONF_FILE}" || true
echo " -> Setting up log directory"
install -d -o netalertx -g www-data -m 777 ${INSTALL_DIR}/log/plugins
echo " -> Empty log"|tee ${INSTALL_DIR}/log/app.log \
touch /app/log/nginx_error.log
echo " -> Empty log"|tee ${INSTALL_DIR}/log/app.log \
${INSTALL_DIR}/log/app_front.log \
${INSTALL_DIR}/log/stdout.log
touch ${INSTALL_DIR}/log/stderr.log \
${INSTALL_DIR}/log/execution_queue.log
echo 0>${INSTALL_DIR}/log/db_is_locked.log
date +%s > /app/front/buildtimestamp.txt
killall python &>/dev/null
sleep 1
}
#
# start_services: start crond, PHP-FPM, nginx and the application
start_services() {
echo "[3/3] Starting services..."
killall nohup &>/dev/null || true
killall php-fpm83 &>/dev/null || true
killall crond &>/dev/null || true
# Give the OS a moment to release the php-fpm socket
sleep 0.3
echo " -> Starting CronD"
setsid nohup $CROND_BIN &>/dev/null &
echo " -> Starting PHP-FPM"
setsid nohup $PHP_FPM_BIN &>/dev/null &
sudo killall nginx &>/dev/null || true
# Wait for the previous nginx processes to exit and for the port to free up
tries=0
while ss -ltn | grep -q ":${PORT}[[:space:]]" && [ $tries -lt 10 ]; do
echo " -> Waiting for port ${PORT} to free..."
sleep 0.2
tries=$((tries+1))
${INSTALL_DIR}/log/execution_queue.log
echo 0 > ${INSTALL_DIR}/log/db_is_locked.log
for f in ${INSTALL_DIR}/log/*.log; do
sudo chown netalertx:www-data $f
sudo chmod 664 $f
echo "" > $f
done
sleep 0.2
echo " -> Starting Nginx"
setsid nohup $NGINX_BIN &>/dev/null &
echo " -> Starting Backend ${APP_DIR}/server..."
$APP_COMMAND
sleep 2
mkdir -p /app/log/plugins
sudo chown -R netalertx:www-data ${INSTALL_DIR}
while ps ax | grep -v grep | grep python3 > /dev/null; do
killall python3 &>/dev/null
sleep 0.2
done
}
# configure_php: configure PHP-FPM and enable dev debug options
configure_php() {
echo "[2/3] Configuring PHP-FPM..."
sudo killall php-fpm83 &>/dev/null || true
install -d -o nginx -g www-data /run/php/ &>/dev/null
sudo sed -i "/^;pid/c\pid = /run/php/php8.3-fpm.pid" /etc/php83/php-fpm.conf
sudo sed -i 's|^listen = .*|listen = 127.0.0.1:9000|' /etc/php83/php-fpm.d/www.conf
sudo sed -i 's|fastcgi_pass .*|fastcgi_pass 127.0.0.1:9000;|' /etc/nginx/http.d/*.conf
#increase max child process count to 10
sudo sed -i -e 's/pm.max_children = 5/pm.max_children = 10/' /etc/php83/php-fpm.d/www.conf
# find any line in php-fmp that starts with either ;error_log or error_log = and replace it with error_log = /app/log/app.php_errors.log
sudo sed -i '/^;*error_log\s*=/c\error_log = /app/log/app.php_errors.log' /etc/php83/php-fpm.conf
# If the line was not found, append it to the end of the file
if ! grep -q '^error_log\s*=' /etc/php83/php-fpm.conf; then
echo 'error_log = /app/log/app.php_errors.log' | sudo tee -a /etc/php83/php-fpm.conf
fi
sudo mkdir -p /etc/php83/conf.d
sudo cp /workspaces/NetAlertX/.devcontainer/resources/99-xdebug.ini /etc/php83/conf.d/99-xdebug.ini
sudo rm -R /var/log/php83 &>/dev/null || true
install -d -o netalertx -g www-data -m 755 var/log/php83;
sudo chmod 644 /etc/php83/conf.d/99-xdebug.ini || true
echo "[3/4] Configuring PHP-FPM..."
sudo chown -R netalertx:netalertx ${SYSTEM_SERVICES_RUN} 2>/dev/null || true
}
# (duplicate start_services removed)
# start_services: start crond, PHP-FPM, nginx and the application
start_services() {
echo "[4/4] Starting services"
sudo chmod +x /entrypoint.sh
setsid bash /entrypoint.sh&
sleep 1
}
echo "$(git rev-parse --short=8 HEAD)">/app/.VERSION
sudo chmod 755 /app/
echo "Development $(git rev-parse --short=8 HEAD)"| sudo tee /app/.VERSION
# Run the main function
main
# create a services readme file
echo "This folder is auto-generated by the container and devcontainer setup.sh script." > /services/README.md
echo "Any changes here will be lost on rebuild. To make permanent changes, edit files in .devcontainer or production filesystem and rebuild the container." >> /services/README.md
echo "Only make temporary/test changes in this folder, then perform a rebuild to reset." >> /services/README.md

40
.devcontainer/scripts/stream-logs.sh
View File

@@ -1,40 +0,0 @@
#!/bin/sh
# Stream NetAlertX logs to stdout so the Dev Containers output channel shows them.
# This script waits briefly for the files to appear and then tails them with -F.
LOG_FILES="/app/log/app.log /app/log/db_is_locked.log /app/log/execution_queue.log /app/log/app_front.log /app/log/app.php_errors.log /app/log/IP_changes.log /app/stderr.log /app/stdout.log"
wait_for_files() {
# Wait up to ~10s for at least one of the files to exist
attempts=0
while [ $attempts -lt 20 ]; do
for f in $LOG_FILES; do
if [ -f "$f" ]; then
return 0
fi
done
attempts=$((attempts+1))
sleep 0.5
done
return 1
}
if wait_for_files; then
echo "Starting log stream for:"
for f in $LOG_FILES; do
[ -f "$f" ] && echo " $f"
done
# Use tail -F where available. If tail -F isn't supported, tail -f is used as fallback.
# Some minimal images may have busybox tail without -F; this handles both.
if tail --version >/dev/null 2>&1; then
# GNU tail supports -F
tail -n +1 -F $LOG_FILES
else
# Fallback to -f for busybox; will exit if files rotate or do not exist initially
tail -n +1 -f $LOG_FILES
fi
else
echo "No log files appeared after wait; exiting stream script."
exit 0
fi

11
.devcontainer/xdebug-trigger.ini
View File

@@ -1,11 +0,0 @@
zend_extension=xdebug.so
xdebug.mode=debug
xdebug.start_with_request=trigger
xdebug.trigger_value=VSCODE
xdebug.client_host=host.docker.internal
xdebug.client_port=9003
xdebug.log=/var/log/xdebug.log
xdebug.log_level=7
xdebug.idekey=VSCODE
xdebug.discover_client_host=true
xdebug.max_nesting_level=512

1
.dockerignore
View File

@@ -2,7 +2,6 @@
.env
.git
.github
.gitignore
docker-compose.yml
Dockerfile
Dockerfile.debian

24
.github/copilot-instructions.md vendored
View File

@@ -1,6 +1,7 @@
This is NetAlertX — network monitoring & alerting.
# NetAlertX AI Assistant Instructions
This is NetAlertX — network monitoring & alerting. NetAlertX provides Network inventory, awareness, insight, categorization, intruder and presence detection. This is a heavily community-driven project, welcoming of all contributions.
Purpose: Guide AI assistants to follow NetAlertX architecture, conventions, and safety practices. Be concise, opinionated, and prefer existing helpers/settings over new code or hardcoded values.
You are expected to be concise, opinionated, and biased toward security and simplicity.
## Architecture (what runs where)
- Backend (Python): main loop + GraphQL/REST endpoints orchestrate scans, plugins, workflows, notifications, and JSON export.
@@ -29,9 +30,9 @@ Backend loop phases (see `server/__main__.py` and `server/plugin.py`): `once`, `
* other: Miscellaneous plugins. Runs at various times. Data source: self / Template.
### Plugin logging & outputs
- Always log via `mylog()` like other plugins do (no `print()`). Example: `mylog('verbose', [f'[{pluginName}] In script'])`.
- Use logging as shown in other plugins.
- Collect results with `Plugin_Objects.add_object(...)` during processing and call `plugin_objects.write_result_file()` exactly once at the end of the script.
- Prefer to log a brief summary before writing (e.g., total objects added) to aid troubleshooting; keep logs concise at `verbose` level unless debugging.
- Prefer to log a brief summary before writing (e.g., total objects added) to aid troubleshooting; keep logs concise at `info` level and use `verbose` or `debug` for extra context.
- Do not write adhoc files for results; the only consumable output is `last_result.<PREF>.log` generated by `Plugin_Objects`.
## API/Endpoints quick map
@@ -58,5 +59,16 @@ Backend loop phases (see `server/__main__.py` and `server/plugin.py`): `once`, `
- Docs: `docs/PLUGINS_DEV.md`, `docs/SETTINGS_SYSTEM.md`, `docs/API_*.md`, `docs/DEBUG_*.md`
- Logs: backend `/app/log/app.log`, plugin logs under `/app/log/plugins/`, nginx/php logs under `/var/log/*`
Assistant expectations
- Reference concrete files/paths. Use existing helpers/settings. Keep changes idempotent and safe. Offer a quick validation step (log line, API hit, or JSON export) for anything you add.
## Assistant expectations:
- Be concise, opinionated, and biased toward security and simplicity.
- Reference concrete files/paths/environmental variables.
- Use existing helpers/settings.
- Offer a quick validation step (log line, API hit, or JSON export) for anything you add.
- Be blunt about risks and when you offer suggestions ensure they're also blunt,
- Ask for confirmation before making changes that run code or change multiple files.
- Make statements actionable and specific; propose exact edits.
- Request confirmation before applying changes that affect more than a single, clearly scoped line or file.
- Ask the user to debug something for an actionable value if you're unsure.
- Be sure to offer choices when appropriate.
- Always understand the intent of the user's request and undo/redo as needed.
- Above all, use the simplest possible code that meets the need so it can be easily audited and maintained.

10
.gitignore vendored
View File

@@ -1,6 +1,15 @@
.vscode
.dotnet
.vscode-server
.gitconfig
.*CommandMarker
deviceid
.DS_Store
.cache
nohup.out
config/*
.ash_history
.VERSION
config/pialert.conf
config/app.conf
db/*
@@ -8,6 +17,7 @@ db/pialert.db
db/app.db
front/log/*
/log/*
/log/plugins/*
front/api/*
/api/*
**/plugins/**/*.log

23
.venv_import_check.py Executable file
View File

@@ -0,0 +1,23 @@
import sys, importlib
mods = [
'json', 'simplejson',
'httplib', 'http.client',
'urllib2', 'urllib.request',
'Queue', 'queue',
'cStringIO', 'StringIO', 'io',
'md5', 'hashlib',
'ssl'
]
print('PYTHON_EXE:' + sys.executable)
print('PYTHON_VER:' + sys.version.replace('\n', ' '))
for m in mods:
try:
mod = importlib.import_module(m)
ver = getattr(mod, '__version__', None)
if ver is None:
# try common attributes
ver = getattr(mod, 'version', None)
info = (' version=' + str(ver)) if ver is not None else ''
print('OK %s%s' % (m, info))
except Exception as e:
print('MISSING %s %s: %s' % (m, e.__class__.__name__, e))

10
.vscode/settings.json vendored
View File

@@ -10,4 +10,14 @@
"python.defaultInterpreterPath": "/opt/venv/bin/python",
// Let the Python extension invoke pytest via the interpreter; avoid hardcoded paths
// Removed python.testing.pytestPath and legacy pytest.command overrides
"terminal.integrated.defaultProfile.linux": "fish",
"terminal.integrated.profiles.linux": {
"fish": {
"path": "/usr/bin/fish"
}
}
,
// Fallback for older VS Code versions or schema validators that don't accept custom profiles
"terminal.integrated.shell.linux": "/usr/bin/fish"
}

98
.vscode/tasks.json vendored
View File

@@ -2,9 +2,9 @@
"version": "2.0.0",
"tasks": [
{
"label": "Generate Dockerfile",
"label": "[Any POSIX] Generate Devcontainer Configs",
"type": "shell",
"command": "${workspaceFolder:NetAlertX}/.devcontainer/scripts/generate-dockerfile.sh",
"command": ".devcontainer/scripts/generate-configs.sh",
"presentation": {
"echo": true,
"reveal": "always",
@@ -16,24 +16,45 @@
"kind": "build",
"isDefault": false
},
"options": {
"cwd": "${workspaceFolder:NetAlertX}"
},
"icon": {
"id": "tools",
"color": "terminal.ansiYellow"
}
},
{
"label": "Re-Run Startup Script",
"label": "[Any] Docker system and build Prune",
"type": "shell",
"command": "${workspaceFolder:NetAlertX}/.devcontainer/scripts/setup.sh",
"command": ".devcontainer/scripts/confirm-docker-prune.sh",
"presentation": {
"echo": true,
"reveal": "always",
"panel": "shared",
"showReuseMessage": false
},
"problemMatcher": [],
"group": {
"kind": "build",
"isDefault": false
},
"icon": {
"id": "trash",
"color": "terminal.ansiRed"
}
},
{
"label": "[Dev Container] Re-Run Startup Script",
"type": "shell",
"command": "./isDevContainer.sh || exit 1;/workspaces/NetAlertX/.devcontainer/scripts/setup.sh",
"options": {
"cwd": "/workspaces/NetAlertX/.devcontainer/scripts"
},
"presentation": {
"echo": true,
"reveal": "always",
"panel": "shared",
"showReuseMessage": false
},
"problemMatcher": [],
"icon": {
"id": "beaker",
@@ -41,9 +62,12 @@
}
},
{
"label": "Start Backend (Python)",
"label": "[Dev Container] Start Backend (Python)",
"type": "shell",
"command": "/workspaces/NetAlertX/.devcontainer/scripts/restart-backend.sh",
"command": "./isDevContainer.sh || exit 1; /services/start-backend.sh",
"options": {
"cwd": "/workspaces/NetAlertX/.devcontainer/scripts"
},
"presentation": {
"echo": true,
"reveal": "always",
@@ -58,9 +82,12 @@
}
},
{
"label": "Start Frontend (nginx and PHP-FPM)",
"label": "[Dev Container] Start CronD (Scheduler)",
"type": "shell",
"command": "killall php-fpm83 nginx 2>/dev/null || true; sleep 1; php-fpm83 & nginx",
"command": "./isDevContainer.sh || exit 1; /services/start-crond.sh",
"options": {
"cwd": "/workspaces/NetAlertX/.devcontainer/scripts"
},
"presentation": {
"echo": true,
"reveal": "always",
@@ -75,9 +102,33 @@
}
},
{
"label": "Stop Frontend & Backend Services",
"label": "[Dev Container] Start Frontend (nginx and PHP-FPM)",
"type": "shell",
"command": "pkill -f 'php-fpm83|nginx|crond|python3' || true",
"command": "./isDevContainer.sh || exit 1; /services/start-php-fpm.sh & /services/start-nginx.sh &",
"options": {
"cwd": "/workspaces/NetAlertX/.devcontainer/scripts"
},
"presentation": {
"echo": true,
"reveal": "always",
"panel": "shared",
"showReuseMessage": false,
"clear": false
},
"problemMatcher": [],
"icon": {
"id": "debug-restart",
"color": "terminal.ansiGreen"
}
},
{
"label": "[Dev Container] Stop Frontend & Backend Services",
"type": "shell",
"command": "./isDevContainer.sh || exit 1; pkill -f 'php-fpm83|nginx|crond|python3' || true",
"options": {
"cwd": "/workspaces/NetAlertX/.devcontainer/scripts"
},
"presentation": {
"echo": true,
"reveal": "always",
@@ -89,6 +140,25 @@
"id": "debug-stop",
"color": "terminal.ansiRed"
}
},
{
"label": "[Dev Container] List NetAlertX Ports",
"type": "shell",
"command": "list-ports.sh",
"options": {
"cwd": "/workspaces/NetAlertX/.devcontainer/scripts"
},
"presentation": {
"echo": true,
"reveal": "always",
"panel": "shared",
"showReuseMessage": false
},
"problemMatcher": [],
"icon": {
"id": "output",
"color": "terminal.ansiBlue"
}
}
]
}
}

210
Dockerfile
View File

@@ -1,63 +1,197 @@
# The NetAlertX Dockerfile has 3 stages:
#
# Stage 1. Builder - NetAlertX Requires special tools and packages to build our virtual environment, but
# which are not needed in future stages. We build the builder and extract the venv for runner to use as
# a base.
#
# Stage 2. Runner builds the bare minimum requirements to create an operational NetAlertX. The primary
# reason for breaking at this stage is it leaves the system in a proper state for devcontainer operation
# This image also provides a break-out point for uses who wish to execute the anti-pattern of using a
# docker container as a VM for experimentation and various development patterns.
#
# Stage 3. Hardened removes root, sudoers, folders, permissions, and locks the system down into a read-only
# compatible image. While NetAlertX does require some read-write operations, this image can guarantee the
# code pushed out by the project is the only code which will run on the system after each container restart.
# It reduces the chance of system hijacking and operates with all modern security protocols in place as is
# expected from a security appliance.
#
# This file can be built with `docker-compose -f docker-compose.yml up --build --force-recreate`
FROM alpine:3.22 AS builder
ARG INSTALL_DIR=/app
ENV PYTHONUNBUFFERED=1
ENV PATH="/opt/venv/bin:$PATH"
# Install build dependencies
COPY requirements.txt /tmp/requirements.txt
RUN apk add --no-cache bash shadow python3 python3-dev gcc musl-dev libffi-dev openssl-dev git \
&& python -m venv /opt/venv
# Enable venv
ENV PATH="/opt/venv/bin:$PATH"
# Create virtual environment owned by root, but readable by everyone else. This makes it easy to copy
# into hardened stage without worrying about permissions and keeps image size small. Keeping the commands
# together makes for a slightly smaller image size.
RUN pip install -r /tmp/requirements.txt && \
chmod -R u-rwx,g-rwx /opt
COPY . ${INSTALL_DIR}/
RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git \
&& bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
&& bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
&& bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py' -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"
# Append Iliadbox certificate to aiofreepybox
RUN cat ${INSTALL_DIR}/install/freebox_certificate.pem >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem
# second stage
# second stage is the main runtime stage with just the minimum required to run the application
# The runner is used for both devcontainer, and as a base for the hardened stage.
FROM alpine:3.22 AS runner
ARG INSTALL_DIR=/app
COPY --from=builder /opt/venv /opt/venv
COPY --from=builder /usr/sbin/usermod /usr/sbin/groupmod /usr/sbin/
# NetAlertX app directories
ENV NETALERTX_APP=${INSTALL_DIR}
ENV NETALERTX_CONFIG=${NETALERTX_APP}/config
ENV NETALERTX_FRONT=${NETALERTX_APP}/front
ENV NETALERTX_SERVER=${NETALERTX_APP}/server
ENV NETALERTX_API=${NETALERTX_APP}/api
ENV NETALERTX_DB=${NETALERTX_APP}/db
ENV NETALERTX_DB_FILE=${NETALERTX_DB}/app.db
ENV NETALERTX_BACK=${NETALERTX_APP}/back
ENV NETALERTX_LOG=${NETALERTX_APP}/log
ENV NETALERTX_PLUGINS_LOG=${NETALERTX_LOG}/plugins
ENV NETALERTX_CONFIG_FILE=${NETALERTX_CONFIG}/app.conf
# Enable venv
ENV PATH="/opt/venv/bin:$PATH"
# NetAlertX log files
ENV LOG_IP_CHANGES=${NETALERTX_LOG}/IP_changes.log
ENV LOG_APP=${NETALERTX_LOG}/app.log
ENV LOG_APP_FRONT=${NETALERTX_LOG}/app_front.log
ENV LOG_REPORT_OUTPUT_TXT=${NETALERTX_LOG}/report_output.txt
ENV LOG_DB_IS_LOCKED=${NETALERTX_LOG}/db_is_locked.log
ENV LOG_REPORT_OUTPUT_HTML=${NETALERTX_LOG}/report_output.html
ENV LOG_STDERR=${NETALERTX_LOG}/stderr.log
ENV LOG_APP_PHP_ERRORS=${NETALERTX_LOG}/app.php_errors.log
ENV LOG_EXECUTION_QUEUE=${NETALERTX_LOG}/execution_queue.log
ENV LOG_REPORT_OUTPUT_JSON=${NETALERTX_LOG}/report_output.json
ENV LOG_STDOUT=${NETALERTX_LOG}/stdout.log
ENV LOG_CROND=${NETALERTX_LOG}/crond.log
# default port and listen address
ENV PORT=20211 LISTEN_ADDR=0.0.0.0
# System Services configuration files
ENV SYSTEM_SERVICES=/services
ENV SYSTEM_SERVICES_SCRIPTS=${SYSTEM_SERVICES}/scripts
ENV SYSTEM_SERVICES_CONFIG=${SYSTEM_SERVICES}/config
ENV SYSTEM_NGINX_CONFIG=${SYSTEM_SERVICES_CONFIG}/nginx
ENV SYSTEM_NGINX_CONFIG_FILE=${SYSTEM_NGINX_CONFIG}/nginx.conf
ENV SYSTEM_SERVICES_PHP_FOLDER=${SYSTEM_SERVICES_CONFIG}/php
ENV SYSTEM_SERVICES_PHP_FPM_D=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.d
ENV SYSTEM_SERVICES_CROND=${SYSTEM_SERVICES_CONFIG}/crond
ENV SYSTEM_SERVICES_RUN=${SYSTEM_SERVICES}/run
ENV SYSTEM_SERVICES_RUN_TMP=${SYSTEM_SERVICES_RUN}/tmp
ENV SYSTEM_SERVICES_RUN_LOG=${SYSTEM_SERVICES_RUN}/logs
ENV PHP_FPM_CONFIG_FILE=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.conf
ENV READ_ONLY_FOLDERS="${NETALERTX_BACK} ${NETALERTX_FRONT} ${NETALERTX_SERVER} ${SYSTEM_SERVICES} \
${SYSTEM_SERVICES_CONFIG}"
ENV READ_WRITE_FOLDERS="${NETALERTX_CONFIG} ${NETALERTX_DB} ${NETALERTX_API} ${NETALERTX_LOG} \
${NETALERTX_PLUGINS_LOG} ${SYSTEM_SERVICES_RUN} ${SYSTEM_SERVICES_RUN_TMP} \
${SYSTEM_SERVICES_RUN_LOG}"
# needed for s6-overlay
ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
#Python environment
ENV PYTHONUNBUFFERED=1
ENV VIRTUAL_ENV=/opt/venv
ENV VIRTUAL_ENV_BIN=/opt/venv/bin
ENV PYTHONPATH=${NETALERTX_APP}:${NETALERTX_SERVER}:${VIRTUAL_ENV}/lib/python3.12/site-packages
ENV PATH="${SYSTEM_SERVICES}:${VIRTUAL_ENV_BIN}:$PATH"
# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.sh file as well ❗
# App Environment
ENV LISTEN_ADDR=0.0.0.0
ENV PORT=20211
ENV NETALERTX_DEBUG=0
ENV VENDORSPATH=/app/back/ieee-oui.txt
ENV VENDORSPATH_NEWEST=/services/run/tmp/ieee-oui.txt
ENV ENVIRONMENT=alpine
ENV READ_ONLY_USER=readonly READ_ONLY_GROUP=readonly
ENV NETALERTX_USER=netalertx NETALERTX_GROUP=netalertx
ENV LANG=C.UTF-8
RUN apk update --no-cache \
&& apk add --no-cache bash libbsd zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
&& apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates \
&& apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
&& apk add --no-cache python3 nginx \
&& ln -s /usr/bin/awake /usr/bin/wakeonlan \
&& bash -c "install -d -m 750 -o nginx -g www-data ${INSTALL_DIR} ${INSTALL_DIR}" \
&& rm -f /etc/nginx/http.d/default.conf
COPY --from=builder --chown=nginx:www-data ${INSTALL_DIR}/ ${INSTALL_DIR}/
RUN apk add --no-cache bash mtr libbsd zip lsblk tzdata curl arp-scan iproute2 iproute2-ss nmap \
nmap-scripts traceroute nbtscan net-tools net-snmp-tools bind-tools awake ca-certificates \
sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session python3 envsubst \
nginx shadow && \
rm -Rf /var/cache/apk/* && \
rm -Rf /etc/nginx && \
addgroup -g 20211 ${NETALERTX_GROUP} && \
adduser -u 20211 -D -h ${NETALERTX_APP} -G ${NETALERTX_GROUP} ${NETALERTX_USER} && \
apk del shadow
# Add crontab file
COPY --chmod=600 --chown=root:root install/crontab /etc/crontabs/root
# Start all required services
RUN ${INSTALL_DIR}/dockerfiles/start.sh
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=2 \
CMD curl -sf -o /dev/null ${LISTEN_ADDR}:${PORT}/php/server/query_json.php?file=app_state.json
# Install application, copy files, set permissions
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} install/production-filesystem/ /
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 back ${NETALERTX_BACK}
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 front ${NETALERTX_FRONT}
COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 server ${NETALERTX_SERVER}
RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 755 ${NETALERTX_API} \
${NETALERTX_LOG} ${SYSTEM_SERVICES_RUN_TMP} ${SYSTEM_SERVICES_RUN_LOG} && \
sh -c "find ${NETALERTX_APP} -type f \( -name '*.sh' -o -name 'speedtest-cli' \) \
-exec chmod 750 {} \;"
# Copy the virtualenv from the builder stage
COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
# Initialize each service with the dockerfiles/init-*.sh scripts, once.
# This is done after the copy of the venv to ensure the venv is in place
# although it may be quicker to do it before the copy, it keeps the image
# layers smaller to do it after.
RUN apk add libcap && \
setcap cap_net_raw+ep /bin/busybox && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \
setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nbtscan && \
setcap cap_net_raw,cap_net_admin+eip /usr/bin/traceroute && \
setcap cap_net_raw,cap_net_admin+eip $(readlink -f ${VIRTUAL_ENV_BIN}/python) && \
/bin/sh /build/init-nginx.sh && \
/bin/sh /build/init-php-fpm.sh && \
/bin/sh /build/init-crond.sh && \
/bin/sh /build/init-backend.sh && \
rm -rf /build && \
apk del libcap && \
date +%s > ${NETALERTX_FRONT}/buildtimestamp.txt
ENTRYPOINT ["/bin/sh","/entrypoint.sh"]
# Final hardened stage to improve security by setting least possible permissions and removing sudo access.
# When complete, if the image is compromised, there's not much that can be done with it.
# This stage is separate from Runner stage so that devcontainer can use the Runner stage.
FROM runner AS hardened
ENV UMASK=0077
# Create readonly user and group with no shell access.
# Readonly user marks folders that are created by NetAlertX, but should not be modified.
# AI may claim this is stupid, but it's actually least possible permissions as
# read-only user cannot login, cannot sudo, has no write permission, and cannot even
# read the files it owns. The read-only user is ownership-as-a-lock hardening pattern.
RUN addgroup -g 20212 ${READ_ONLY_GROUP} && \
adduser -u 20212 -G ${READ_ONLY_GROUP} -D -h /app ${READ_ONLY_USER}
# reduce permissions to minimum necessary for all NetAlertX files and folders
# Permissions 005 and 004 are not typos, they enable read-only. Everyone can
# read the read-only files, and nobody can write to them, even the readonly user.
RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
chmod -R 004 ${READ_ONLY_FOLDERS} && \
find ${READ_ONLY_FOLDERS} -type d -exec chmod 005 {} + && \
install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FOLDERS} && \
chown -R ${NETALERTX_USER}:${NETALERTX_GROUP} ${READ_WRITE_FOLDERS} && \
chmod -R 600 ${READ_WRITE_FOLDERS} && \
find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
apk del apk-tools && \
rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
/lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \
/srv /media && \
sed -i "/^\(${READ_ONLY_USER}\|${NETALERTX_USER}\):/!d" /etc/passwd && \
sed -i "/^\(${READ_ONLY_GROUP}\|${NETALERTX_GROUP}\):/!d" /etc/group && \
echo -ne '#!/bin/sh\n"$@"\n' > /usr/bin/sudo && chmod +x /usr/bin/sudo
USER netalertx
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD /services/healthcheck.sh
ENTRYPOINT ["/init"]

166
Dockerfile.debian
View File

@@ -1,53 +1,169 @@
# Warning - use of this unhardened image is not recommended for production use.
# This image is provided for backward compatibility, development and testing purposes only.
# For production use, please use the hardened image built with Alpine. This image attempts to
# treat a container as an operating system, which is an anti-pattern and a common source of
# security issues.
#
# The default Dockerfile/docker-compose image contains the following security improvements
# over the Debian image:
# - read-only filesystem
# - no sudo access
# - least possible permissions on all files and folders
# - Root user has all permissions revoked and is unused
# - Secure umask applied so files are owner-only by default
# - non-privileged user runs the application
# - no shell access for non-privileged users
# - no unnecessary packages or services
# - reduced capabilities
# - tmpfs for writable folders
# - healthcheck
# - no package managers
# - no compilers or build tools
# - no systemd, uses lightweight init system
# - no persistent storage except for config and db volumes
# - minimal image size due to segmented build stages
# - minimal base image (Alpine Linux)
# - minimal python environment (venv, no pip)
# - minimal stripped web server
# - minimal stripped php environment
# - minimal services (nginx, php-fpm, crond, no unnecessary services or service managers)
# - minimal users and groups (netalertx and readonly only, no others)
# - minimal permissions (read-only for most files and folders, write-only for necessary folders)
# - minimal capabilities (NET_ADMIN and NET_RAW only, no others)
# - minimal environment variables (only necessary ones, no others)
# - minimal entrypoint (only necessary commands, no others)
# - Uses the same base image as the development environmnment (Alpine Linux)
# - Uses the same services as the development environment (nginx, php-fpm, crond)
# - Uses the same environment variables as the development environment (only necessary ones, no others)
# - Uses the same file and folder structure as the development environment (only necessary ones, no others)
# NetAlertX is designed to be run as an unattended network security monitoring appliance, which means it
# should be able to operate without human intervention. Overall, the hardened image is designed to be as
# secure as possible while still being functional and is recommended because you cannot attack a surface
# that isn't there.
FROM debian:bookworm-slim
# default UID and GID
ENV USER=pi USER_ID=1000 USER_GID=1000 PORT=20211
#TZ=Europe/London
# NetAlertX app directories
ENV INSTALL_DIR=/app
ENV NETALERTX_APP=${INSTALL_DIR}
ENV NETALERTX_CONFIG=${NETALERTX_APP}/config
ENV NETALERTX_FRONT=${NETALERTX_APP}/front
ENV NETALERTX_SERVER=${NETALERTX_APP}/server
ENV NETALERTX_API=${NETALERTX_APP}/api
ENV NETALERTX_DB=${NETALERTX_APP}/db
ENV NETALERTX_DB_FILE=${NETALERTX_DB}/app.db
ENV NETALERTX_BACK=${NETALERTX_APP}/back
ENV NETALERTX_LOG=${NETALERTX_APP}/log
ENV NETALERTX_PLUGINS_LOG=${NETALERTX_LOG}/plugins
# NetAlertX log files
ENV LOG_IP_CHANGES=${NETALERTX_LOG}/IP_changes.log
ENV LOG_APP=${NETALERTX_LOG}/app.log
ENV LOG_APP_FRONT=${NETALERTX_LOG}/app_front.log
ENV LOG_REPORT_OUTPUT_TXT=${NETALERTX_LOG}/report_output.txt
ENV LOG_DB_IS_LOCKED=${NETALERTX_LOG}/db_is_locked.log
ENV LOG_REPORT_OUTPUT_HTML=${NETALERTX_LOG}/report_output.html
ENV LOG_STDERR=${NETALERTX_LOG}/stderr.log
ENV LOG_APP_PHP_ERRORS=${NETALERTX_LOG}/app.php_errors.log
ENV LOG_EXECUTION_QUEUE=${NETALERTX_LOG}/execution_queue.log
ENV LOG_REPORT_OUTPUT_JSON=${NETALERTX_LOG}/report_output.json
ENV LOG_STDOUT=${NETALERTX_LOG}/stdout.log
ENV LOG_CROND=${NETALERTX_LOG}/crond.log
# System Services configuration files
ENV SYSTEM_SERVICES=/services
ENV SYSTEM_SERVICES_CONFIG=${SYSTEM_SERVICES}/config
ENV SYSTEM_NGINIX_CONFIG=${SYSTEM_SERVICES_CONFIG}/nginx
ENV SYSTEM_NGINX_CONFIG_FILE=${SYSTEM_NGINIX_CONFIG}/nginx.conf
ENV NETALERTX_CONFIG_FILE=${NETALERTX_CONFIG}/app.conf
ENV SYSTEM_SERVICES_PHP_FOLDER=${SYSTEM_SERVICES_CONFIG}/php
ENV SYSTEM_SERVICES_PHP_FPM_D=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.d
ENV SYSTEM_SERVICES_CROND=${SYSTEM_SERVICES_CONFIG}/crond
ENV SYSTEM_SERVICES_RUN=${SYSTEM_SERVICES}/run
ENV SYSTEM_SERVICES_RUN_TMP=${SYSTEM_SERVICES_RUN}/tmp
ENV SYSTEM_SERVICES_RUN_LOG=${SYSTEM_SERVICES_RUN}/logs
ENV PHP_FPM_CONFIG_FILE=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.conf
#Python environment
ENV PYTHONPATH=${NETALERTX_SERVER}
ENV PYTHONUNBUFFERED=1
ENV VIRTUAL_ENV=/opt/venv
ENV VIRTUAL_ENV_BIN=/opt/venv/bin
ENV PATH="${VIRTUAL_ENV}/bin:${PATH}:/services"
ENV VENDORSPATH=/app/back/ieee-oui.txt
ENV VENDORSPATH_NEWEST=/services/run/tmp/ieee-oui.txt
# App Environment
ENV LISTEN_ADDR=0.0.0.0
ENV PORT=20211
ENV NETALERTX_DEBUG=0
#Container environment
ENV ENVIRONMENT=debian
ENV USER=netalertx
ENV USER_ID=1000
ENV USER_GID=1000
# Todo, figure out why using a workdir instead of full paths don't work
# Todo, do we still need all these packages? I can already see sudo which isn't needed
RUN apt-get update
RUN apt-get install sudo -y
ARG INSTALL_DIR=/app
# create pi user and group
# add root and www-data to pi group so they can r/w files and db
RUN groupadd --gid "${USER_GID}" "${USER}" && \
useradd \
--uid ${USER_ID} \
--gid ${USER_GID} \
--create-home \
--shell /bin/bash \
${USER} && \
--uid ${USER_ID} \
--gid ${USER_GID} \
--create-home \
--shell /bin/bash \
${USER} && \
usermod -a -G ${USER_GID} root && \
usermod -a -G ${USER_GID} www-data
COPY --chmod=775 --chown=${USER_ID}:${USER_GID} install/production-filesystem/ /
COPY --chmod=775 --chown=${USER_ID}:${USER_GID} . ${INSTALL_DIR}/
# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.debian.sh file as well ❗
RUN apt update && apt-get install -y \
tini snmp ca-certificates curl libwww-perl arp-scan sudo gettext-base \
nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools \
python3 python3-dev iproute2 nmap python3-pip zip git systemctl usbutils traceroute nbtscan openrc \
busybox nginx nginx-core mtr python3-venv
RUN apt-get install -y \
tini snmp ca-certificates curl libwww-perl arp-scan perl apt-utils cron sudo \
nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools php-openssl \
python3 python3-dev iproute2 nmap python3-pip zip systemctl usbutils traceroute nbtscan avahi avahi-tools openrc dbus
# Alternate dependencies
RUN apt-get install nginx nginx-core mtr php-fpm php8.2-fpm php-cli php8.2 php8.2-sqlite3 -y
RUN phpenmod -v 8.2 sqlite3
# While php8.3 is in debian bookworm repos, php-fpm is not included so we need to add sury.org repo
# (Ondřej Surý maintains php packages for debian. This is temp until debian includes php-fpm in their
# repos. Likely it will be in Debian Trixie.). This keeps the image up-to-date with the alpine version.
RUN apt-get install -y --no-install-recommends \
apt-transport-https \
ca-certificates \
lsb-release \
wget && \
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list && \
apt-get update && \
apt-get install -y php8.3-fpm php8.3-cli php8.3-sqlite3 php8.3-common php8.3-curl php8.3-cgi && \
ln -s /usr/sbin/php-fpm8.3 /usr/sbin/php-fpm83 # make it compatible with alpine version
# Setup virtual python environment and use pip3 to install packages
RUN apt-get install -y python3-venv
RUN python3 -m venv myenv
RUN python3 -m venv ${VIRTUAL_ENV} && \
/bin/bash -c "source ${VIRTUAL_ENV_BIN}/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install -r ${INSTALL_DIR}/requirements.txt"
# Configure php-fpm
RUN chmod -R 755 /services && \
chown -R ${USER}:${USER_GID} /services && \
sed -i 's/^;listen.mode = .*/listen.mode = 0666/' ${SYSTEM_SERVICES_PHP_FPM_D}/www.conf && \
printf "user = %s\ngroup = %s\n" "${USER}" "${USER_GID}" >> /services/config/php/php-fpm.d/www.conf
RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag "
# Create a buildtimestamp.txt to later check if a new version was released
RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt
CMD ["${INSTALL_DIR}/install/start.debian.sh"]
USER netalertx:netalertx
ENTRYPOINT ["/bin/bash","/entrypoint.sh"]

411
back/app.sql Executable file
View File

@@ -0,0 +1,411 @@
CREATE TABLE sqlite_stat1(tbl,idx,stat);
CREATE TABLE Events (eve_MAC STRING (50) NOT NULL COLLATE NOCASE, eve_IP STRING (50) NOT NULL COLLATE NOCASE, eve_DateTime DATETIME NOT NULL, eve_EventType STRING (30) NOT NULL COLLATE NOCASE, eve_AdditionalInfo STRING (250) DEFAULT (''), eve_PendingAlertEmail BOOLEAN NOT NULL CHECK (eve_PendingAlertEmail IN (0, 1)) DEFAULT (1), eve_PairEventRowid INTEGER);
CREATE TABLE Sessions (ses_MAC STRING (50) COLLATE NOCASE, ses_IP STRING (50) COLLATE NOCASE, ses_EventTypeConnection STRING (30) COLLATE NOCASE, ses_DateTimeConnection DATETIME, ses_EventTypeDisconnection STRING (30) COLLATE NOCASE, ses_DateTimeDisconnection DATETIME, ses_StillConnected BOOLEAN, ses_AdditionalInfo STRING (250));
CREATE TABLE IF NOT EXISTS "Online_History" (
"Index" INTEGER,
"Scan_Date" TEXT,
"Online_Devices" INTEGER,
"Down_Devices" INTEGER,
"All_Devices" INTEGER,
"Archived_Devices" INTEGER,
"Offline_Devices" INTEGER,
PRIMARY KEY("Index" AUTOINCREMENT)
);
CREATE TABLE sqlite_sequence(name,seq);
CREATE TABLE Devices (
devMac STRING (50) PRIMARY KEY NOT NULL COLLATE NOCASE,
devName STRING (50) NOT NULL DEFAULT "(unknown)",
devOwner STRING (30) DEFAULT "(unknown)" NOT NULL,
devType STRING (30),
devVendor STRING (250),
devFavorite BOOLEAN CHECK (devFavorite IN (0, 1)) DEFAULT (0) NOT NULL,
devGroup STRING (10),
devComments TEXT,
devFirstConnection DATETIME NOT NULL,
devLastConnection DATETIME NOT NULL,
devLastIP STRING (50) NOT NULL COLLATE NOCASE,
devStaticIP BOOLEAN DEFAULT (0) NOT NULL CHECK (devStaticIP IN (0, 1)),
devScan INTEGER DEFAULT (1) NOT NULL,
devLogEvents BOOLEAN NOT NULL DEFAULT (1) CHECK (devLogEvents IN (0, 1)),
devAlertEvents BOOLEAN NOT NULL DEFAULT (1) CHECK (devAlertEvents IN (0, 1)),
devAlertDown BOOLEAN NOT NULL DEFAULT (0) CHECK (devAlertDown IN (0, 1)),
devSkipRepeated INTEGER DEFAULT 0 NOT NULL,
devLastNotification DATETIME,
devPresentLastScan BOOLEAN NOT NULL DEFAULT (0) CHECK (devPresentLastScan IN (0, 1)),
devIsNew BOOLEAN NOT NULL DEFAULT (1) CHECK (devIsNew IN (0, 1)),
devLocation STRING (250) COLLATE NOCASE,
devIsArchived BOOLEAN NOT NULL DEFAULT (0) CHECK (devIsArchived IN (0, 1)),
devParentMAC TEXT,
devParentPort INTEGER,
devIcon TEXT,
devGUID TEXT,
devSite TEXT,
devSSID TEXT,
devSyncHubNode TEXT,
devSourcePlugin TEXT
, "devCustomProps" TEXT);
CREATE TABLE IF NOT EXISTS "Settings" (
"setKey" TEXT,
"setName" TEXT,
"setDescription" TEXT,
"setType" TEXT,
"setOptions" TEXT,
"setGroup" TEXT,
"setValue" TEXT,
"setEvents" TEXT,
"setOverriddenByEnv" INTEGER
);
CREATE TABLE IF NOT EXISTS "Parameters" (
"par_ID" TEXT PRIMARY KEY,
"par_Value" TEXT
);
CREATE TABLE Plugins_Objects(
"Index" INTEGER,
Plugin TEXT NOT NULL,
Object_PrimaryID TEXT NOT NULL,
Object_SecondaryID TEXT NOT NULL,
DateTimeCreated TEXT NOT NULL,
DateTimeChanged TEXT NOT NULL,
Watched_Value1 TEXT NOT NULL,
Watched_Value2 TEXT NOT NULL,
Watched_Value3 TEXT NOT NULL,
Watched_Value4 TEXT NOT NULL,
Status TEXT NOT NULL,
Extra TEXT NOT NULL,
UserData TEXT NOT NULL,
ForeignKey TEXT NOT NULL,
SyncHubNodeName TEXT,
"HelpVal1" TEXT,
"HelpVal2" TEXT,
"HelpVal3" TEXT,
"HelpVal4" TEXT,
ObjectGUID TEXT,
PRIMARY KEY("Index" AUTOINCREMENT)
);
CREATE TABLE Plugins_Events(
"Index" INTEGER,
Plugin TEXT NOT NULL,
Object_PrimaryID TEXT NOT NULL,
Object_SecondaryID TEXT NOT NULL,
DateTimeCreated TEXT NOT NULL,
DateTimeChanged TEXT NOT NULL,
Watched_Value1 TEXT NOT NULL,
Watched_Value2 TEXT NOT NULL,
Watched_Value3 TEXT NOT NULL,
Watched_Value4 TEXT NOT NULL,
Status TEXT NOT NULL,
Extra TEXT NOT NULL,
UserData TEXT NOT NULL,
ForeignKey TEXT NOT NULL,
SyncHubNodeName TEXT,
"HelpVal1" TEXT,
"HelpVal2" TEXT,
"HelpVal3" TEXT,
"HelpVal4" TEXT, "ObjectGUID" TEXT,
PRIMARY KEY("Index" AUTOINCREMENT)
);
CREATE TABLE Plugins_History(
"Index" INTEGER,
Plugin TEXT NOT NULL,
Object_PrimaryID TEXT NOT NULL,
Object_SecondaryID TEXT NOT NULL,
DateTimeCreated TEXT NOT NULL,
DateTimeChanged TEXT NOT NULL,
Watched_Value1 TEXT NOT NULL,
Watched_Value2 TEXT NOT NULL,
Watched_Value3 TEXT NOT NULL,
Watched_Value4 TEXT NOT NULL,
Status TEXT NOT NULL,
Extra TEXT NOT NULL,
UserData TEXT NOT NULL,
ForeignKey TEXT NOT NULL,
SyncHubNodeName TEXT,
"HelpVal1" TEXT,
"HelpVal2" TEXT,
"HelpVal3" TEXT,
"HelpVal4" TEXT, "ObjectGUID" TEXT,
PRIMARY KEY("Index" AUTOINCREMENT)
);
CREATE TABLE Plugins_Language_Strings(
"Index" INTEGER,
Language_Code TEXT NOT NULL,
String_Key TEXT NOT NULL,
String_Value TEXT NOT NULL,
Extra TEXT NOT NULL,
PRIMARY KEY("Index" AUTOINCREMENT)
);
CREATE TABLE CurrentScan (
cur_MAC STRING(50) NOT NULL COLLATE NOCASE,
cur_IP STRING(50) NOT NULL COLLATE NOCASE,
cur_Vendor STRING(250),
cur_ScanMethod STRING(10),
cur_Name STRING(250),
cur_LastQuery STRING(250),
cur_DateTime STRING(250),
cur_SyncHubNodeName STRING(50),
cur_NetworkSite STRING(250),
cur_SSID STRING(250),
cur_NetworkNodeMAC STRING(250),
cur_PORT STRING(250),
cur_Type STRING(250),
UNIQUE(cur_MAC)
);
CREATE TABLE IF NOT EXISTS "AppEvents" (
"Index" INTEGER PRIMARY KEY AUTOINCREMENT,
"GUID" TEXT UNIQUE,
"AppEventProcessed" BOOLEAN,
"DateTimeCreated" TEXT,
"ObjectType" TEXT,
"ObjectGUID" TEXT,
"ObjectPlugin" TEXT,
"ObjectPrimaryID" TEXT,
"ObjectSecondaryID" TEXT,
"ObjectForeignKey" TEXT,
"ObjectIndex" TEXT,
"ObjectIsNew" BOOLEAN,
"ObjectIsArchived" BOOLEAN,
"ObjectStatusColumn" TEXT,
"ObjectStatus" TEXT,
"AppEventType" TEXT,
"Helper1" TEXT,
"Helper2" TEXT,
"Helper3" TEXT,
"Extra" TEXT
);
CREATE TABLE IF NOT EXISTS "Notifications" (
"Index" INTEGER,
"GUID" TEXT UNIQUE,
"DateTimeCreated" TEXT,
"DateTimePushed" TEXT,
"Status" TEXT,
"JSON" TEXT,
"Text" TEXT,
"HTML" TEXT,
"PublishedVia" TEXT,
"Extra" TEXT,
PRIMARY KEY("Index" AUTOINCREMENT)
);
CREATE INDEX IDX_eve_DateTime ON Events (eve_DateTime);
CREATE INDEX IDX_eve_EventType ON Events (eve_EventType COLLATE NOCASE);
CREATE INDEX IDX_eve_MAC ON Events (eve_MAC COLLATE NOCASE);
CREATE INDEX IDX_eve_PairEventRowid ON Events (eve_PairEventRowid);
CREATE INDEX IDX_ses_EventTypeDisconnection ON Sessions (ses_EventTypeDisconnection COLLATE NOCASE);
CREATE INDEX IDX_ses_EventTypeConnection ON Sessions (ses_EventTypeConnection COLLATE NOCASE);
CREATE INDEX IDX_ses_DateTimeDisconnection ON Sessions (ses_DateTimeDisconnection);
CREATE INDEX IDX_ses_MAC ON Sessions (ses_MAC COLLATE NOCASE);
CREATE INDEX IDX_ses_DateTimeConnection ON Sessions (ses_DateTimeConnection);
CREATE INDEX IDX_dev_PresentLastScan ON Devices (devPresentLastScan);
CREATE INDEX IDX_dev_FirstConnection ON Devices (devFirstConnection);
CREATE INDEX IDX_dev_AlertDeviceDown ON Devices (devAlertDown);
CREATE INDEX IDX_dev_StaticIP ON Devices (devStaticIP);
CREATE INDEX IDX_dev_ScanCycle ON Devices (devScan);
CREATE INDEX IDX_dev_Favorite ON Devices (devFavorite);
CREATE INDEX IDX_dev_LastIP ON Devices (devLastIP);
CREATE INDEX IDX_dev_NewDevice ON Devices (devIsNew);
CREATE INDEX IDX_dev_Archived ON Devices (devIsArchived);
CREATE VIEW Events_Devices AS
SELECT *
FROM Events
LEFT JOIN Devices ON eve_MAC = devMac
/* Events_Devices(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */;
CREATE VIEW LatestEventsPerMAC AS
WITH RankedEvents AS (
SELECT
e.*,
ROW_NUMBER() OVER (PARTITION BY e.eve_MAC ORDER BY e.eve_DateTime DESC) AS row_num
FROM Events AS e
)
SELECT
e.*,
d.*,
c.*
FROM RankedEvents AS e
LEFT JOIN Devices AS d ON e.eve_MAC = d.devMac
INNER JOIN CurrentScan AS c ON e.eve_MAC = c.cur_MAC
WHERE e.row_num = 1
/* LatestEventsPerMAC(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,row_num,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps,cur_MAC,cur_IP,cur_Vendor,cur_ScanMethod,cur_Name,cur_LastQuery,cur_DateTime,cur_SyncHubNodeName,cur_NetworkSite,cur_SSID,cur_NetworkNodeMAC,cur_PORT,cur_Type) */;
CREATE VIEW Sessions_Devices AS SELECT * FROM Sessions LEFT JOIN "Devices" ON ses_MAC = devMac
/* Sessions_Devices(ses_MAC,ses_IP,ses_EventTypeConnection,ses_DateTimeConnection,ses_EventTypeDisconnection,ses_DateTimeDisconnection,ses_StillConnected,ses_AdditionalInfo,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */;
CREATE VIEW Convert_Events_to_Sessions AS SELECT EVE1.eve_MAC,
EVE1.eve_IP,
EVE1.eve_EventType AS eve_EventTypeConnection,
EVE1.eve_DateTime AS eve_DateTimeConnection,
CASE WHEN EVE2.eve_EventType IN ('Disconnected', 'Device Down') OR
EVE2.eve_EventType IS NULL THEN EVE2.eve_EventType ELSE '<missing event>' END AS eve_EventTypeDisconnection,
CASE WHEN EVE2.eve_EventType IN ('Disconnected', 'Device Down') THEN EVE2.eve_DateTime ELSE NULL END AS eve_DateTimeDisconnection,
CASE WHEN EVE2.eve_EventType IS NULL THEN 1 ELSE 0 END AS eve_StillConnected,
EVE1.eve_AdditionalInfo
FROM Events AS EVE1
LEFT JOIN
Events AS EVE2 ON EVE1.eve_PairEventRowID = EVE2.RowID
WHERE EVE1.eve_EventType IN ('New Device', 'Connected','Down Reconnected')
UNION
SELECT eve_MAC,
eve_IP,
'<missing event>' AS eve_EventTypeConnection,
NULL AS eve_DateTimeConnection,
eve_EventType AS eve_EventTypeDisconnection,
eve_DateTime AS eve_DateTimeDisconnection,
0 AS eve_StillConnected,
eve_AdditionalInfo
FROM Events AS EVE1
WHERE (eve_EventType = 'Device Down' OR
eve_EventType = 'Disconnected') AND
EVE1.eve_PairEventRowID IS NULL
/* Convert_Events_to_Sessions(eve_MAC,eve_IP,eve_EventTypeConnection,eve_DateTimeConnection,eve_EventTypeDisconnection,eve_DateTimeDisconnection,eve_StillConnected,eve_AdditionalInfo) */;
CREATE TRIGGER "trg_insert_devices"
AFTER INSERT ON "Devices"
WHEN NOT EXISTS (
SELECT 1 FROM AppEvents
WHERE AppEventProcessed = 0
AND ObjectType = 'Devices'
AND ObjectGUID = NEW.devGUID
AND ObjectStatus = CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END
AND AppEventType = 'insert'
)
BEGIN
INSERT INTO "AppEvents" (
"GUID",
"DateTimeCreated",
"AppEventProcessed",
"ObjectType",
"ObjectGUID",
"ObjectPrimaryID",
"ObjectSecondaryID",
"ObjectStatus",
"ObjectStatusColumn",
"ObjectIsNew",
"ObjectIsArchived",
"ObjectForeignKey",
"ObjectPlugin",
"AppEventType"
)
VALUES (
lower(
hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' ||
substr(hex( randomblob(2)), 2) || '-' ||
substr('AB89', 1 + (abs(random()) % 4) , 1) ||
substr(hex(randomblob(2)), 2) || '-' ||
hex(randomblob(6))
)
,
DATETIME('now'),
FALSE,
'Devices',
NEW.devGUID, -- ObjectGUID
NEW.devMac, -- ObjectPrimaryID
NEW.devLastIP, -- ObjectSecondaryID
CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus
'devPresentLastScan', -- ObjectStatusColumn
NEW.devIsNew, -- ObjectIsNew
NEW.devIsArchived, -- ObjectIsArchived
NEW.devGUID, -- ObjectForeignKey
'DEVICES', -- ObjectForeignKey
'insert'
);
END;
CREATE TRIGGER "trg_update_devices"
AFTER UPDATE ON "Devices"
WHEN NOT EXISTS (
SELECT 1 FROM AppEvents
WHERE AppEventProcessed = 0
AND ObjectType = 'Devices'
AND ObjectGUID = NEW.devGUID
AND ObjectStatus = CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END
AND AppEventType = 'update'
)
BEGIN
INSERT INTO "AppEvents" (
"GUID",
"DateTimeCreated",
"AppEventProcessed",
"ObjectType",
"ObjectGUID",
"ObjectPrimaryID",
"ObjectSecondaryID",
"ObjectStatus",
"ObjectStatusColumn",
"ObjectIsNew",
"ObjectIsArchived",
"ObjectForeignKey",
"ObjectPlugin",
"AppEventType"
)
VALUES (
lower(
hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' ||
substr(hex( randomblob(2)), 2) || '-' ||
substr('AB89', 1 + (abs(random()) % 4) , 1) ||
substr(hex(randomblob(2)), 2) || '-' ||
hex(randomblob(6))
)
,
DATETIME('now'),
FALSE,
'Devices',
NEW.devGUID, -- ObjectGUID
NEW.devMac, -- ObjectPrimaryID
NEW.devLastIP, -- ObjectSecondaryID
CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus
'devPresentLastScan', -- ObjectStatusColumn
NEW.devIsNew, -- ObjectIsNew
NEW.devIsArchived, -- ObjectIsArchived
NEW.devGUID, -- ObjectForeignKey
'DEVICES', -- ObjectForeignKey
'update'
);
END;
CREATE TRIGGER "trg_delete_devices"
AFTER DELETE ON "Devices"
WHEN NOT EXISTS (
SELECT 1 FROM AppEvents
WHERE AppEventProcessed = 0
AND ObjectType = 'Devices'
AND ObjectGUID = OLD.devGUID
AND ObjectStatus = CASE WHEN OLD.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END
AND AppEventType = 'delete'
)
BEGIN
INSERT INTO "AppEvents" (
"GUID",
"DateTimeCreated",
"AppEventProcessed",
"ObjectType",
"ObjectGUID",
"ObjectPrimaryID",
"ObjectSecondaryID",
"ObjectStatus",
"ObjectStatusColumn",
"ObjectIsNew",
"ObjectIsArchived",
"ObjectForeignKey",
"ObjectPlugin",
"AppEventType"
)
VALUES (
lower(
hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' ||
substr(hex( randomblob(2)), 2) || '-' ||
substr('AB89', 1 + (abs(random()) % 4) , 1) ||
substr(hex(randomblob(2)), 2) || '-' ||
hex(randomblob(6))
)
,
DATETIME('now'),
FALSE,
'Devices',
OLD.devGUID, -- ObjectGUID
OLD.devMac, -- ObjectPrimaryID
OLD.devLastIP, -- ObjectSecondaryID
CASE WHEN OLD.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus
'devPresentLastScan', -- ObjectStatusColumn
OLD.devIsNew, -- ObjectIsNew
OLD.devIsArchived, -- ObjectIsArchived
OLD.devGUID, -- ObjectForeignKey
'DEVICES', -- ObjectForeignKey
'delete'
);
END;

111367
back/ieee-oui.txt Executable file
View File

File diff suppressed because it is too large Load Diff

2013
back/speedtest-cli
View File

File diff suppressed because it is too large Load Diff

163
docker-compose.yml
View File

@@ -1,82 +1,89 @@
services:
netalertx:
privileged: true
network_mode: host # Use host networking for ARP scanning and other services
build:
dockerfile: Dockerfile
context: .
cache_from:
- type=registry,ref=docker.io/jokob-sk/netalertx:buildcache
container_name: netalertx
network_mode: host
# restart: unless-stopped
context: . # Build context is the current directory
dockerfile: Dockerfile # Specify the Dockerfile to use
image: netalertx:latest
container_name: netalertx # The name when you docker contiainer ls
read_only: true # Make the container filesystem read-only
cap_drop: # Drop all capabilities for enhanced security
- ALL
cap_add: # Add only the necessary capabilities
- NET_ADMIN # Required for ARP scanning
- NET_RAW # Required for raw socket operations
- NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan)
volumes:
# - ${APP_DATA_LOCATION}/netalertx_dev/config:/app/config
- ${APP_DATA_LOCATION}/netalertx/config:/app/config
# - ${APP_DATA_LOCATION}/netalertx_dev/db:/app/db
- ${APP_DATA_LOCATION}/netalertx/db:/app/db
# (optional) useful for debugging if you have issues setting up the container
- ${APP_DATA_LOCATION}/netalertx/log:/app/log
# (API: OPTION 1) use for performance
- type: tmpfs
target: /app/api
# (API: OPTION 2) use when debugging issues
# - ${DEV_LOCATION}/api:/app/api
# ---------------------------------------------------------------------------
# DELETE START anyone trying to use this file: comment out / delete BELOW lines, they are only for development purposes
- ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp1.leases:/mnt/dhcp1.leases # test data for DCPLSS plugin
- ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases # test data for DCPLSS plugin
- ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases # test data for DCPLSS plugin
- ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_2.leases:/etc/pihole/dhcp2.leases # test data for DCPLSS plugin
- ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.db # test data for PIHOLE plugin
- ${DEV_LOCATION}/mkdocs.yml:/app/mkdocs.yml
- ${DEV_LOCATION}/docs:/app/docs
- ${DEV_LOCATION}/server:/app/server
- ${DEV_LOCATION}/test:/app/test
- ${DEV_LOCATION}/dockerfiles:/app/dockerfiles
# - ${APP_DATA_LOCATION}/netalertx/php.ini:/etc/php/8.2/fpm/php.ini
- ${DEV_LOCATION}/install:/app/install
- ${DEV_LOCATION}/front/css:/app/front/css
- ${DEV_LOCATION}/front/img:/app/front/img
- ${DEV_LOCATION}/back/update_vendors.sh:/app/back/update_vendors.sh
- ${DEV_LOCATION}/front/lib:/app/front/lib
- ${DEV_LOCATION}/front/js:/app/front/js
- ${DEV_LOCATION}/front/php:/app/front/php
- ${DEV_LOCATION}/front/deviceDetails.php:/app/front/deviceDetails.php
- ${DEV_LOCATION}/front/deviceDetailsEdit.php:/app/front/deviceDetailsEdit.php
- ${DEV_LOCATION}/front/userNotifications.php:/app/front/userNotifications.php
- ${DEV_LOCATION}/front/deviceDetailsTools.php:/app/front/deviceDetailsTools.php
- ${DEV_LOCATION}/front/deviceDetailsPresence.php:/app/front/deviceDetailsPresence.php
- ${DEV_LOCATION}/front/deviceDetailsSessions.php:/app/front/deviceDetailsSessions.php
- ${DEV_LOCATION}/front/deviceDetailsEvents.php:/app/front/deviceDetailsEvents.php
- ${DEV_LOCATION}/front/devices.php:/app/front/devices.php
- ${DEV_LOCATION}/front/events.php:/app/front/events.php
- ${DEV_LOCATION}/front/plugins.php:/app/front/plugins.php
- ${DEV_LOCATION}/front/pluginsCore.php:/app/front/pluginsCore.php
- ${DEV_LOCATION}/front/index.php:/app/front/index.php
- ${DEV_LOCATION}/front/initCheck.php:/app/front/initCheck.php
- ${DEV_LOCATION}/front/maintenance.php:/app/front/maintenance.php
- ${DEV_LOCATION}/front/network.php:/app/front/network.php
- ${DEV_LOCATION}/front/presence.php:/app/front/presence.php
- ${DEV_LOCATION}/front/settings.php:/app/front/settings.php
- ${DEV_LOCATION}/front/systeminfo.php:/app/front/systeminfo.php
- ${DEV_LOCATION}/front/systeminfoNetwork.php:/app/front/systeminfoNetwork.php
- ${DEV_LOCATION}/front/systeminfoServer.php:/app/front/systeminfoServer.php
- ${DEV_LOCATION}/front/systeminfoStorage.php:/app/front/systeminfoStorage.php
- ${DEV_LOCATION}/front/cloud_services.php:/app/front/cloud_services.php
- ${DEV_LOCATION}/front/report.php:/app/front/report.php
- ${DEV_LOCATION}/front/workflows.php:/app/front/workflows.php
- ${DEV_LOCATION}/front/workflowsCore.php:/app/front/workflowsCore.php
- ${DEV_LOCATION}/front/appEvents.php:/app/front/appEvents.php
- ${DEV_LOCATION}/front/appEventsCore.php:/app/front/appEventsCore.php
- ${DEV_LOCATION}/front/multiEditCore.php:/app/front/multiEditCore.php
- ${DEV_LOCATION}/front/plugins:/app/front/plugins
# DELETE END anyone trying to use this file: comment out / delete ABOVE lines, they are only for development purposes
# ---------------------------------------------------------------------------
environment:
# - APP_CONF_OVERRIDE={"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","GRAPHQL_PORT":"20223","UI_theme":"Light"}
- TZ=${TZ}
- PORT=${PORT}
# ❗ DANGER ZONE BELOW - Setting ALWAYS_FRESH_INSTALL=true will delete the content of the /db & /config folders
- ALWAYS_FRESH_INSTALL=${ALWAYS_FRESH_INSTALL}
# - LOADED_PLUGINS=["DHCPLSS","PIHOLE","ASUSWRT","FREEBOX"]
- type: bind
source: ${APP_DATA_LOCATION}/netalertx/config
target: /app/config
read_only: false
- type: bind
source: ${APP_DATA_LOCATION}/netalertx/db
target: /app/db
read_only: false
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
# Retain logs - comment out tmpfs /app/log if you want to retain logs between container restarts
# - /path/on/host/log:/app/log
# Optional logs
# - type: bind
# source: ${LOGS_LOCATION}
# target: /app/log
# read_only: false
# Optional development mounts
- type: bind
source: ${DEV_LOCATION}
target: /app/front/plugins/custom
read_only: false
# Use a custom Enterprise-configured nginx config for ldap or other settings
# - /custom-enterprise.conf:/services/config/nginx/conf.active/netalertx.conf:ro
# Test your plugin on the production container
# - /path/on/host:/app/front/plugins/custom
# Tempfs mounts for writable directories in a read-only container and improve system performance
tmpfs:
# Speed up logging. This can be commented out to retain logs between container restarts
- "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# Speed up API access as frontend/backend API is very chatty
- "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,sync,noatime,nodiratime"
# Required for customization of the nginx listen addr/port without rebuilding the container
- "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# /services/config/nginx/conf.d is required for nginx and php to start
- "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# /tmp is required by php for session save this should be reworked to /services/run/tmp
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
environment:
LISTEN_ADDR: 0.0.0.0 # Listen for connections on all interfaces
PORT: ${PORT} # Application port
ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL} # Set to true to reset your config and database on each container start
NETALERTX_DEBUG: 0 # 0=kill all services and restart if any dies. 1 keeps running dead services.
TZ: ${TZ} # Timezone, e.g. Europe/Paris
# APP_CONF_OVERRIDE={"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","GRAPHQL_PORT":"20223","UI_theme":"Light"} # (optional) app.conf settings override
# LOADED_PLUGINS=["DHCPLSS","PIHOLE","ASUSWRT","FREEBOX"] # (optional) default plugins to load
# Resource limits to prevent resource exhaustion
mem_limit: 2048m
mem_reservation: 1024m
cpus: 4
pids_limit: 512
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
restart: unless-stopped
# volumes:
# netalertx_config:
# netalertx_db:

534
docker_build.log Executable file
View File

@@ -0,0 +1,534 @@
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 5.29kB done
#1 DONE 0.1s
#2 [auth] library/alpine:pull token for registry-1.docker.io
#2 DONE 0.0s
#3 [internal] load metadata for docker.io/library/alpine:3.22
#3 DONE 0.4s
#4 [internal] load .dockerignore
#4 transferring context: 216B done
#4 DONE 0.1s
#5 [builder 1/15] FROM docker.io/library/alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
#5 CACHED
#6 [internal] load build context
#6 transferring context: 36.76kB 0.0s done
#6 DONE 0.1s
#7 [builder 2/15] RUN apk add --no-cache bash shadow python3 python3-dev gcc musl-dev libffi-dev openssl-dev git && python -m venv /opt/venv
#7 0.443 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz
#7 0.688 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/x86_64/APKINDEX.tar.gz
#7 1.107 (1/52) Upgrading libcrypto3 (3.5.1-r0 -> 3.5.3-r0)
#7 1.358 (2/52) Upgrading libssl3 (3.5.1-r0 -> 3.5.3-r0)
#7 1.400 (3/52) Installing ncurses-terminfo-base (6.5_p20250503-r0)
#7 1.413 (4/52) Installing libncursesw (6.5_p20250503-r0)
#7 1.444 (5/52) Installing readline (8.2.13-r1)
#7 1.471 (6/52) Installing bash (5.2.37-r0)
#7 1.570 Executing bash-5.2.37-r0.post-install
#7 1.593 (7/52) Installing libgcc (14.2.0-r6)
#7 1.605 (8/52) Installing jansson (2.14.1-r0)
#7 1.613 (9/52) Installing libstdc++ (14.2.0-r6)
#7 1.705 (10/52) Installing zstd-libs (1.5.7-r0)
#7 1.751 (11/52) Installing binutils (2.44-r3)
#7 2.041 (12/52) Installing libgomp (14.2.0-r6)
#7 2.064 (13/52) Installing libatomic (14.2.0-r6)
#7 2.071 (14/52) Installing gmp (6.3.0-r3)
#7 2.097 (15/52) Installing isl26 (0.26-r1)
#7 2.183 (16/52) Installing mpfr4 (4.2.1_p1-r0)
#7 2.219 (17/52) Installing mpc1 (1.3.1-r1)
#7 2.231 (18/52) Installing gcc (14.2.0-r6)
#7 6.782 (19/52) Installing brotli-libs (1.1.0-r2)
#7 6.828 (20/52) Installing c-ares (1.34.5-r0)
#7 6.846 (21/52) Installing libunistring (1.3-r0)
#7 6.919 (22/52) Installing libidn2 (2.3.7-r0)
#7 6.937 (23/52) Installing nghttp2-libs (1.65.0-r0)
#7 6.950 (24/52) Installing libpsl (0.21.5-r3)
#7 6.960 (25/52) Installing libcurl (8.14.1-r1)
#7 7.015 (26/52) Installing libexpat (2.7.2-r0)
#7 7.029 (27/52) Installing pcre2 (10.43-r1)
#7 7.069 (28/52) Installing git (2.49.1-r0)
#7 7.397 (29/52) Installing git-init-template (2.49.1-r0)
#7 7.404 (30/52) Installing linux-headers (6.14.2-r0)
#7 7.572 (31/52) Installing libffi (3.4.8-r0)
#7 7.578 (32/52) Installing pkgconf (2.4.3-r0)
#7 7.593 (33/52) Installing libffi-dev (3.4.8-r0)
#7 7.607 (34/52) Installing musl-dev (1.2.5-r10)
#7 7.961 (35/52) Installing openssl-dev (3.5.3-r0)
#7 8.021 (36/52) Installing libbz2 (1.0.8-r6)
#7 8.045 (37/52) Installing gdbm (1.24-r0)
#7 8.055 (38/52) Installing xz-libs (5.8.1-r0)
#7 8.071 (39/52) Installing mpdecimal (4.0.1-r0)
#7 8.090 (40/52) Installing libpanelw (6.5_p20250503-r0)
#7 8.098 (41/52) Installing sqlite-libs (3.49.2-r1)
#7 8.185 (42/52) Installing python3 (3.12.11-r0)
#7 8.904 (43/52) Installing python3-pycache-pyc0 (3.12.11-r0)
#7 9.292 (44/52) Installing pyc (3.12.11-r0)
#7 9.292 (45/52) Installing python3-pyc (3.12.11-r0)
#7 9.292 (46/52) Installing python3-dev (3.12.11-r0)
#7 10.71 (47/52) Installing libmd (1.1.0-r0)
#7 10.72 (48/52) Installing libbsd (0.12.2-r0)
#7 10.73 (49/52) Installing skalibs-libs (2.14.4.0-r0)
#7 10.75 (50/52) Installing utmps-libs (0.1.3.1-r0)
#7 10.76 (51/52) Installing linux-pam (1.7.0-r4)
#7 10.82 (52/52) Installing shadow (4.17.3-r0)
#7 10.88 Executing busybox-1.37.0-r18.trigger
#7 10.90 OK: 274 MiB in 66 packages
#7 DONE 14.4s
#8 [builder 3/15] RUN mkdir -p /app
#8 DONE 0.5s
#9 [builder 4/15] COPY api /app/api
#9 DONE 0.3s
#10 [builder 5/15] COPY back /app/back
#10 DONE 0.3s
#11 [builder 6/15] COPY config /app/config
#11 DONE 0.3s
#12 [builder 7/15] COPY db /app/db
#12 DONE 0.3s
#13 [builder 8/15] COPY dockerfiles /app/dockerfiles
#13 DONE 0.3s
#14 [builder 9/15] COPY front /app/front
#14 DONE 0.4s
#15 [builder 10/15] COPY server /app/server
#15 DONE 0.3s
#16 [builder 11/15] COPY install/crontab /etc/crontabs/root
#16 DONE 0.3s
#17 [builder 12/15] COPY dockerfiles/start* /start*.sh
#17 DONE 0.3s
#18 [builder 13/15] RUN pip install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git
#18 0.737 Collecting git+https://github.com/foreign-sub/aiofreepybox.git
#18 0.737 Cloning https://github.com/foreign-sub/aiofreepybox.git to /tmp/pip-req-build-waf5_npl
#18 0.738 Running command git clone --filter=blob:none --quiet https://github.com/foreign-sub/aiofreepybox.git /tmp/pip-req-build-waf5_npl
#18 1.617 Resolved https://github.com/foreign-sub/aiofreepybox.git to commit 4ee18ea0f3e76edc839c48eb8df1da59c1baee3d
#18 1.620 Installing build dependencies: started
#18 3.337 Installing build dependencies: finished with status 'done'
#18 3.337 Getting requirements to build wheel: started
#18 3.491 Getting requirements to build wheel: finished with status 'done'
#18 3.492 Preparing metadata (pyproject.toml): started
#18 3.650 Preparing metadata (pyproject.toml): finished with status 'done'
#18 3.724 Collecting openwrt-luci-rpc
#18 3.753 Downloading openwrt_luci_rpc-1.1.17-py2.py3-none-any.whl.metadata (4.9 kB)
#18 3.892 Collecting asusrouter
#18 3.900 Downloading asusrouter-1.21.0-py3-none-any.whl.metadata (33 kB)
#18 3.999 Collecting asyncio
#18 4.007 Downloading asyncio-4.0.0-py3-none-any.whl.metadata (994 bytes)
#18 4.576 Collecting aiohttp
#18 4.582 Downloading aiohttp-3.12.15-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (7.7 kB)
#18 4.729 Collecting graphene
#18 4.735 Downloading graphene-3.4.3-py2.py3-none-any.whl.metadata (6.9 kB)
#18 4.858 Collecting flask
#18 4.866 Downloading flask-3.1.2-py3-none-any.whl.metadata (3.2 kB)
#18 4.963 Collecting flask-cors
#18 4.972 Downloading flask_cors-6.0.1-py3-none-any.whl.metadata (5.3 kB)
#18 5.055 Collecting unifi-sm-api
#18 5.065 Downloading unifi_sm_api-0.2.1-py3-none-any.whl.metadata (2.3 kB)
#18 5.155 Collecting tplink-omada-client
#18 5.166 Downloading tplink_omada_client-1.4.4-py3-none-any.whl.metadata (3.5 kB)
#18 5.262 Collecting wakeonlan
#18 5.274 Downloading wakeonlan-3.1.0-py3-none-any.whl.metadata (4.3 kB)
#18 5.500 Collecting pycryptodome
#18 5.505 Downloading pycryptodome-3.23.0-cp37-abi3-musllinux_1_2_x86_64.whl.metadata (3.4 kB)
#18 5.653 Collecting requests
#18 5.660 Downloading requests-2.32.5-py3-none-any.whl.metadata (4.9 kB)
#18 5.764 Collecting paho-mqtt
#18 5.775 Downloading paho_mqtt-2.1.0-py3-none-any.whl.metadata (23 kB)
#18 5.890 Collecting scapy
#18 5.902 Downloading scapy-2.6.1-py3-none-any.whl.metadata (5.6 kB)
#18 6.002 Collecting cron-converter
#18 6.013 Downloading cron_converter-1.2.2-py3-none-any.whl.metadata (8.1 kB)
#18 6.187 Collecting pytz
#18 6.193 Downloading pytz-2025.2-py2.py3-none-any.whl.metadata (22 kB)
#18 6.285 Collecting json2table
#18 6.294 Downloading json2table-1.1.5-py2.py3-none-any.whl.metadata (6.0 kB)
#18 6.381 Collecting dhcp-leases
#18 6.387 Downloading dhcp_leases-0.1.6-py3-none-any.whl.metadata (5.9 kB)
#18 6.461 Collecting pyunifi
#18 6.471 Downloading pyunifi-2.21-py3-none-any.whl.metadata (274 bytes)
#18 6.582 Collecting speedtest-cli
#18 6.596 Downloading speedtest_cli-2.1.3-py2.py3-none-any.whl.metadata (6.8 kB)
#18 6.767 Collecting chardet
#18 6.780 Downloading chardet-5.2.0-py3-none-any.whl.metadata (3.4 kB)
#18 6.878 Collecting python-nmap
#18 6.886 Downloading python-nmap-0.7.1.tar.gz (44 kB)
#18 6.937 Installing build dependencies: started
#18 8.245 Installing build dependencies: finished with status 'done'
#18 8.246 Getting requirements to build wheel: started
#18 8.411 Getting requirements to build wheel: finished with status 'done'
#18 8.412 Preparing metadata (pyproject.toml): started
#18 8.575 Preparing metadata (pyproject.toml): finished with status 'done'
#18 8.648 Collecting dnspython
#18 8.654 Downloading dnspython-2.8.0-py3-none-any.whl.metadata (5.7 kB)
#18 8.741 Collecting librouteros
#18 8.752 Downloading librouteros-3.4.1-py3-none-any.whl.metadata (1.6 kB)
#18 8.869 Collecting yattag
#18 8.881 Downloading yattag-1.16.1.tar.gz (29 kB)
#18 8.925 Installing build dependencies: started
#18 10.23 Installing build dependencies: finished with status 'done'
#18 10.23 Getting requirements to build wheel: started
#18 10.38 Getting requirements to build wheel: finished with status 'done'
#18 10.39 Preparing metadata (pyproject.toml): started
#18 10.55 Preparing metadata (pyproject.toml): finished with status 'done'
#18 10.60 Collecting Click>=6.0 (from openwrt-luci-rpc)
#18 10.60 Downloading click-8.3.0-py3-none-any.whl.metadata (2.6 kB)
#18 10.70 Collecting packaging>=19.1 (from openwrt-luci-rpc)
#18 10.71 Downloading packaging-25.0-py3-none-any.whl.metadata (3.3 kB)
#18 10.87 Collecting urllib3>=1.26.14 (from asusrouter)
#18 10.88 Downloading urllib3-2.5.0-py3-none-any.whl.metadata (6.5 kB)
#18 10.98 Collecting xmltodict>=0.12.0 (from asusrouter)
#18 10.98 Downloading xmltodict-1.0.2-py3-none-any.whl.metadata (15 kB)
#18 11.09 Collecting aiohappyeyeballs>=2.5.0 (from aiohttp)
#18 11.10 Downloading aiohappyeyeballs-2.6.1-py3-none-any.whl.metadata (5.9 kB)
#18 11.19 Collecting aiosignal>=1.4.0 (from aiohttp)
#18 11.20 Downloading aiosignal-1.4.0-py3-none-any.whl.metadata (3.7 kB)
#18 11.32 Collecting attrs>=17.3.0 (from aiohttp)
#18 11.33 Downloading attrs-25.3.0-py3-none-any.whl.metadata (10 kB)
#18 11.47 Collecting frozenlist>=1.1.1 (from aiohttp)
#18 11.47 Downloading frozenlist-1.7.0-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (18 kB)
#18 11.76 Collecting multidict<7.0,>=4.5 (from aiohttp)
#18 11.77 Downloading multidict-6.6.4-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (5.3 kB)
#18 11.87 Collecting propcache>=0.2.0 (from aiohttp)
#18 11.88 Downloading propcache-0.3.2-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (12 kB)
#18 12.19 Collecting yarl<2.0,>=1.17.0 (from aiohttp)
#18 12.20 Downloading yarl-1.20.1-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (73 kB)
#18 12.31 Collecting graphql-core<3.3,>=3.1 (from graphene)
#18 12.32 Downloading graphql_core-3.2.6-py3-none-any.whl.metadata (11 kB)
#18 12.41 Collecting graphql-relay<3.3,>=3.1 (from graphene)
#18 12.42 Downloading graphql_relay-3.2.0-py3-none-any.whl.metadata (12 kB)
#18 12.50 Collecting python-dateutil<3,>=2.7.0 (from graphene)
#18 12.51 Downloading python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata (8.4 kB)
#18 12.61 Collecting typing-extensions<5,>=4.7.1 (from graphene)
#18 12.61 Downloading typing_extensions-4.15.0-py3-none-any.whl.metadata (3.3 kB)
#18 12.71 Collecting blinker>=1.9.0 (from flask)
#18 12.72 Downloading blinker-1.9.0-py3-none-any.whl.metadata (1.6 kB)
#18 12.84 Collecting itsdangerous>=2.2.0 (from flask)
#18 12.85 Downloading itsdangerous-2.2.0-py3-none-any.whl.metadata (1.9 kB)
#18 12.97 Collecting jinja2>=3.1.2 (from flask)
#18 12.98 Downloading jinja2-3.1.6-py3-none-any.whl.metadata (2.9 kB)
#18 13.15 Collecting markupsafe>=2.1.1 (from flask)
#18 13.15 Downloading MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (4.0 kB)
#18 13.28 Collecting werkzeug>=3.1.0 (from flask)
#18 13.29 Downloading werkzeug-3.1.3-py3-none-any.whl.metadata (3.7 kB)
#18 13.42 Collecting awesomeversion>=22.9.0 (from tplink-omada-client)
#18 13.42 Downloading awesomeversion-25.8.0-py3-none-any.whl.metadata (9.8 kB)
#18 13.59 Collecting charset_normalizer<4,>=2 (from requests)
#18 13.59 Downloading charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_x86_64.whl.metadata (36 kB)
#18 13.77 Collecting idna<4,>=2.5 (from requests)
#18 13.78 Downloading idna-3.10-py3-none-any.whl.metadata (10 kB)
#18 13.94 Collecting certifi>=2017.4.17 (from requests)
#18 13.94 Downloading certifi-2025.8.3-py3-none-any.whl.metadata (2.4 kB)
#18 14.06 Collecting toml<0.11.0,>=0.10.2 (from librouteros)
#18 14.07 Downloading toml-0.10.2-py2.py3-none-any.whl.metadata (7.1 kB)
#18 14.25 Collecting six>=1.5 (from python-dateutil<3,>=2.7.0->graphene)
#18 14.26 Downloading six-1.17.0-py2.py3-none-any.whl.metadata (1.7 kB)
#18 14.33 Downloading openwrt_luci_rpc-1.1.17-py2.py3-none-any.whl (9.5 kB)
#18 14.37 Downloading asusrouter-1.21.0-py3-none-any.whl (131 kB)
#18 14.43 Downloading asyncio-4.0.0-py3-none-any.whl (5.6 kB)
#18 14.47 Downloading aiohttp-3.12.15-cp312-cp312-musllinux_1_2_x86_64.whl (1.7 MB)
#18 14.67 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.7/1.7 MB 8.3 MB/s eta 0:00:00
#18 14.68 Downloading graphene-3.4.3-py2.py3-none-any.whl (114 kB)
#18 14.73 Downloading flask-3.1.2-py3-none-any.whl (103 kB)
#18 14.78 Downloading flask_cors-6.0.1-py3-none-any.whl (13 kB)
#18 14.84 Downloading unifi_sm_api-0.2.1-py3-none-any.whl (16 kB)
#18 14.88 Downloading tplink_omada_client-1.4.4-py3-none-any.whl (46 kB)
#18 14.93 Downloading wakeonlan-3.1.0-py3-none-any.whl (5.0 kB)
#18 14.99 Downloading pycryptodome-3.23.0-cp37-abi3-musllinux_1_2_x86_64.whl (2.3 MB)
#18 15.23 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.3/2.3 MB 8.9 MB/s eta 0:00:00
#18 15.24 Downloading requests-2.32.5-py3-none-any.whl (64 kB)
#18 15.30 Downloading paho_mqtt-2.1.0-py3-none-any.whl (67 kB)
#18 15.34 Downloading scapy-2.6.1-py3-none-any.whl (2.4 MB)
#18 15.62 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.4/2.4 MB 8.5 MB/s eta 0:00:00
#18 15.63 Downloading cron_converter-1.2.2-py3-none-any.whl (13 kB)
#18 15.67 Downloading pytz-2025.2-py2.py3-none-any.whl (509 kB)
#18 15.76 Downloading json2table-1.1.5-py2.py3-none-any.whl (8.7 kB)
#18 15.81 Downloading dhcp_leases-0.1.6-py3-none-any.whl (11 kB)
#18 15.86 Downloading pyunifi-2.21-py3-none-any.whl (11 kB)
#18 15.90 Downloading speedtest_cli-2.1.3-py2.py3-none-any.whl (23 kB)
#18 15.95 Downloading chardet-5.2.0-py3-none-any.whl (199 kB)
#18 16.01 Downloading dnspython-2.8.0-py3-none-any.whl (331 kB)
#18 16.10 Downloading librouteros-3.4.1-py3-none-any.whl (16 kB)
#18 16.14 Downloading aiohappyeyeballs-2.6.1-py3-none-any.whl (15 kB)
#18 16.20 Downloading aiosignal-1.4.0-py3-none-any.whl (7.5 kB)
#18 16.24 Downloading attrs-25.3.0-py3-none-any.whl (63 kB)
#18 16.30 Downloading awesomeversion-25.8.0-py3-none-any.whl (15 kB)
#18 16.34 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB)
#18 16.39 Downloading certifi-2025.8.3-py3-none-any.whl (161 kB)
#18 16.45 Downloading charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_x86_64.whl (153 kB)
#18 16.50 Downloading click-8.3.0-py3-none-any.whl (107 kB)
#18 16.55 Downloading frozenlist-1.7.0-cp312-cp312-musllinux_1_2_x86_64.whl (237 kB)
#18 16.62 Downloading graphql_core-3.2.6-py3-none-any.whl (203 kB)
#18 16.69 Downloading graphql_relay-3.2.0-py3-none-any.whl (16 kB)
#18 16.73 Downloading idna-3.10-py3-none-any.whl (70 kB)
#18 16.79 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB)
#18 16.84 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB)
#18 16.96 Downloading MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_x86_64.whl (23 kB)
#18 17.02 Downloading multidict-6.6.4-cp312-cp312-musllinux_1_2_x86_64.whl (251 kB)
#18 17.09 Downloading packaging-25.0-py3-none-any.whl (66 kB)
#18 17.14 Downloading propcache-0.3.2-cp312-cp312-musllinux_1_2_x86_64.whl (222 kB)
#18 17.21 Downloading python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
#18 17.28 Downloading toml-0.10.2-py2.py3-none-any.whl (16 kB)
#18 17.33 Downloading typing_extensions-4.15.0-py3-none-any.whl (44 kB)
#18 17.39 Downloading urllib3-2.5.0-py3-none-any.whl (129 kB)
#18 17.44 Downloading werkzeug-3.1.3-py3-none-any.whl (224 kB)
#18 17.51 Downloading xmltodict-1.0.2-py3-none-any.whl (13 kB)
#18 17.56 Downloading yarl-1.20.1-cp312-cp312-musllinux_1_2_x86_64.whl (374 kB)
#18 17.65 Downloading six-1.17.0-py2.py3-none-any.whl (11 kB)
#18 17.77 Building wheels for collected packages: python-nmap, yattag, aiofreepybox
#18 17.77 Building wheel for python-nmap (pyproject.toml): started
#18 17.95 Building wheel for python-nmap (pyproject.toml): finished with status 'done'
#18 17.96 Created wheel for python-nmap: filename=python_nmap-0.7.1-py2.py3-none-any.whl size=20679 sha256=ecd9b14109651cfaa5bf035f90076b9442985cc254fa5f8a49868fc896e86edb
#18 17.96 Stored in directory: /root/.cache/pip/wheels/06/fc/d4/0957e1d9942e696188208772ea0abf909fe6eb3d9dff6e5a9e
#18 17.96 Building wheel for yattag (pyproject.toml): started
#18 18.14 Building wheel for yattag (pyproject.toml): finished with status 'done'
#18 18.14 Created wheel for yattag: filename=yattag-1.16.1-py3-none-any.whl size=15930 sha256=2135fc2034a3847c81eb6a0d7b85608e8272339fa5c1961f87b02dfe6d74d0ad
#18 18.14 Stored in directory: /root/.cache/pip/wheels/d2/2f/52/049ff4f7c8c9c932b2ece7ec800d7facf2a141ac5ab0ce7e51
#18 18.15 Building wheel for aiofreepybox (pyproject.toml): started
#18 18.36 Building wheel for aiofreepybox (pyproject.toml): finished with status 'done'
#18 18.36 Created wheel for aiofreepybox: filename=aiofreepybox-6.0.0-py3-none-any.whl size=60051 sha256=dbdee5350b10b6550ede50bc779381b7f39f1e5d5da889f2ee98cb5a869d3425
#18 18.36 Stored in directory: /tmp/pip-ephem-wheel-cache-93bgc4e2/wheels/3c/d3/ae/fb97a84a29a5fbe8517de58d67e66586505440af35981e0dd3
#18 18.36 Successfully built python-nmap yattag aiofreepybox
#18 18.45 Installing collected packages: yattag, speedtest-cli, pytz, python-nmap, json2table, dhcp-leases, xmltodict, wakeonlan, urllib3, typing-extensions, toml, six, scapy, pycryptodome, propcache, paho-mqtt, packaging, multidict, markupsafe, itsdangerous, idna, graphql-core, frozenlist, dnspython, Click, charset_normalizer, chardet, certifi, blinker, awesomeversion, attrs, asyncio, aiohappyeyeballs, yarl, werkzeug, requests, python-dateutil, librouteros, jinja2, graphql-relay, aiosignal, unifi-sm-api, pyunifi, openwrt-luci-rpc, graphene, flask, cron-converter, aiohttp, tplink-omada-client, flask-cors, asusrouter, aiofreepybox
#18 24.35 Successfully installed Click-8.3.0 aiofreepybox-6.0.0 aiohappyeyeballs-2.6.1 aiohttp-3.12.15 aiosignal-1.4.0 asusrouter-1.21.0 asyncio-4.0.0 attrs-25.3.0 awesomeversion-25.8.0 blinker-1.9.0 certifi-2025.8.3 chardet-5.2.0 charset_normalizer-3.4.3 cron-converter-1.2.2 dhcp-leases-0.1.6 dnspython-2.8.0 flask-3.1.2 flask-cors-6.0.1 frozenlist-1.7.0 graphene-3.4.3 graphql-core-3.2.6 graphql-relay-3.2.0 idna-3.10 itsdangerous-2.2.0 jinja2-3.1.6 json2table-1.1.5 librouteros-3.4.1 markupsafe-3.0.2 multidict-6.6.4 openwrt-luci-rpc-1.1.17 packaging-25.0 paho-mqtt-2.1.0 propcache-0.3.2 pycryptodome-3.23.0 python-dateutil-2.9.0.post0 python-nmap-0.7.1 pytz-2025.2 pyunifi-2.21 requests-2.32.5 scapy-2.6.1 six-1.17.0 speedtest-cli-2.1.3 toml-0.10.2 tplink-omada-client-1.4.4 typing-extensions-4.15.0 unifi-sm-api-0.2.1 urllib3-2.5.0 wakeonlan-3.1.0 werkzeug-3.1.3 xmltodict-1.0.2 yarl-1.20.1 yattag-1.16.1
#18 24.47
#18 24.47 [notice] A new release of pip is available: 25.0.1 -> 25.2
#18 24.47 [notice] To update, run: pip install --upgrade pip
#18 DONE 25.1s
#19 [builder 14/15] RUN bash -c "find /app -type d -exec chmod 750 {} \;" && bash -c "find /app -type f -exec chmod 640 {} \;" && bash -c "find /app -type f \( -name '*.sh' -o -name '*.py' -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"
#19 DONE 11.9s
#20 [builder 15/15] COPY install/freebox_certificate.pem /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem
#20 DONE 0.4s
#21 [runner 2/14] COPY --from=builder /opt/venv /opt/venv
#21 DONE 0.8s
#22 [runner 3/14] COPY --from=builder /usr/sbin/usermod /usr/sbin/groupmod /usr/sbin/
#22 DONE 0.4s
#23 [runner 4/14] RUN apk update --no-cache && apk add --no-cache bash libbsd zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session && apk add --no-cache python3 nginx && ln -s /usr/bin/awake /usr/bin/wakeonlan && bash -c "install -d -m 750 -o nginx -g www-data /app /app" && rm -f /etc/nginx/http.d/default.conf
#23 0.487 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz
#23 0.696 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/x86_64/APKINDEX.tar.gz
#23 1.156 v3.22.1-472-ga67443520d6 [https://dl-cdn.alpinelinux.org/alpine/v3.22/main]
#23 1.156 v3.22.1-473-gcd551a4e006 [https://dl-cdn.alpinelinux.org/alpine/v3.22/community]
#23 1.156 OK: 26326 distinct packages available
#23 1.195 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz
#23 1.276 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/x86_64/APKINDEX.tar.gz
#23 1.568 (1/38) Installing ncurses-terminfo-base (6.5_p20250503-r0)
#23 1.580 (2/38) Installing libncursesw (6.5_p20250503-r0)
#23 1.629 (3/38) Installing readline (8.2.13-r1)
#23 1.659 (4/38) Installing bash (5.2.37-r0)
#23 1.723 Executing bash-5.2.37-r0.post-install
#23 1.740 (5/38) Installing libintl (0.24.1-r0)
#23 1.749 (6/38) Installing gettext-envsubst (0.24.1-r0)
#23 1.775 (7/38) Installing libmd (1.1.0-r0)
#23 1.782 (8/38) Installing libbsd (0.12.2-r0)
#23 1.807 (9/38) Installing libeconf (0.6.3-r0)
#23 1.812 (10/38) Installing libblkid (2.41-r9)
#23 1.831 (11/38) Installing libmount (2.41-r9)
#23 1.857 (12/38) Installing libsmartcols (2.41-r9)
#23 1.872 (13/38) Installing lsblk (2.41-r9)
#23 1.886 (14/38) Installing libcap2 (2.76-r0)
#23 1.897 (15/38) Installing jansson (2.14.1-r0)
#23 1.910 (16/38) Installing mtr (0.96-r0)
#23 1.948 (17/38) Installing skalibs-libs (2.14.4.0-r0)
#23 1.966 (18/38) Installing execline-libs (2.9.7.0-r0)
#23 1.974 (19/38) Installing execline (2.9.7.0-r0)
#23 1.996 Executing execline-2.9.7.0-r0.post-install
#23 2.004 (20/38) Installing s6-ipcserver (2.13.2.0-r0)
#23 2.010 (21/38) Installing s6-libs (2.13.2.0-r0)
#23 2.016 (22/38) Installing s6 (2.13.2.0-r0)
#23 2.033 Executing s6-2.13.2.0-r0.pre-install
#23 2.159 (23/38) Installing s6-rc-libs (0.5.6.0-r0)
#23 2.164 (24/38) Installing s6-rc (0.5.6.0-r0)
#23 2.175 (25/38) Installing s6-linux-init (1.1.3.0-r0)
#23 2.185 (26/38) Installing s6-portable-utils (2.3.1.0-r0)
#23 2.193 (27/38) Installing s6-linux-utils (2.6.3.0-r0)
#23 2.200 (28/38) Installing s6-dns-libs (2.4.1.0-r0)
#23 2.208 (29/38) Installing s6-dns (2.4.1.0-r0)
#23 2.222 (30/38) Installing bearssl-libs (0.6_git20241009-r0)
#23 2.254 (31/38) Installing s6-networking-libs (2.7.1.0-r0)
#23 2.264 (32/38) Installing s6-networking (2.7.1.0-r0)
#23 2.286 (33/38) Installing s6-overlay-helpers (0.1.2.0-r0)
#23 2.355 (34/38) Installing s6-overlay (3.2.0.3-r0)
#23 2.380 (35/38) Installing sudo (1.9.17_p2-r0)
#23 2.511 (36/38) Installing tzdata (2025b-r0)
#23 2.641 (37/38) Installing unzip (6.0-r15)
#23 2.659 (38/38) Installing zip (3.0-r13)
#23 2.694 Executing busybox-1.37.0-r18.trigger
#23 2.725 OK: 16 MiB in 54 packages
#23 2.778 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz
#23 2.918 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/x86_64/APKINDEX.tar.gz
#23 3.218 (1/77) Installing libpcap (1.10.5-r1)
#23 3.234 (2/77) Installing arp-scan (1.10.0-r2)
#23 3.289 (3/77) Installing dbus-libs (1.16.2-r1)
#23 3.307 (4/77) Installing avahi-libs (0.8-r21)
#23 3.315 (5/77) Installing libdaemon (0.14-r6)
#23 3.322 (6/77) Installing libevent (2.1.12-r8)
#23 3.355 (7/77) Installing libexpat (2.7.2-r0)
#23 3.368 (8/77) Installing avahi (0.8-r21)
#23 3.387 Executing avahi-0.8-r21.pre-install
#23 3.465 (9/77) Installing gdbm (1.24-r0)
#23 3.477 (10/77) Installing avahi-tools (0.8-r21)
#23 3.483 (11/77) Installing libbz2 (1.0.8-r6)
#23 3.490 (12/77) Installing libffi (3.4.8-r0)
#23 3.496 (13/77) Installing xz-libs (5.8.1-r0)
#23 3.517 (14/77) Installing libgcc (14.2.0-r6)
#23 3.529 (15/77) Installing libstdc++ (14.2.0-r6)
#23 3.613 (16/77) Installing mpdecimal (4.0.1-r0)
#23 3.628 (17/77) Installing libpanelw (6.5_p20250503-r0)
#23 3.634 (18/77) Installing sqlite-libs (3.49.2-r1)
#23 3.783 (19/77) Installing python3 (3.12.11-r0)
#23 4.494 (20/77) Installing python3-pycache-pyc0 (3.12.11-r0)
#23 4.915 (21/77) Installing pyc (3.12.11-r0)
#23 4.915 (22/77) Installing py3-awake-pyc (1.0-r12)
#23 4.922 (23/77) Installing python3-pyc (3.12.11-r0)
#23 4.922 (24/77) Installing py3-awake (1.0-r12)
#23 4.928 (25/77) Installing awake (1.0-r12)
#23 4.932 (26/77) Installing fstrm (0.6.1-r4)
#23 4.940 (27/77) Installing krb5-conf (1.0-r2)
#23 5.017 (28/77) Installing libcom_err (1.47.2-r2)
#23 5.026 (29/77) Installing keyutils-libs (1.6.3-r4)
#23 5.033 (30/77) Installing libverto (0.3.2-r2)
#23 5.039 (31/77) Installing krb5-libs (1.21.3-r0)
#23 5.115 (32/77) Installing json-c (0.18-r1)
#23 5.123 (33/77) Installing nghttp2-libs (1.65.0-r0)
#23 5.136 (34/77) Installing protobuf-c (1.5.2-r0)
#23 5.142 (35/77) Installing userspace-rcu (0.15.2-r0)
#23 5.161 (36/77) Installing libuv (1.51.0-r0)
#23 5.178 (37/77) Installing libxml2 (2.13.8-r0)
#23 5.232 (38/77) Installing bind-libs (9.20.13-r0)
#23 5.355 (39/77) Installing bind-tools (9.20.13-r0)
#23 5.395 (40/77) Installing ca-certificates (20250619-r0)
#23 5.518 (41/77) Installing brotli-libs (1.1.0-r2)
#23 5.559 (42/77) Installing c-ares (1.34.5-r0)
#23 5.573 (43/77) Installing libunistring (1.3-r0)
#23 5.645 (44/77) Installing libidn2 (2.3.7-r0)
#23 5.664 (45/77) Installing libpsl (0.21.5-r3)
#23 5.676 (46/77) Installing zstd-libs (1.5.7-r0)
#23 5.720 (47/77) Installing libcurl (8.14.1-r1)
#23 5.753 (48/77) Installing curl (8.14.1-r1)
#23 5.778 (49/77) Installing dbus (1.16.2-r1)
#23 5.796 Executing dbus-1.16.2-r1.pre-install
#23 5.869 Executing dbus-1.16.2-r1.post-install
#23 5.887 (50/77) Installing dbus-daemon-launch-helper (1.16.2-r1)
#23 5.896 (51/77) Installing libelf (0.193-r0)
#23 5.908 (52/77) Installing libmnl (1.0.5-r2)
#23 5.915 (53/77) Installing iproute2-minimal (6.15.0-r0)
#23 5.954 (54/77) Installing libxtables (1.8.11-r1)
#23 5.963 (55/77) Installing iproute2-tc (6.15.0-r0)
#23 6.001 (56/77) Installing iproute2-ss (6.15.0-r0)
#23 6.014 (57/77) Installing iproute2 (6.15.0-r0)
#23 6.042 Executing iproute2-6.15.0-r0.post-install
#23 6.047 (58/77) Installing nbtscan (1.7.2-r0)
#23 6.053 (59/77) Installing net-snmp-libs (5.9.4-r1)
#23 6.112 (60/77) Installing net-snmp-agent-libs (5.9.4-r1)
#23 6.179 (61/77) Installing net-snmp-tools (5.9.4-r1)
#23 6.205 (62/77) Installing mii-tool (2.10-r3)
#23 6.211 (63/77) Installing net-tools (2.10-r3)
#23 6.235 (64/77) Installing lua5.4-libs (5.4.7-r0)
#23 6.258 (65/77) Installing libssh2 (1.11.1-r0)
#23 6.279 (66/77) Installing nmap (7.97-r0)
#23 6.524 (67/77) Installing nmap-nselibs (7.97-r0)
#23 6.729 (68/77) Installing nmap-scripts (7.97-r0)
#23 6.842 (69/77) Installing bridge (1.5-r5)
#23 6.904 (70/77) Installing ifupdown-ng (0.12.1-r7)
#23 6.915 (71/77) Installing ifupdown-ng-iproute2 (0.12.1-r7)
#23 6.920 (72/77) Installing openrc-user (0.62.6-r0)
#23 6.924 (73/77) Installing openrc (0.62.6-r0)
#23 7.013 Executing openrc-0.62.6-r0.post-install
#23 7.016 (74/77) Installing avahi-openrc (0.8-r21)
#23 7.021 (75/77) Installing dbus-openrc (1.16.2-r1)
#23 7.026 (76/77) Installing s6-openrc (2.13.2.0-r0)
#23 7.032 (77/77) Installing traceroute (2.1.6-r0)
#23 7.040 Executing busybox-1.37.0-r18.trigger
#23 7.042 Executing ca-certificates-20250619-r0.trigger
#23 7.101 Executing dbus-1.16.2-r1.trigger
#23 7.104 OK: 102 MiB in 131 packages
#23 7.156 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz
#23 7.243 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/x86_64/APKINDEX.tar.gz
#23 7.543 (1/12) Installing php83-common (8.3.24-r0)
#23 7.551 (2/12) Installing argon2-libs (20190702-r5)
#23 7.557 (3/12) Installing libedit (20250104.3.1-r1)
#23 7.568 (4/12) Installing pcre2 (10.43-r1)
#23 7.600 (5/12) Installing php83 (8.3.24-r0)
#23 7.777 (6/12) Installing php83-cgi (8.3.24-r0)
#23 7.953 (7/12) Installing php83-curl (8.3.24-r0)
#23 7.968 (8/12) Installing acl-libs (2.3.2-r1)
#23 7.975 (9/12) Installing php83-fpm (8.3.24-r0)
#23 8.193 (10/12) Installing php83-session (8.3.24-r0)
#23 8.204 (11/12) Installing php83-sqlite3 (8.3.24-r0)
#23 8.213 (12/12) Installing sqlite (3.49.2-r1)
#23 8.309 Executing busybox-1.37.0-r18.trigger
#23 8.317 OK: 129 MiB in 143 packages
#23 8.369 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/APKINDEX.tar.gz
#23 8.449 fetch https://dl-cdn.alpinelinux.org/alpine/v3.22/community/x86_64/APKINDEX.tar.gz
#23 8.747 (1/2) Installing nginx (1.28.0-r3)
#23 8.766 Executing nginx-1.28.0-r3.pre-install
#23 8.863 Executing nginx-1.28.0-r3.post-install
#23 8.865 (2/2) Installing nginx-openrc (1.28.0-r3)
#23 8.870 Executing busybox-1.37.0-r18.trigger
#23 8.873 OK: 130 MiB in 145 packages
#23 DONE 9.5s
#24 [runner 5/14] COPY --from=builder --chown=nginx:www-data /app/ /app/
#24 DONE 0.5s
#25 [runner 6/14] RUN mkdir -p /app/config /app/db /app/log/plugins
#25 DONE 0.5s
#26 [runner 7/14] COPY --chmod=600 --chown=root:root install/crontab /etc/crontabs/root
#26 DONE 0.3s
#27 [runner 8/14] COPY --chmod=755 dockerfiles/healthcheck.sh /usr/local/bin/healthcheck.sh
#27 DONE 0.3s
#28 [runner 9/14] RUN touch /app/log/app.log && touch /app/log/execution_queue.log && touch /app/log/app_front.log && touch /app/log/app.php_errors.log && touch /app/log/stderr.log && touch /app/log/stdout.log && touch /app/log/db_is_locked.log && touch /app/log/IP_changes.log && touch /app/log/report_output.txt && touch /app/log/report_output.html && touch /app/log/report_output.json && touch /app/api/user_notifications.json
#28 DONE 0.6s
#29 [runner 10/14] COPY dockerfiles /app/dockerfiles
#29 DONE 0.3s
#30 [runner 11/14] RUN chmod +x /app/dockerfiles/*.sh
#30 DONE 0.8s
#31 [runner 12/14] RUN /app/dockerfiles/init-nginx.sh && /app/dockerfiles/init-php-fpm.sh && /app/dockerfiles/init-crond.sh && /app/dockerfiles/init-backend.sh
#31 0.417 Initializing nginx...
#31 0.417 Setting webserver to address (0.0.0.0) and port (20211)
#31 0.418 /app/dockerfiles/init-nginx.sh: line 5: /app/install/netalertx.template.conf: No such file or directory
#31 0.611 nginx initialized.
#31 0.612 Initializing php-fpm...
#31 0.654 php-fpm initialized.
#31 0.655 Initializing crond...
#31 0.689 crond initialized.
#31 0.690 Initializing backend...
#31 12.19 Backend initialized.
#31 DONE 12.3s
#32 [runner 13/14] RUN rm -rf /app/dockerfiles
#32 DONE 0.6s
#33 [runner 14/14] RUN date +%s > /app/front/buildtimestamp.txt
#33 DONE 0.6s
#34 exporting to image
#34 exporting layers
#34 exporting layers 2.4s done
#34 writing image sha256:0afcbc41473de559eff0dd93250595494fe4d8ea620861e9e90d50a248fcefda 0.0s done
#34 naming to docker.io/library/netalertx 0.0s done
#34 DONE 2.5s

674
dockerfiles/LICENSE
View File

@@ -1,674 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.

103
dockerfiles/README.md
View File

@@ -1,103 +0,0 @@
[![Docker Size](https://img.shields.io/docker/image-size/jokobsk/netalertx?label=Size&logo=Docker&color=0aa8d2&logoColor=fff&style=for-the-badge)](https://hub.docker.com/r/jokobsk/netalertx)
[![Docker Pulls](https://img.shields.io/docker/pulls/jokobsk/netalertx?label=Pulls&logo=docker&color=0aa8d2&logoColor=fff&style=for-the-badge)](https://hub.docker.com/r/jokobsk/netalertx)
[![GitHub Release](https://img.shields.io/github/v/release/jokob-sk/NetAlertX?color=0aa8d2&logoColor=fff&logo=GitHub&style=for-the-badge)](https://github.com/jokob-sk/NetAlertX/releases)
[![Discord](https://img.shields.io/discord/1274490466481602755?color=0aa8d2&logoColor=fff&logo=Discord&style=for-the-badge)](https://discord.gg/NczTUTWyRr)
[![Home Assistant](https://img.shields.io/badge/Repo-blue?logo=home-assistant&style=for-the-badge&color=0aa8d2&logoColor=fff&label=Add)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
# NetAlertX - Network scanner & notification framework
| [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://jokob-sk.github.io/NetAlertX/) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
|----------------------| ----------------------| ----------------------| ----------------------| ----------------------|
<a href="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" target="_blank">
<img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" width="1000px" />
</a>
Head to [https://netalertx.com/](https://netalertx.com/) for more gifs and screenshots 📷.
> [!NOTE]
> There is also an experimental 🧪 [bare-metal install](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) method available.
## 📕 Basic Usage
> [!WARNING]
> You will have to run the container on the `host` network and specify `SCAN_SUBNETS` unless you use other [plugin scanners](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md). The initial scan can take a few minutes, so please wait 5-10 minutes for the initial discovery to finish.
```yaml
docker run -d --rm --network=host \
-v local_path/config:/app/config \
-v local_path/db:/app/db \
--mount type=tmpfs,target=/app/api \
-e PUID=200 -e PGID=300 \
-e TZ=Europe/Berlin \
-e PORT=20211 \
ghcr.io/jokob-sk/netalertx:latest
```
See alternative [docked-compose examples](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DOCKER_COMPOSE.md).
### Docker environment variables
| Variable | Description | Example Value |
| :------------- |:------------------------| -----:|
| `PORT` |Port of the web interface | `20211` |
| `PUID` |Application User UID | `102` |
| `PGID` |Application User GID | `82` |
| `LISTEN_ADDR` |Set the specific IP Address for the listener address for the nginx webserver (web interface). This could be useful when using multiple subnets to hide the web interface from all untrusted networks. | `0.0.0.0` |
|`TZ` |Time zone to display stats correctly. Find your time zone [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | `Europe/Berlin` |
|`LOADED_PLUGINS` | Default [plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) to load. Plugins cannot be loaded with `APP_CONF_OVERRIDE`, you need to use this variable instead and then specify the plugins settings with `APP_CONF_OVERRIDE`. | `["PIHOLE","ASUSWRT"]` |
|`APP_CONF_OVERRIDE` | JSON override for settings (except `LOADED_PLUGINS`). | `{"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","GRAPHQL_PORT":"20212"}` |
|`ALWAYS_FRESH_INSTALL` | ⚠ If `true` will delete the content of the `/db` & `/config` folders. For testing purposes. Can be coupled with [watchtower](https://github.com/containrrr/watchtower) to have an always freshly installed `netalertx`/`netalertx-dev` image. | `true` |
> You can override the default GraphQL port setting `GRAPHQL_PORT` (set to `20212`) by using the `APP_CONF_OVERRIDE` env variable. `LOADED_PLUGINS` and settings in `APP_CONF_OVERRIDE` can be specified via the UI as well.
### Docker paths
> [!NOTE]
> See also [Backup strategies](https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md).
| Required | Path | Description |
| :------------- | :------------- | :-------------|
| ✅ | `:/app/config` | Folder which will contain the `app.conf` & `devices.csv` ([read about devices.csv](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md)) files |
| ✅ | `:/app/db` | Folder which will contain the `app.db` database file |
| | `:/app/log` | Logs folder useful for debugging if you have issues setting up the container |
| | `:/app/api` | A simple [API endpoint](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) containing static (but regularly updated) json and other files. |
| | `:/app/front/plugins/<plugin>/ignore_plugin` | Map a file `ignore_plugin` to ignore a plugin. Plugins can be soft-disabled via settings. More in the [Plugin docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md). |
| | `:/etc/resolv.conf` | Use a custom `resolv.conf` file for [better name resolution](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REVERSE_DNS.md). |
> Use separate `db` and `config` directories, do not nest them.
### Initial setup
- If unavailable, the app generates a default `app.conf` and `app.db` file on the first run.
- The preferred way is to manage the configuration via the Settings section in the UI, if UI is inaccessible you can modify [app.conf](https://github.com/jokob-sk/NetAlertX/tree/main/back) in the `/app/config/` folder directly
#### Setting up scanners
You have to specify which network(s) should be scanned. This is done by entering subnets that are accessible from the host. If you use the default `ARPSCAN` plugin, you have to specify at least one valid subnet and interface in the `SCAN_SUBNETS` setting. See the documentation on [How to set up multiple SUBNETS, VLANs and what are limitations](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md) for troubleshooting and more advanced scenarios.
If you are running PiHole you can synchronize devices directly. Check the [PiHole configuration guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PIHOLE_GUIDE.md) for details.
> [!NOTE]
> You can bulk-import devices via the [CSV import method](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md).
#### Community guides
You can read or watch several [community configuration guides](https://github.com/jokob-sk/NetAlertX/blob/main/docs/COMMUNITY_GUIDES.md) in Chinese, Korean, German, or French.
> Please note these might be outdated. Rely on official documentation first.
#### Common issues
- Before creating a new issue, please check if a similar issue was [already resolved](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed).
- Check also common issues and [debugging tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md).
## 💙 Support me
| [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) |
| --- | --- | --- |
- Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM`
- Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7`
> 📧 Email me at [netalertx@gmail.com](mailto:netalertx@gmail.com?subject=NetAlertX Donations) if you want to get in touch or if I should add other sponsorship platforms.

169
dockerfiles/init.sh
View File

@@ -1,169 +0,0 @@
#!/usr/bin/with-contenv bash
echo "---------------------------------------------------------
[INSTALL] Run init.sh
---------------------------------------------------------"
DEFAULT_PUID=102
DEFAULT_GID=82
PUID=${PUID:-${DEFAULT_PUID}}
PGID=${PGID:-${DEFAULT_GID}}
echo "[INSTALL] Setting up user UID and GID"
if ! groupmod -o -g "$PGID" www-data && [ "$PGID" != "$DEFAULT_GID" ] ; then
echo "Failed to set user GID to ${PGID}, trying with default GID ${DEFAULT_GID}"
groupmod -o -g "$DEFAULT_GID" www-data
fi
if ! usermod -o -u "$PUID" nginx && [ "$PUID" != "$DEFAULT_PUID" ] ; then
echo "Failed to set user UID to ${PUID}, trying with default PUID ${DEFAULT_PUID}"
usermod -o -u "$DEFAULT_PUID" nginx
fi
echo "
---------------------------------------------------------
GID/UID
---------------------------------------------------------
User UID: $(id -u nginx)
User GID: $(getent group www-data | cut -d: -f3)
---------------------------------------------------------"
chown nginx:nginx /run/nginx/ /var/log/nginx/ /var/lib/nginx/ /var/lib/nginx/tmp/
chgrp www-data /var/www/localhost/htdocs/
export INSTALL_DIR=/app # Specify the installation directory here
# DO NOT CHANGE ANYTHING BELOW THIS LINE!
CONF_FILE="app.conf"
NGINX_CONF_FILE=netalertx.conf
DB_FILE="app.db"
FULL_FILEDB_PATH="${INSTALL_DIR}/db/${DB_FILE}"
NGINX_CONFIG_FILE="/etc/nginx/http.d/${NGINX_CONF_FILE}"
OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
INSTALL_DIR_OLD=/home/pi/pialert
OLD_APP_NAME=pialert
# DO NOT CHANGE ANYTHING ABOVE THIS LINE!
# Check if script is run as root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root. Please use 'sudo'."
exit 1
fi
# DANGER ZONE: ALWAYS_FRESH_INSTALL
if [ "$ALWAYS_FRESH_INSTALL" = true ]; then
echo "[INSTALL] ❗ ALERT /db and /config folders are cleared because the ALWAYS_FRESH_INSTALL is set to: $ALWAYS_FRESH_INSTALL"
# Delete content of "$INSTALL_DIR/config/"
rm -rf "$INSTALL_DIR/config/"*
rm -rf "$INSTALL_DIR_OLD/config/"*
# Delete content of "$INSTALL_DIR/db/"
rm -rf "$INSTALL_DIR/db/"*
rm -rf "$INSTALL_DIR_OLD/db/"*
fi
# OVERRIDE settings: Handling APP_CONF_OVERRIDE
# Check if APP_CONF_OVERRIDE is set
# remove old
rm "${INSTALL_DIR}/config/app_conf_override.json"
if [ -z "$APP_CONF_OVERRIDE" ]; then
echo "APP_CONF_OVERRIDE is not set. Skipping config file creation."
else
# Save the APP_CONF_OVERRIDE env variable as a JSON file
echo "$APP_CONF_OVERRIDE" > "${INSTALL_DIR}/config/app_conf_override.json"
echo "Config file saved to ${INSTALL_DIR}/config/app_conf_override.json"
fi
# 🔻 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2025
# Check if pialert.db exists, then create a symbolic link to app.db
if [ -f "${INSTALL_DIR_OLD}/db/${OLD_APP_NAME}.db" ]; then
ln -s "${INSTALL_DIR_OLD}/db/${OLD_APP_NAME}.db" "${FULL_FILEDB_PATH}"
fi
# Check if ${OLD_APP_NAME}.conf exists, then create a symbolic link to app.conf
if [ -f "${INSTALL_DIR_OLD}/config/${OLD_APP_NAME}.conf" ]; then
ln -s "${INSTALL_DIR_OLD}/config/${OLD_APP_NAME}.conf" "${INSTALL_DIR}/config/${CONF_FILE}"
fi
# 🔺 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2025
echo "[INSTALL] Copy starter ${DB_FILE} and ${CONF_FILE} if they don't exist"
# Copy starter app.db, app.conf if they don't exist
cp -na "${INSTALL_DIR}/back/${CONF_FILE}" "${INSTALL_DIR}/config/${CONF_FILE}"
cp -na "${INSTALL_DIR}/back/${DB_FILE}" "${FULL_FILEDB_PATH}"
# if custom variables not set we do not need to do anything
if [ -n "${TZ}" ]; then
FILECONF="${INSTALL_DIR}/config/${CONF_FILE}"
echo "[INSTALL] Setup timezone"
sed -i "\#^TIMEZONE=#c\TIMEZONE='${TZ}'" "${FILECONF}"
# set TimeZone in container
cp /usr/share/zoneinfo/$TZ /etc/localtime
echo $TZ > /etc/timezone
fi
# if custom variables not set we do not need to do anything
if [ -n "${LOADED_PLUGINS}" ]; then
FILECONF="${INSTALL_DIR}/config/${CONF_FILE}"
echo "[INSTALL] Setup custom LOADED_PLUGINS variable"
sed -i "\#^LOADED_PLUGINS=#c\LOADED_PLUGINS=${LOADED_PLUGINS}" "${FILECONF}"
fi
echo "[INSTALL] Setup NGINX"
echo "Setting webserver to address ($LISTEN_ADDR) and port ($PORT)"
envsubst '$INSTALL_DIR $LISTEN_ADDR $PORT' < "${INSTALL_DIR}/install/netalertx.template.conf" > "${NGINX_CONFIG_FILE}"
# Run the hardware vendors update at least once
echo "[INSTALL] Run the hardware vendors update"
# Check if ieee-oui.txt or ieee-iab.txt exist
if [ -f "${OUI_FILE}" ]; then
echo "The file ieee-oui.txt exists. Skipping update_vendors.sh..."
else
echo "The file ieee-oui.txt does not exist. Running update_vendors..."
# Run the update_vendors.sh script
if [ -f "${INSTALL_DIR}/back/update_vendors.sh" ]; then
"${INSTALL_DIR}/back/update_vendors.sh"
else
echo "update_vendors.sh script not found in ${INSTALL_DIR}."
fi
fi
# Create an empty log files
# Create the execution_queue.log and app_front.log files if they don't exist
touch "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
touch "${INSTALL_DIR}"/api/user_notifications.json
# Create plugins sub-directory if it doesn't exist in case a custom log folder is used
mkdir -p "${INSTALL_DIR}"/log/plugins
echo "[INSTALL] Fixing permissions after copied starter config & DB"
chown -R nginx:www-data "${INSTALL_DIR}"
chmod 750 "${INSTALL_DIR}"/{config,log,db}
find "${INSTALL_DIR}"/{config,log,db} -type f -exec chmod 640 {} \;
# Check if buildtimestamp.txt doesn't exist
if [ ! -f "${INSTALL_DIR}/front/buildtimestamp.txt" ]; then
# Create buildtimestamp.txt
date +%s > "${INSTALL_DIR}/front/buildtimestamp.txt"
chown nginx:www-data "${INSTALL_DIR}/front/buildtimestamp.txt"
fi
echo -e "
[ENV] PATH is ${PATH}
[ENV] PORT is ${PORT}
[ENV] TZ is ${TZ}
[ENV] LISTEN_ADDR is ${LISTEN_ADDR}
[ENV] ALWAYS_FRESH_INSTALL is ${ALWAYS_FRESH_INSTALL}
"

49
dockerfiles/start.sh
View File

@@ -1,49 +0,0 @@
#!/bin/bash
export INSTALL_DIR=/app
export APP_NAME=netalertx
# php-fpm setup
install -d -o nginx -g www-data /run/php/
sed -i "/^;pid/c\pid = /run/php/php8.3-fpm.pid" /etc/php83/php-fpm.conf
sed -i "/^listen/c\listen = /run/php/php8.3-fpm.sock" /etc/php83/php-fpm.d/www.conf
sed -i "/^;listen.owner/c\listen.owner = nginx" /etc/php83/php-fpm.d/www.conf
sed -i "/^;listen.group/c\listen.group = www-data" /etc/php83/php-fpm.d/www.conf
sed -i "/^user/c\user = nginx" /etc/php83/php-fpm.d/www.conf
sed -i "/^group/c\group = www-data" /etc/php83/php-fpm.d/www.conf
# s6 overlay setup
mkdir -p /etc/s6-overlay/s6-rc.d/{SetupOneshot,crond/dependencies.d,php-fpm/dependencies.d,nginx/dependencies.d,$APP_NAME/dependencies.d}
echo "oneshot" > /etc/s6-overlay/s6-rc.d/SetupOneshot/type
echo "longrun" > /etc/s6-overlay/s6-rc.d/crond/type
echo "longrun" > /etc/s6-overlay/s6-rc.d/php-fpm/type
echo "longrun" > /etc/s6-overlay/s6-rc.d/nginx/type
echo "longrun" > /etc/s6-overlay/s6-rc.d/$APP_NAME/type
echo -e "${INSTALL_DIR}/dockerfiles/init.sh" > /etc/s6-overlay/s6-rc.d/SetupOneshot/up
echo -e '#!/bin/execlineb -P
if { echo
"
[INSTALL] Starting crond service...
" }' > /etc/s6-overlay/s6-rc.d/crond/run
echo -e "/usr/sbin/crond -f" >> /etc/s6-overlay/s6-rc.d/crond/run
echo -e "#!/bin/execlineb -P\n/usr/sbin/php-fpm83 -F" > /etc/s6-overlay/s6-rc.d/php-fpm/run
echo -e '#!/bin/execlineb -P\nnginx -g "daemon off;"' > /etc/s6-overlay/s6-rc.d/nginx/run
echo -e '#!/bin/execlineb -P
with-contenv
importas -u PORT PORT
if { echo
"
[INSTALL] 🚀 Starting app (:${PORT})
" }' > /etc/s6-overlay/s6-rc.d/$APP_NAME/run
echo -e "python ${INSTALL_DIR}/server" >> /etc/s6-overlay/s6-rc.d/$APP_NAME/run
touch /etc/s6-overlay/s6-rc.d/user/contents.d/{SetupOneshot,crond,php-fpm,nginx,$APP_NAME} /etc/s6-overlay/s6-rc.d/{crond,php-fpm,nginx,$APP_NAME}/dependencies.d/SetupOneshot
touch /etc/s6-overlay/s6-rc.d/nginx/dependencies.d/php-fpm
touch /etc/s6-overlay/s6-rc.d/$APP_NAME/dependencies.d/nginx
# this removes the current file
rm -f $0

2
docs/API.md
View File

@@ -59,6 +59,8 @@ http://<server>:<GRAPHQL_PORT>/
* [Events](API_EVENTS.md) Device event logging and management
* [Sessions](API_SESSIONS.md) Connection sessions and history
* [Settings](API_SETTINGS.md) Settings
* Messaging:
* [In app messaging](API_MESSAGING_IN_APP.md) - In-app messaging
* [Metrics](API_METRICS.md) Prometheus metrics and per-device status
* [Network Tools](API_NETTOOLS.md) Utilities like Wake-on-LAN, traceroute, nslookup, nmap, and internet info
* [Online History](API_ONLINEHISTORY.md) Online/offline device records

173
docs/API_MESSAGING_IN_APP.md Executable file
View File

@@ -0,0 +1,173 @@
# In-app Notifications API
Manage in-app notifications for users. Notifications can be written, retrieved, marked as read, or deleted.
---
### Write Notification
* **POST** `/messaging/in-app/write` → Create a new in-app notification.
**Request Body:**
```json
{
"content": "This is a test notification",
"level": "alert" // optional, ["interrupt","info","alert"] default: "alert"
}
```
**Response:**
```json
{
"success": true
}
```
#### `curl` Example
```bash
curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/messaging/in-app/write" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"content": "This is a test notification",
"level": "alert"
}'
```
---
### Get Unread Notifications
* **GET** `/messaging/in-app/unread` → Retrieve all unread notifications.
**Response:**
```json
[
{
"timestamp": "2025-10-10T12:34:56",
"guid": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"read": 0,
"level": "alert",
"content": "This is a test notification"
}
]
```
#### `curl` Example
```bash
curl -X GET "http://<server_ip>:<GRAPHQL_PORT>/messaging/in-app/unread" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Accept: application/json"
```
---
### Mark All Notifications as Read
* **POST** `/messaging/in-app/read/all` → Mark all notifications as read.
**Response:**
```json
{
"success": true
}
```
#### `curl` Example
```bash
curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/messaging/in-app/read/all" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Accept: application/json"
```
---
### Mark Single Notification as Read
* **POST** `/messaging/in-app/read/<guid>` → Mark a single notification as read using its GUID.
**Response (success):**
```json
{
"success": true
}
```
**Response (failure):**
```json
{
"success": false,
"error": "Notification not found"
}
```
#### `curl` Example
```bash
curl -X POST "http://<server_ip>:<GRAPHQL_PORT>/messaging/in-app/read/f47ac10b-58cc-4372-a567-0e02b2c3d479" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Accept: application/json"
```
---
### Delete All Notifications
* **DELETE** `/messaging/in-app/delete` → Remove all notifications from the system.
**Response:**
```json
{
"success": true
}
```
#### `curl` Example
```bash
curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/messaging/in-app/delete" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Accept: application/json"
```
---
### Delete Single Notification
* **DELETE** `/messaging/in-app/delete/<guid>` → Remove a single notification by its GUID.
**Response (success):**
```json
{
"success": true
}
```
**Response (failure):**
```json
{
"success": false,
"error": "Notification not found"
}
```
#### `curl` Example
```bash
curl -X DELETE "http://<server_ip>:<GRAPHQL_PORT>/messaging/in-app/delete/f47ac10b-58cc-4372-a567-0e02b2c3d479" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Accept: application/json"
```

44
docs/DEV_PORTS_HOST_MODE.md Executable file
View File

@@ -0,0 +1,44 @@
# Dev Ports in Host Network Mode
When using `"--network=host"` in the devcontainer, VS Code's normal port forwarding model doesn't apply. All container ports are already on the host network namespace, so:
- Listing ports in `forwardPorts` can cause VS Code to pre-bind or reserve them (conflicts with startup scripts waiting for a free port).
- The PORTS panel will not auto-detect services reliably, because forwarding isn't occurring.
- Debugger ports (e.g. Xdebug `9003`, Python debugpy `5678`) can still be listed safely.
## Recommended Pattern
1. Only include debugger ports in `forwardPorts`:
```jsonc
"forwardPorts": [5678, 9003]
```
2. Do NOT list application service ports (e.g. 20211, 20212) there when in host mode.
3. Use the helper task to enumerate current bindings:
- Run task: `> Tasks: Run Task` → `[Dev Container] List NetAlertX Ports`
## Port Enumeration Script
Script: `scripts/list-ports.sh`
Outputs binding address, PID (if resolvable) and process name for key ports.
You can edit the PORTS variable inside that script to add/remove watched ports.
## Xdebug Notes
Set in `99-xdebug.ini`:
```ini
xdebug.client_host=127.0.0.1
xdebug.client_port=9003
xdebug.discover_client_host=1
```
Ensure your IDE is listening on 9003.
## Troubleshooting
| Symptom | Cause | Fix |
|---------|-------|-----|
| `Waiting for port 20211 to free...` repeats | VS Code pre-bound the port via `forwardPorts` | Remove the port from `forwardPorts`, rebuild, retry |
| PHP request hangs at start | Xdebug trying to connect to unresolved host (`host.docker.internal`) | Use `127.0.0.1` or rely on discovery |
| PORTS panel empty | Expected in host mode | Use the port enumeration task |
## Future Improvements
- Optional: add a small web status endpoint summarizing runtime ports.
- Optional: detect host mode in `setup.sh` and skip the wait loop if the PID using port is the intended process.

3
docs/FIX_OFFLINE_DETECTION.md
View File

@@ -31,10 +31,11 @@ To improve presence accuracy and reduce false offline states:
### ✅ Increase ARP Scan Timeout
Extend the ARP scanner timeout to ensure full subnet coverage:
Extend the ARP scanner timeout and DURATION to ensure full subnet coverage:
```env
ARPSCAN_RUN_TIMEOUT=360
ARPSCAN_DURATION=30
```
> Adjust based on your network size and device count.

19
docs/HW_INSTALL.md
View File

@@ -63,13 +63,28 @@ wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/debian12/
## 📥 Ubuntu 24 (Noble Numbat)
> [!NOTE]
> Maintained by [ingoratsdorf](https://github.com/ingoratsdorf)
### Installation via curl
```bash
curl -o install.ubuntu24.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.ubuntu24.sh && sudo chmod +x install.ubuntu24.sh && sudo ./install.ubuntu24.sh
curl -o install.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.sh && sudo chmod +x install.sh && sudo ./install.sh
```
### Installation via wget
```bash
wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.ubuntu24.sh -O install.ubuntu24.sh && sudo chmod +x install.ubuntu24.sh && sudo ./install.ubuntu24.sh
wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/ubuntu24/install.sh -O install.sh && sudo chmod +x install.sh && sudo ./install.sh
```
## 📥 Bare Metal - Proxmox
> [!NOTE]
> Use this on a clean LXC/VM for Debian 13 OR Ubuntu 24.
> The Scipt will detect OS and build acordingly.
> Maintained by [JVKeller](https://github.com/JVKeller)
### Installation via wget
```bash
wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/proxmox/proxmox-install-netalertx.sh -O proxmox-install-netalertx.sh && chmod +x proxmox-install-netalertx.sh && ./proxmox-install-netalertx.sh
```

34
front/deviceDetails.php
View File

@@ -512,21 +512,29 @@ function updateDevicePageName(mac) {
}
// Page title - Name
if (mac == "new") {
$('#pageTitle').html(
`<i title="${getString("Gen_create_new_device")}" class="fa fa-square-plus"></i> ` + getString("Gen_create_new_device")
);
$('#devicePageInfoPlc .inner').html(
`<i class="fa fa-circle-info"></i> ` + getString("Gen_create_new_device_info")
);
$('#devicePageInfoPlc').show();
} else if (!owner || (name.toString()).indexOf(owner) !== -1) {
$('#pageTitle').html(name);
$('#devicePageInfoPlc').hide();
let pageTitleText;
if (mac === "new") {
pageTitleText = getString("Gen_create_new_device");
$('#pageTitle').html(
`<i title="${pageTitleText}" class="fa fa-square-plus"></i> ` + pageTitleText
);
$('#devicePageInfoPlc .inner').html(
`<i class="fa fa-circle-info"></i> ` + getString("Gen_create_new_device_info")
);
$('#devicePageInfoPlc').show();
} else if (!owner || name.toString().includes(owner)) {
pageTitleText = name;
$('#pageTitle').html(pageTitleText);
$('#devicePageInfoPlc').hide();
} else {
$('#pageTitle').html(name + ' (' + owner + ')');
$('#devicePageInfoPlc').hide();
pageTitleText = `${name} (${owner})`;
$('#pageTitle').html(pageTitleText);
$('#devicePageInfoPlc').hide();
}
// Prepend to the <title> tag
$('title').html(pageTitleText + ' - ' + $('title').html());
}

4
front/devices.php
View File

@@ -123,7 +123,7 @@
<!-- page script ----------------------------------------------------------- -->
<script>
var deviceStatus = 'all';
var tableRows = getCache ("nax_parTableRows") == "" ? 20 : getCache ("nax_parTableRows") ;
var tableRows = getCache ("nax_parTableRows") == "" ? parseInt(getSetting("UI_DEFAULT_PAGE_SIZE")) : getCache ("nax_parTableRows") ;
var tableOrder = getCache ("nax_parTableOrder") == "" ? [[3,'desc'], [0,'asc']] : JSON.parse(getCache ("nax_parTableOrder")) ;
var tableColumnHide = [];
@@ -743,7 +743,7 @@ function initializeDatatable (status) {
},
'paging' : true,
'lengthChange' : true,
'lengthMenu' : [[10, 20, 25, 50, 100, 500, 100000], [10, 20, 25, 50, 100, 500, getString('Device_Tablelenght_all')]],
'lengthMenu' : getLengthMenu(parseInt(getSetting("UI_DEFAULT_PAGE_SIZE"))),
'searching' : true,
'ordering' : true,

6
front/events.php
View File

@@ -169,7 +169,7 @@
var eventsType = 'all';
var period = '1 day';
var tableRows = 25;
var tableRows = parseInt(getSetting("UI_DEFAULT_PAGE_SIZE"));
// Read parameters & Initialize components
main();
@@ -181,7 +181,7 @@ function main() {
period = getCookie(parPeriod) === "" ? "1 day" : getCookie(parPeriod);
$('#period').val(period);
tableRows = getCookie(parTableRows) === "" ? 50 : parseInt(getCookie(parTableRows), 10);
tableRows = getCookie(parTableRows) === "" ? parseInt(getSetting("UI_DEFAULT_PAGE_SIZE")) : parseInt(getCookie(parTableRows), 10);
// Initialize components
initializeDatatable();
@@ -197,7 +197,7 @@ function initializeDatatable () {
$('#tableEvents').DataTable({
'paging' : true,
'lengthChange' : true,
'lengthMenu' : [[10, 25, 50, 100, 500, -1], [10, 25, 50, 100, 500, 'All']],
'lengthMenu' : getLengthMenu(parseInt(getSetting("UI_DEFAULT_PAGE_SIZE"))),
'searching' : true,
'ordering' : true,
'info' : true,

21
front/js/common.js
View File

@@ -11,8 +11,8 @@
var timerRefreshData = ''
var emptyArr = ['undefined', "", undefined, null, 'null'];
var UI_LANG = "English";
const allLanguages = ["en_us", "es_es", "de_de", "fr_fr", "it_it", "ru_ru", "nb_no", "pl_pl", "pt_br", "pt_pt", "tr_tr", "zh_cn", "cs_cz", "ar_ar", "ca_ca", "uk_ua"]; // needs to be same as in lang.php
var UI_LANG = "English (en_us)";
const allLanguages = ["ar_ar","ca_ca","cs_cz","de_de","en_us","es_es","fa_fa","fr_fr","it_it","nb_no","pl_pl","pt_br","pt_pt","ru_ru","tr_tr","uk_ua","zh_cn"]; // needs to be same as in lang.php
var settingsJSON = {}
@@ -299,7 +299,7 @@ function getString(key) {
// -----------------------------------------------------------------------------
// Get current language ISO code
// below has to match exactly teh values in /front/php/templates/language/lang.php & /front/js/common.js
// below has to match exactly the values in /front/php/templates/language/lang.php & /front/js/common.js
function getLangCode() {
UI_LANG = getSetting("UI_LANG");
@@ -307,19 +307,22 @@ function getLangCode() {
let lang_code = 'en_us';
switch (UI_LANG) {
case 'English':
case 'English (en_us)':
lang_code = 'en_us';
break;
case 'Spanish':
case 'Spanish (es_es)':
lang_code = 'es_es';
break;
case 'German':
case 'German (de_de)':
lang_code = 'de_de';
break;
case 'French':
case 'Farsi (fa_fa)':
lang_code = 'fa_fa';
break;
case 'French (fr_fr)':
lang_code = 'fr_fr';
break;
case 'Norwegian':
case 'Norwegian (nb_no)':
lang_code = 'nb_no';
break;
case 'Polish (pl_pl)':
@@ -337,7 +340,7 @@ function getLangCode() {
case 'Italian (it_it)':
lang_code = 'it_it';
break;
case 'Russian':
case 'Russian (ru_ru)':
lang_code = 'ru_ru';
break;
case 'Chinese (zh_cn)':

80
front/js/modal.js
View File

@@ -497,26 +497,78 @@ function checkNotification() {
});
}
// Handling unread notifications favicon + bell floating number bublbe
/**
* Handles unread notification indicators:
* - Updates the floating bell count bubble.
* - Changes the favicon to indicate unread notifications.
* - Updates the page title with a numeric prefix like "(3)".
*
* The function expects that the favicon element has the ID `#favicon`
* and that the bell count element has the ID `#unread-notifications-bell-count`.
*
* @param {number} count - The number of unread notifications.
*
* @example
* handleUnreadNotifications(3);
* // → shows "(3)" in the title, notification icon, and bell bubble
*
* handleUnreadNotifications(0);
* // → restores original favicon and hides bubble
*/
function handleUnreadNotifications(count) {
$('#unread-notifications-bell-count').html(count);
const $countBubble = $('#unread-notifications-bell-count');
const $favicon = $('#favicon');
// Capture current title — ideally cache the original globally if calling repeatedly
const originalTitle = document.title;
// Update notification bubble and favicon
$countBubble.html(count);
if (count > 0) {
$('#unread-notifications-bell-count').show();
// Change the favicon to show there are notifications
$('#favicon').attr('href', 'img/NetAlertX_logo_notification.png');
// Update the title to include the count
document.title = `(${count}) ` + originalTitle;
$countBubble.show();
$favicon.attr('href', 'img/NetAlertX_logo_notification.png');
} else {
$('#unread-notifications-bell-count').hide();
// Change the favicon back to the original
$('#favicon').attr('href', 'img/NetAlertX_logo.png');
// Revert the title to the original title
document.title = originalTitle;
$countBubble.hide();
$favicon.attr('href', 'img/NetAlertX_logo.png');
}
// Update the document title with "(count)" prefix
document.title = addOrUpdateNumberBrackets(originalTitle, count);
}
// Store the original title of the document
var originalTitle = document.title;
/**
* Adds, updates, or removes a numeric prefix in parentheses before a given string.
*
* Behavior:
* - If `count` is 0 → removes any existing "(...)" prefix.
* - If string already starts with "(...)" → replaces it with the new count.
* - Otherwise → adds "(count)" as a prefix before the input text.
*
* Examples:
* addOrUpdateNumberBrackets("Device", 3) → "(3) Device"
* addOrUpdateNumberBrackets("(1) Device", 4) → "(4) Device"
* addOrUpdateNumberBrackets("(5) Device", 0) → "Device"
*
* @param {string} input - The input string (e.g., a device name).
* @param {number} count - The number to place inside the parentheses.
* @returns {string} The updated string with the correct "(count)" prefix.
*/
function addOrUpdateNumberBrackets(input, count) {
let result = input.trim();
if (count === 0) {
// Remove any existing "(...)" prefix
result = result.replace(/^\(.*?\)\s*/, '');
} else if (/^\(.*?\)/.test(result)) {
// Replace existing "(...)" prefix
result = result.replace(/^\(.*?\)/, `(${count})`);
} else {
// Add new "(count)" prefix
result = `(${count}) ${result}`;
}
return result.trim();
}
// Start checking for notifications periodically

36
front/js/ui_components.js
View File

@@ -952,5 +952,41 @@ function initHoverNodeInfo() {
});
}
/**
* Generates a DataTables-style `lengthMenu` array with an optional custom entry inserted
* in the correct numeric order.
*
* Example output:
* [[10, 20, 25, 50, 100, 500, 100000], [10, 20, 25, 50, 100, 500, 'All']]
*
* @param {number} newEntry - A numeric entry to insert into the list (e.g. 30).
* If it already exists or equals -1, it will be ignored.
* @returns {Array[]} A two-dimensional array where:
* - The first array is the numeric page lengths.
* - The second array is the display labels (same values, but 'All' for -1).
*
* @example
* getLengthMenu(30);
* // → [[10, 20, 25, 30, 50, 100, 500, 100000], [10, 20, 25, 30, 50, 100, 500, 'All']]
*/
function getLengthMenu(newEntry) {
const values = [10, 20, 25, 50, 100, 500, 100000];
const labels = [10, 20, 25, 50, 100, 500, getString('Device_Tablelenght_all')];
// Insert newEntry in sorted order, skipping duplicates and -1/'All'
const insertSorted = (arr, val) => {
if (val === -1 || arr.includes(val)) return arr;
const idx = arr.findIndex(v => v > val || v === -1);
if (idx === -1) arr.push(val);
else arr.splice(idx, 0, val);
return arr;
};
insertSorted(values, newEntry);
insertSorted(labels, newEntry);
return [values, labels];
}
console.log("init ui_components.js")

36
front/multiEditCore.php
View File

@@ -340,9 +340,14 @@
console.log(columnValue);
// update selected
executeAction('update', 'devMac', selectorMacs(), targetColumns, columnValue )
if(selectorMacs() != "")
{
executeAction('update', 'devMac', selectorMacs(), targetColumns, columnValue )
}
else
{
showModalWarning(getString("Gen_Error"), getString('Device_MultiEdit_No_Devices'));
}
}
// -----------------------------------------------------------------------------
@@ -354,22 +359,23 @@
function executeAction(action, whereColumnName, key, targetColumns, newTargetColumnValue )
{
$.get(`php/server/dbHelper.php?action=${action}&dbtable=Devices&columnName=${whereColumnName}&id=${key}&columns=${targetColumns}&values=${newTargetColumnValue}`, function(data) {
// console.log(data);
// console.log(data);
if (sanitize(data) == 'OK') {
showMessage(getString('Gen_DataUpdatedUITakesTime'));
// Remove navigation prompt "Are you sure you want to leave..."
window.onbeforeunload = null;
if (sanitize(data) == 'OK') {
showMessage(getString('Gen_DataUpdatedUITakesTime'));
// Remove navigation prompt "Are you sure you want to leave..."
window.onbeforeunload = null;
// update API endpoints to refresh the UI
updateApi("devices,appevents")
// update API endpoints to refresh the UI
updateApi("devices,appevents")
write_notification(`[Multi edit] Executed "${action}" on Columns "${targetColumns}" matching "${key}"`, 'info')
write_notification(`[Multi edit] Executed "${action}" on Columns "${targetColumns}" matching "${key}"`, 'info')
} else {
showMessage(getString('Gen_LockedDB'));
}
});
} else {
console.error(data);
showMessage(getString('Gen_LockedDB'));
}
});
}

45
front/php/server/speedtestcli.php
View File

@@ -10,12 +10,47 @@ require dirname(__FILE__).'/../server/init.php';
// check if authenticated
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/security.php';
exec('../../../back/speedtest-cli --secure --simple', $output);
// Prefer explicit binary paths, fall back to a sanitised PATH
$speedtestCandidates = [
'/opt/venv/bin/speedtest-cli',
'/usr/local/bin/speedtest-cli',
'/usr/bin/speedtest-cli',
];
echo '<h4>'. lang('Speedtest_Results') .'</h4>';
echo '<pre style="border: none;">';
foreach($output as $line){
echo $line . "\n";
$candidateDirs = array_unique(array_map('dirname', $speedtestCandidates));
$safePath = implode(':', $candidateDirs);
$resolvedCommand = null;
foreach ($speedtestCandidates as $candidate) {
if (is_executable($candidate)) {
$resolvedCommand = escapeshellcmd($candidate) . ' --secure --simple';
break;
}
}
$output = [];
$returnCode = 0;
if ($resolvedCommand === null) {
$resolvedCommand = 'env PATH=' . escapeshellarg($safePath) . ' speedtest-cli --secure --simple';
}
exec($resolvedCommand, $output, $returnCode);
echo '<h4>' . lang('Speedtest_Results') . '</h4>';
if ($returnCode !== 0 || empty($output)) {
$errorMessage = $returnCode === 127
? 'speedtest-cli command not found. Checked paths: ' . $safePath
: (empty($output) ? 'speedtest-cli returned no output.' : implode("\n", $output));
echo '<div class="alert alert-danger">' . htmlspecialchars('Speedtest failed: ' . $errorMessage, ENT_QUOTES, 'UTF-8') . '</div>';
return;
}
echo '<pre style="border: none;">';
foreach ($output as $line) {
echo htmlspecialchars($line, ENT_QUOTES, 'UTF-8') . "\n";
}
echo '</pre>';
?>

5
front/php/server/utilNotification.php
View File

@@ -1,5 +1,10 @@
<?php
// 🔺----- API ENDPOINTS SUPERSEDED -----🔺
// check server/api_server/api_server_start.py for equivalents
// equivalent: /messaging/in-app
// 🔺----- API ENDPOINTS SUPERSEDED -----🔺
require dirname(__FILE__).'/../templates/globals.php';
//------------------------------------------------------------------------------

1
front/php/templates/language/ar_ar.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "نسخة احتياطية",
"Device_MultiEdit_Fields": "الحقول",
"Device_MultiEdit_MassActions": "إجراءات جماعية",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "تعديل الأجهزة المحددة",
"Device_Searchbox": "بحث",
"Device_Shortcut_AllDevices": "جميع الأجهزة",

1
front/php/templates/language/ca_ca.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Atenció, entrar valors incorrectes a continuació trencarà la configuració. Si us plau, abans feu còpia de seguretat la vostra base de dades o configuració de Dispositius (<a href=\"php/server/devices.php?action=ExportCSV\">clic per descarregar <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Llegiu com per recuperar Dispositius des d'aquest fitxer al <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">documentació de Còpies de seguretat</a>. Per aplicar els canvis, feu click a la <b>Save<i class=\"fa-solid fa-save\"></i></b> icona de cada camp que volgueu actualitzar.",
"Device_MultiEdit_Fields": "Editar camps:",
"Device_MultiEdit_MassActions": "Accions massives:",
"Device_MultiEdit_No_Devices": "Cap dispositiu seleccionat.",
"Device_MultiEdit_Tooltip": "Atenció. Si feu clic a això s'aplicarà el valor de l'esquerra a tots els dispositius seleccionats a dalt.",
"Device_Searchbox": "Cerca",
"Device_Shortcut_AllDevices": "Els meus dispositius",

1
front/php/templates/language/cs_cz.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "",
"Device_MultiEdit_Fields": "",
"Device_MultiEdit_MassActions": "",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "",
"Device_Searchbox": "",
"Device_Shortcut_AllDevices": "",

3
front/php/templates/language/de_de.json
View File

@@ -203,10 +203,11 @@
"Device_MultiEdit_Backup": "Achtung! Falsche Eingaben können die Installation beschädigen. Bitte sichere deine Datenbank oder Gerätekonfiguration zuerst: (<a href=\"php/server/devices.php?action=ExportCSV\">Konfiguration herunterladen <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Wie du dein Gerät wiederherstellen kannst findest du in der <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">Dokumentation über Backups</a>.",
"Device_MultiEdit_Fields": "Felder bearbeiten:",
"Device_MultiEdit_MassActions": "Massen aktionen:",
"Device_MultiEdit_No_Devices": "Keine Geräte ausgewählt.",
"Device_MultiEdit_Tooltip": "Achtung! Beim Drücken werden alle Werte auf die oben ausgewählten Geräte übertragen.",
"Device_Searchbox": "Suche",
"Device_Shortcut_AllDevices": "Meine Geräte",
"Device_Shortcut_AllNodes": "",
"Device_Shortcut_AllNodes": "Alle Knoten",
"Device_Shortcut_Archived": "Archiviert",
"Device_Shortcut_Connected": "Verbunden",
"Device_Shortcut_Devices": "Geräte",

1
front/php/templates/language/en_us.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Careful, entering wrong values below will break your setup. Please backup your database or Devices configuration first (<a href=\"php/server/devices.php?action=ExportCSV\">click to download <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Read how to recover Devices from this file in the <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">Backups documentation</a>. In order to apply your changes click the <b>Save<i class=\"fa-solid fa-save\"></i></b> icon on each field you want to update.",
"Device_MultiEdit_Fields": "Edit fields:",
"Device_MultiEdit_MassActions": "Mass actions:",
"Device_MultiEdit_No_Devices": "No devices selected.",
"Device_MultiEdit_Tooltip": "Careful. Clicking this will apply the value on the left to all devices selected above.",
"Device_Searchbox": "Search",
"Device_Shortcut_AllDevices": "My devices",

1
front/php/templates/language/es_es.json
View File

@@ -201,6 +201,7 @@
"Device_MultiEdit_Backup": "Tenga cuidado, ingresar valores incorrectos o romperá su configuración. Por favor, haga una copia de seguridad de su base de datos o de la configuración de los dispositivos primero (<a href=\"php/server/devices.php?action=ExportCSV\">haga clic para descargar <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Lea cómo recuperar dispositivos de este archivo en la documentación de <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">Copia de seguridad</a>. Para aplicar sus cambios haga click en el ícono de <b>Guardar<i class=\"fa-solid fa-save\"></i></b> en cada campo que quiera actualizar.",
"Device_MultiEdit_Fields": "Editar campos:",
"Device_MultiEdit_MassActions": "Acciones masivas:",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "Cuidado. Al hacer clic se aplicará el valor de la izquierda a todos los dispositivos seleccionados anteriormente.",
"Device_Searchbox": "Búsqueda",
"Device_Shortcut_AllDevices": "Mis dispositivos",

764
front/php/templates/language/fa_fa.json Executable file
View File

@@ -0,0 +1,764 @@
{
"API_CUSTOM_SQL_description": "",
"API_CUSTOM_SQL_name": "",
"API_TOKEN_description": "",
"API_TOKEN_name": "",
"API_display_name": "",
"API_icon": "",
"About_Design": "",
"About_Exit": "",
"About_Title": "",
"AppEvents_AppEventProcessed": "",
"AppEvents_DateTimeCreated": "",
"AppEvents_Extra": "",
"AppEvents_GUID": "",
"AppEvents_Helper1": "",
"AppEvents_Helper2": "",
"AppEvents_Helper3": "",
"AppEvents_ObjectForeignKey": "",
"AppEvents_ObjectIndex": "",
"AppEvents_ObjectIsArchived": "",
"AppEvents_ObjectIsNew": "",
"AppEvents_ObjectPlugin": "",
"AppEvents_ObjectPrimaryID": "",
"AppEvents_ObjectSecondaryID": "",
"AppEvents_ObjectStatus": "",
"AppEvents_ObjectStatusColumn": "",
"AppEvents_ObjectType": "",
"AppEvents_Plugin": "",
"AppEvents_Type": "",
"BackDevDetail_Actions_Ask_Run": "",
"BackDevDetail_Actions_Not_Registered": "",
"BackDevDetail_Actions_Title_Run": "",
"BackDevDetail_Copy_Ask": "",
"BackDevDetail_Copy_Title": "",
"BackDevDetail_Tools_WOL_error": "",
"BackDevDetail_Tools_WOL_okay": "",
"BackDevices_Arpscan_disabled": "",
"BackDevices_Arpscan_enabled": "",
"BackDevices_Backup_CopError": "",
"BackDevices_Backup_Failed": "",
"BackDevices_Backup_okay": "",
"BackDevices_DBTools_DelDevError_a": "",
"BackDevices_DBTools_DelDevError_b": "",
"BackDevices_DBTools_DelDev_a": "",
"BackDevices_DBTools_DelDev_b": "",
"BackDevices_DBTools_DelEvents": "",
"BackDevices_DBTools_DelEventsError": "",
"BackDevices_DBTools_ImportCSV": "",
"BackDevices_DBTools_ImportCSVError": "",
"BackDevices_DBTools_ImportCSVMissing": "",
"BackDevices_DBTools_Purge": "",
"BackDevices_DBTools_UpdDev": "",
"BackDevices_DBTools_UpdDevError": "",
"BackDevices_DBTools_Upgrade": "",
"BackDevices_DBTools_UpgradeError": "",
"BackDevices_Device_UpdDevError": "",
"BackDevices_Restore_CopError": "",
"BackDevices_Restore_Failed": "",
"BackDevices_Restore_okay": "",
"BackDevices_darkmode_disabled": "",
"BackDevices_darkmode_enabled": "",
"CLEAR_NEW_FLAG_description": "",
"CLEAR_NEW_FLAG_name": "",
"CustProps_cant_remove": "",
"DAYS_TO_KEEP_EVENTS_description": "",
"DAYS_TO_KEEP_EVENTS_name": "",
"DISCOVER_PLUGINS_description": "",
"DISCOVER_PLUGINS_name": "",
"DevDetail_Children_Title": "",
"DevDetail_Copy_Device_Title": "",
"DevDetail_Copy_Device_Tooltip": "",
"DevDetail_CustomProperties_Title": "",
"DevDetail_CustomProps_reset_info": "",
"DevDetail_DisplayFields_Title": "",
"DevDetail_EveandAl_AlertAllEvents": "",
"DevDetail_EveandAl_AlertDown": "",
"DevDetail_EveandAl_Archived": "",
"DevDetail_EveandAl_NewDevice": "",
"DevDetail_EveandAl_NewDevice_Tooltip": "",
"DevDetail_EveandAl_RandomMAC": "",
"DevDetail_EveandAl_ScanCycle": "",
"DevDetail_EveandAl_ScanCycle_a": "",
"DevDetail_EveandAl_ScanCycle_z": "",
"DevDetail_EveandAl_Skip": "",
"DevDetail_EveandAl_Title": "",
"DevDetail_Events_CheckBox": "",
"DevDetail_GoToNetworkNode": "",
"DevDetail_Icon": "",
"DevDetail_Icon_Descr": "",
"DevDetail_Loading": "",
"DevDetail_MainInfo_Comments": "",
"DevDetail_MainInfo_Favorite": "",
"DevDetail_MainInfo_Group": "",
"DevDetail_MainInfo_Location": "",
"DevDetail_MainInfo_Name": "",
"DevDetail_MainInfo_Network": "",
"DevDetail_MainInfo_Network_Port": "",
"DevDetail_MainInfo_Network_Site": "",
"DevDetail_MainInfo_Network_Title": "",
"DevDetail_MainInfo_Owner": "",
"DevDetail_MainInfo_SSID": "",
"DevDetail_MainInfo_Title": "",
"DevDetail_MainInfo_Type": "",
"DevDetail_MainInfo_Vendor": "",
"DevDetail_MainInfo_mac": "",
"DevDetail_NavToChildNode": "",
"DevDetail_Network_Node_hover": "",
"DevDetail_Network_Port_hover": "",
"DevDetail_Nmap_Scans": "",
"DevDetail_Nmap_Scans_desc": "",
"DevDetail_Nmap_buttonDefault": "",
"DevDetail_Nmap_buttonDefault_text": "",
"DevDetail_Nmap_buttonDetail": "",
"DevDetail_Nmap_buttonDetail_text": "",
"DevDetail_Nmap_buttonFast": "",
"DevDetail_Nmap_buttonFast_text": "",
"DevDetail_Nmap_buttonSkipDiscovery": "",
"DevDetail_Nmap_buttonSkipDiscovery_text": "",
"DevDetail_Nmap_resultsLink": "",
"DevDetail_Owner_hover": "",
"DevDetail_Periodselect_All": "",
"DevDetail_Periodselect_LastMonth": "",
"DevDetail_Periodselect_LastWeek": "",
"DevDetail_Periodselect_LastYear": "",
"DevDetail_Periodselect_today": "",
"DevDetail_Run_Actions_Title": "",
"DevDetail_Run_Actions_Tooltip": "",
"DevDetail_SessionInfo_FirstSession": "",
"DevDetail_SessionInfo_LastIP": "",
"DevDetail_SessionInfo_LastSession": "",
"DevDetail_SessionInfo_StaticIP": "",
"DevDetail_SessionInfo_Status": "",
"DevDetail_SessionInfo_Title": "",
"DevDetail_SessionTable_Additionalinfo": "",
"DevDetail_SessionTable_Connection": "",
"DevDetail_SessionTable_Disconnection": "",
"DevDetail_SessionTable_Duration": "",
"DevDetail_SessionTable_IP": "",
"DevDetail_SessionTable_Order": "",
"DevDetail_Shortcut_CurrentStatus": "",
"DevDetail_Shortcut_DownAlerts": "",
"DevDetail_Shortcut_Presence": "",
"DevDetail_Shortcut_Sessions": "",
"DevDetail_Tab_Details": "",
"DevDetail_Tab_Events": "",
"DevDetail_Tab_EventsTableDate": "",
"DevDetail_Tab_EventsTableEvent": "",
"DevDetail_Tab_EventsTableIP": "",
"DevDetail_Tab_EventsTableInfo": "",
"DevDetail_Tab_Nmap": "",
"DevDetail_Tab_NmapEmpty": "",
"DevDetail_Tab_NmapTableExtra": "",
"DevDetail_Tab_NmapTableHeader": "",
"DevDetail_Tab_NmapTableIndex": "",
"DevDetail_Tab_NmapTablePort": "",
"DevDetail_Tab_NmapTableService": "",
"DevDetail_Tab_NmapTableState": "",
"DevDetail_Tab_NmapTableText": "",
"DevDetail_Tab_NmapTableTime": "",
"DevDetail_Tab_Plugins": "",
"DevDetail_Tab_Presence": "",
"DevDetail_Tab_Sessions": "",
"DevDetail_Tab_Tools": "",
"DevDetail_Tab_Tools_Internet_Info_Description": "",
"DevDetail_Tab_Tools_Internet_Info_Error": "",
"DevDetail_Tab_Tools_Internet_Info_Start": "",
"DevDetail_Tab_Tools_Internet_Info_Title": "",
"DevDetail_Tab_Tools_Nslookup_Description": "",
"DevDetail_Tab_Tools_Nslookup_Error": "",
"DevDetail_Tab_Tools_Nslookup_Start": "",
"DevDetail_Tab_Tools_Nslookup_Title": "",
"DevDetail_Tab_Tools_Speedtest_Description": "",
"DevDetail_Tab_Tools_Speedtest_Start": "",
"DevDetail_Tab_Tools_Speedtest_Title": "",
"DevDetail_Tab_Tools_Traceroute_Description": "",
"DevDetail_Tab_Tools_Traceroute_Error": "",
"DevDetail_Tab_Tools_Traceroute_Start": "",
"DevDetail_Tab_Tools_Traceroute_Title": "",
"DevDetail_Tools_WOL": "",
"DevDetail_Tools_WOL_noti": "",
"DevDetail_Tools_WOL_noti_text": "",
"DevDetail_Type_hover": "",
"DevDetail_Vendor_hover": "",
"DevDetail_WOL_Title": "",
"DevDetail_button_AddIcon": "",
"DevDetail_button_AddIcon_Help": "",
"DevDetail_button_AddIcon_Tooltip": "",
"DevDetail_button_Delete": "",
"DevDetail_button_DeleteEvents": "",
"DevDetail_button_DeleteEvents_Warning": "",
"DevDetail_button_Delete_ask": "",
"DevDetail_button_OverwriteIcons": "",
"DevDetail_button_OverwriteIcons_Tooltip": "",
"DevDetail_button_OverwriteIcons_Warning": "",
"DevDetail_button_Reset": "",
"DevDetail_button_Save": "",
"DeviceEdit_ValidMacIp": "",
"Device_MultiEdit": "",
"Device_MultiEdit_Backup": "",
"Device_MultiEdit_Fields": "",
"Device_MultiEdit_MassActions": "",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "",
"Device_Searchbox": "",
"Device_Shortcut_AllDevices": "",
"Device_Shortcut_AllNodes": "",
"Device_Shortcut_Archived": "",
"Device_Shortcut_Connected": "",
"Device_Shortcut_Devices": "",
"Device_Shortcut_DownAlerts": "",
"Device_Shortcut_DownOnly": "",
"Device_Shortcut_Favorites": "",
"Device_Shortcut_NewDevices": "",
"Device_Shortcut_OnlineChart": "",
"Device_TableHead_AlertDown": "",
"Device_TableHead_Connected_Devices": "",
"Device_TableHead_CustomProps": "",
"Device_TableHead_FQDN": "",
"Device_TableHead_Favorite": "",
"Device_TableHead_FirstSession": "",
"Device_TableHead_GUID": "",
"Device_TableHead_Group": "",
"Device_TableHead_Icon": "",
"Device_TableHead_LastIP": "",
"Device_TableHead_LastIPOrder": "",
"Device_TableHead_LastSession": "",
"Device_TableHead_Location": "",
"Device_TableHead_MAC": "",
"Device_TableHead_MAC_full": "",
"Device_TableHead_Name": "",
"Device_TableHead_NetworkSite": "",
"Device_TableHead_Owner": "",
"Device_TableHead_ParentRelType": "",
"Device_TableHead_Parent_MAC": "",
"Device_TableHead_Port": "",
"Device_TableHead_PresentLastScan": "",
"Device_TableHead_ReqNicsOnline": "",
"Device_TableHead_RowID": "",
"Device_TableHead_Rowid": "",
"Device_TableHead_SSID": "",
"Device_TableHead_SourcePlugin": "",
"Device_TableHead_Status": "",
"Device_TableHead_SyncHubNodeName": "",
"Device_TableHead_Type": "",
"Device_TableHead_Vendor": "",
"Device_Table_Not_Network_Device": "",
"Device_Table_info": "",
"Device_Table_nav_next": "",
"Device_Table_nav_prev": "",
"Device_Tablelenght": "",
"Device_Tablelenght_all": "",
"Device_Title": "",
"Devices_Filters": "",
"ENABLE_PLUGINS_description": "",
"ENABLE_PLUGINS_name": "",
"ENCRYPTION_KEY_description": "",
"ENCRYPTION_KEY_name": "",
"Email_display_name": "",
"Email_icon": "",
"Events_Loading": "",
"Events_Periodselect_All": "",
"Events_Periodselect_LastMonth": "",
"Events_Periodselect_LastWeek": "",
"Events_Periodselect_LastYear": "",
"Events_Periodselect_today": "",
"Events_Searchbox": "",
"Events_Shortcut_AllEvents": "",
"Events_Shortcut_DownAlerts": "",
"Events_Shortcut_Events": "",
"Events_Shortcut_MissSessions": "",
"Events_Shortcut_NewDevices": "",
"Events_Shortcut_Sessions": "",
"Events_Shortcut_VoidSessions": "",
"Events_TableHead_AdditionalInfo": "",
"Events_TableHead_Connection": "",
"Events_TableHead_Date": "",
"Events_TableHead_Device": "",
"Events_TableHead_Disconnection": "",
"Events_TableHead_Duration": "",
"Events_TableHead_DurationOrder": "",
"Events_TableHead_EventType": "",
"Events_TableHead_IP": "",
"Events_TableHead_IPOrder": "",
"Events_TableHead_Order": "",
"Events_TableHead_Owner": "",
"Events_TableHead_PendingAlert": "",
"Events_Table_info": "",
"Events_Table_nav_next": "",
"Events_Table_nav_prev": "",
"Events_Tablelenght": "",
"Events_Tablelenght_all": "",
"Events_Title": "",
"GRAPHQL_PORT_description": "",
"GRAPHQL_PORT_name": "",
"Gen_Action": "",
"Gen_Add": "",
"Gen_AddDevice": "",
"Gen_Add_All": "",
"Gen_All_Devices": "",
"Gen_AreYouSure": "",
"Gen_Backup": "",
"Gen_Cancel": "",
"Gen_Change": "",
"Gen_Copy": "",
"Gen_CopyToClipboard": "",
"Gen_DataUpdatedUITakesTime": "",
"Gen_Delete": "",
"Gen_DeleteAll": "",
"Gen_Description": "",
"Gen_Error": "",
"Gen_Filter": "",
"Gen_Generate": "",
"Gen_InvalidMac": "",
"Gen_LockedDB": "",
"Gen_NetworkMask": "",
"Gen_Offline": "",
"Gen_Okay": "",
"Gen_Online": "",
"Gen_Purge": "",
"Gen_ReadDocs": "",
"Gen_Remove_All": "",
"Gen_Remove_Last": "",
"Gen_Reset": "",
"Gen_Restore": "",
"Gen_Run": "",
"Gen_Save": "",
"Gen_Saved": "",
"Gen_Search": "",
"Gen_Select": "",
"Gen_SelectIcon": "",
"Gen_SelectToPreview": "",
"Gen_Selected_Devices": "",
"Gen_Subnet": "",
"Gen_Switch": "",
"Gen_Upd": "",
"Gen_Upd_Fail": "",
"Gen_Update": "",
"Gen_Update_Value": "",
"Gen_ValidIcon": "",
"Gen_Warning": "",
"Gen_Work_In_Progress": "",
"Gen_create_new_device": "",
"Gen_create_new_device_info": "",
"General_display_name": "",
"General_icon": "",
"HRS_TO_KEEP_NEWDEV_description": "",
"HRS_TO_KEEP_NEWDEV_name": "",
"HRS_TO_KEEP_OFFDEV_description": "",
"HRS_TO_KEEP_OFFDEV_name": "",
"LOADED_PLUGINS_description": "",
"LOADED_PLUGINS_name": "",
"LOG_LEVEL_description": "",
"LOG_LEVEL_name": "",
"Loading": "",
"Login_Box": "",
"Login_Default_PWD": "",
"Login_Info": "",
"Login_Psw-box": "",
"Login_Psw_alert": "",
"Login_Psw_folder": "",
"Login_Psw_new": "",
"Login_Psw_run": "",
"Login_Remember": "",
"Login_Remember_small": "",
"Login_Submit": "",
"Login_Toggle_Alert_headline": "",
"Login_Toggle_Info": "",
"Login_Toggle_Info_headline": "",
"Maint_PurgeLog": "",
"Maint_RestartServer": "",
"Maint_Restart_Server_noti_text": "",
"Maintenance_InitCheck": "",
"Maintenance_InitCheck_Checking": "",
"Maintenance_InitCheck_QuickSetupGuide": "",
"Maintenance_InitCheck_Success": "",
"Maintenance_ReCheck": "",
"Maintenance_Running_Version": "",
"Maintenance_Status": "",
"Maintenance_Title": "",
"Maintenance_Tool_DownloadConfig": "",
"Maintenance_Tool_DownloadConfig_text": "",
"Maintenance_Tool_DownloadWorkflows": "",
"Maintenance_Tool_DownloadWorkflows_text": "",
"Maintenance_Tool_ExportCSV": "",
"Maintenance_Tool_ExportCSV_noti": "",
"Maintenance_Tool_ExportCSV_noti_text": "",
"Maintenance_Tool_ExportCSV_text": "",
"Maintenance_Tool_ImportCSV": "",
"Maintenance_Tool_ImportCSV_noti": "",
"Maintenance_Tool_ImportCSV_noti_text": "",
"Maintenance_Tool_ImportCSV_text": "",
"Maintenance_Tool_ImportConfig_noti": "",
"Maintenance_Tool_ImportPastedCSV": "",
"Maintenance_Tool_ImportPastedCSV_noti_text": "",
"Maintenance_Tool_ImportPastedCSV_text": "",
"Maintenance_Tool_ImportPastedConfig": "",
"Maintenance_Tool_ImportPastedConfig_noti_text": "",
"Maintenance_Tool_ImportPastedConfig_text": "",
"Maintenance_Tool_arpscansw": "",
"Maintenance_Tool_arpscansw_noti": "",
"Maintenance_Tool_arpscansw_noti_text": "",
"Maintenance_Tool_arpscansw_text": "",
"Maintenance_Tool_backup": "",
"Maintenance_Tool_backup_noti": "",
"Maintenance_Tool_backup_noti_text": "",
"Maintenance_Tool_backup_text": "",
"Maintenance_Tool_check_visible": "",
"Maintenance_Tool_darkmode": "",
"Maintenance_Tool_darkmode_noti": "",
"Maintenance_Tool_darkmode_noti_text": "",
"Maintenance_Tool_darkmode_text": "",
"Maintenance_Tool_del_ActHistory": "",
"Maintenance_Tool_del_ActHistory_noti": "",
"Maintenance_Tool_del_ActHistory_noti_text": "",
"Maintenance_Tool_del_ActHistory_text": "",
"Maintenance_Tool_del_alldev": "",
"Maintenance_Tool_del_alldev_noti": "",
"Maintenance_Tool_del_alldev_noti_text": "",
"Maintenance_Tool_del_alldev_text": "",
"Maintenance_Tool_del_allevents": "",
"Maintenance_Tool_del_allevents30": "",
"Maintenance_Tool_del_allevents30_noti": "",
"Maintenance_Tool_del_allevents30_noti_text": "",
"Maintenance_Tool_del_allevents30_text": "",
"Maintenance_Tool_del_allevents_noti": "",
"Maintenance_Tool_del_allevents_noti_text": "",
"Maintenance_Tool_del_allevents_text": "",
"Maintenance_Tool_del_empty_macs": "",
"Maintenance_Tool_del_empty_macs_noti": "",
"Maintenance_Tool_del_empty_macs_noti_text": "",
"Maintenance_Tool_del_empty_macs_text": "",
"Maintenance_Tool_del_selecteddev": "",
"Maintenance_Tool_del_selecteddev_text": "",
"Maintenance_Tool_del_unknowndev": "",
"Maintenance_Tool_del_unknowndev_noti": "",
"Maintenance_Tool_del_unknowndev_noti_text": "",
"Maintenance_Tool_del_unknowndev_text": "",
"Maintenance_Tool_displayed_columns_text": "",
"Maintenance_Tool_drag_me": "",
"Maintenance_Tool_order_columns_text": "",
"Maintenance_Tool_purgebackup": "",
"Maintenance_Tool_purgebackup_noti": "",
"Maintenance_Tool_purgebackup_noti_text": "",
"Maintenance_Tool_purgebackup_text": "",
"Maintenance_Tool_restore": "",
"Maintenance_Tool_restore_noti": "",
"Maintenance_Tool_restore_noti_text": "",
"Maintenance_Tool_restore_text": "",
"Maintenance_Tool_upgrade_database_noti": "",
"Maintenance_Tool_upgrade_database_noti_text": "",
"Maintenance_Tool_upgrade_database_text": "",
"Maintenance_Tools_Tab_BackupRestore": "",
"Maintenance_Tools_Tab_Logging": "",
"Maintenance_Tools_Tab_Settings": "",
"Maintenance_Tools_Tab_Tools": "",
"Maintenance_Tools_Tab_UISettings": "",
"Maintenance_arp_status": "",
"Maintenance_arp_status_off": "",
"Maintenance_arp_status_on": "",
"Maintenance_built_on": "",
"Maintenance_current_version": "",
"Maintenance_database_backup": "",
"Maintenance_database_backup_found": "",
"Maintenance_database_backup_total": "",
"Maintenance_database_lastmod": "",
"Maintenance_database_path": "",
"Maintenance_database_rows": "",
"Maintenance_database_size": "",
"Maintenance_lang_selector_apply": "",
"Maintenance_lang_selector_empty": "",
"Maintenance_lang_selector_lable": "",
"Maintenance_lang_selector_text": "",
"Maintenance_new_version": "",
"Maintenance_themeselector_apply": "",
"Maintenance_themeselector_empty": "",
"Maintenance_themeselector_lable": "",
"Maintenance_themeselector_text": "",
"Maintenance_version": "",
"NETWORK_DEVICE_TYPES_description": "",
"NETWORK_DEVICE_TYPES_name": "",
"Navigation_About": "",
"Navigation_AppEvents": "",
"Navigation_Devices": "",
"Navigation_Donations": "",
"Navigation_Events": "",
"Navigation_Integrations": "",
"Navigation_Maintenance": "",
"Navigation_Monitoring": "",
"Navigation_Network": "",
"Navigation_Notifications": "",
"Navigation_Plugins": "",
"Navigation_Presence": "",
"Navigation_Report": "",
"Navigation_Settings": "",
"Navigation_SystemInfo": "",
"Navigation_Workflows": "",
"Network_Assign": "",
"Network_Cant_Assign": "",
"Network_Cant_Assign_No_Node_Selected": "",
"Network_Configuration_Error": "",
"Network_Connected": "",
"Network_Devices": "",
"Network_ManageAdd": "",
"Network_ManageAdd_Name": "",
"Network_ManageAdd_Name_text": "",
"Network_ManageAdd_Port": "",
"Network_ManageAdd_Port_text": "",
"Network_ManageAdd_Submit": "",
"Network_ManageAdd_Type": "",
"Network_ManageAdd_Type_text": "",
"Network_ManageAssign": "",
"Network_ManageDel": "",
"Network_ManageDel_Name": "",
"Network_ManageDel_Name_text": "",
"Network_ManageDel_Submit": "",
"Network_ManageDevices": "",
"Network_ManageEdit": "",
"Network_ManageEdit_ID": "",
"Network_ManageEdit_ID_text": "",
"Network_ManageEdit_Name": "",
"Network_ManageEdit_Name_text": "",
"Network_ManageEdit_Port": "",
"Network_ManageEdit_Port_text": "",
"Network_ManageEdit_Submit": "",
"Network_ManageEdit_Type": "",
"Network_ManageEdit_Type_text": "",
"Network_ManageLeaf": "",
"Network_ManageUnassign": "",
"Network_NoAssignedDevices": "",
"Network_NoDevices": "",
"Network_Node": "",
"Network_Node_Name": "",
"Network_Parent": "",
"Network_Root": "",
"Network_Root_Not_Configured": "",
"Network_Root_Unconfigurable": "",
"Network_ShowArchived": "",
"Network_ShowOffline": "",
"Network_Table_Hostname": "",
"Network_Table_IP": "",
"Network_Table_State": "",
"Network_Title": "",
"Network_UnassignedDevices": "",
"Notifications_All": "",
"Notifications_Mark_All_Read": "",
"PIALERT_WEB_PASSWORD_description": "",
"PIALERT_WEB_PASSWORD_name": "",
"PIALERT_WEB_PROTECTION_description": "",
"PIALERT_WEB_PROTECTION_name": "",
"PLUGINS_KEEP_HIST_description": "",
"PLUGINS_KEEP_HIST_name": "",
"Plugins_DeleteAll": "",
"Plugins_Filters_Mac": "",
"Plugins_History": "",
"Plugins_Obj_DeleteListed": "",
"Plugins_Objects": "",
"Plugins_Out_of": "",
"Plugins_Unprocessed_Events": "",
"Plugins_no_control": "",
"Presence_CalHead_day": "",
"Presence_CalHead_lang": "",
"Presence_CalHead_month": "",
"Presence_CalHead_quarter": "",
"Presence_CalHead_week": "",
"Presence_CalHead_year": "",
"Presence_CallHead_Devices": "",
"Presence_Key_OnlineNow": "",
"Presence_Key_OnlineNow_desc": "",
"Presence_Key_OnlinePast": "",
"Presence_Key_OnlinePastMiss": "",
"Presence_Key_OnlinePastMiss_desc": "",
"Presence_Key_OnlinePast_desc": "",
"Presence_Loading": "",
"Presence_Shortcut_AllDevices": "",
"Presence_Shortcut_Archived": "",
"Presence_Shortcut_Connected": "",
"Presence_Shortcut_Devices": "",
"Presence_Shortcut_DownAlerts": "",
"Presence_Shortcut_Favorites": "",
"Presence_Shortcut_NewDevices": "",
"Presence_Title": "",
"REFRESH_FQDN_description": "",
"REFRESH_FQDN_name": "",
"REPORT_DASHBOARD_URL_description": "",
"REPORT_DASHBOARD_URL_name": "",
"REPORT_ERROR": "",
"REPORT_MAIL_description": "",
"REPORT_MAIL_name": "",
"REPORT_TITLE": "",
"RandomMAC_hover": "",
"Reports_Sent_Log": "",
"SCAN_SUBNETS_description": "",
"SCAN_SUBNETS_name": "",
"SYSTEM_TITLE": "",
"Setting_Override": "",
"Setting_Override_Description": "",
"Settings_Metadata_Toggle": "",
"Settings_Show_Description": "",
"Settings_device_Scanners_desync": "",
"Settings_device_Scanners_desync_popup": "",
"Speedtest_Results": "",
"Systeminfo_AvailableIps": "",
"Systeminfo_CPU": "",
"Systeminfo_CPU_Cores": "",
"Systeminfo_CPU_Name": "",
"Systeminfo_CPU_Speed": "",
"Systeminfo_CPU_Temp": "",
"Systeminfo_CPU_Vendor": "",
"Systeminfo_Client_Resolution": "",
"Systeminfo_Client_User_Agent": "",
"Systeminfo_General": "",
"Systeminfo_General_Date": "",
"Systeminfo_General_Date2": "",
"Systeminfo_General_Full_Date": "",
"Systeminfo_General_TimeZone": "",
"Systeminfo_Memory": "",
"Systeminfo_Memory_Total_Memory": "",
"Systeminfo_Memory_Usage": "",
"Systeminfo_Memory_Usage_Percent": "",
"Systeminfo_Motherboard": "",
"Systeminfo_Motherboard_BIOS": "",
"Systeminfo_Motherboard_BIOS_Date": "",
"Systeminfo_Motherboard_BIOS_Vendor": "",
"Systeminfo_Motherboard_Manufactured": "",
"Systeminfo_Motherboard_Name": "",
"Systeminfo_Motherboard_Revision": "",
"Systeminfo_Network": "",
"Systeminfo_Network_Accept_Encoding": "",
"Systeminfo_Network_Accept_Language": "",
"Systeminfo_Network_Connection_Port": "",
"Systeminfo_Network_HTTP_Host": "",
"Systeminfo_Network_HTTP_Referer": "",
"Systeminfo_Network_HTTP_Referer_String": "",
"Systeminfo_Network_Hardware": "",
"Systeminfo_Network_Hardware_Interface_Mask": "",
"Systeminfo_Network_Hardware_Interface_Name": "",
"Systeminfo_Network_Hardware_Interface_RX": "",
"Systeminfo_Network_Hardware_Interface_TX": "",
"Systeminfo_Network_IP": "",
"Systeminfo_Network_IP_Connection": "",
"Systeminfo_Network_IP_Server": "",
"Systeminfo_Network_MIME": "",
"Systeminfo_Network_Request_Method": "",
"Systeminfo_Network_Request_Time": "",
"Systeminfo_Network_Request_URI": "",
"Systeminfo_Network_Secure_Connection": "",
"Systeminfo_Network_Secure_Connection_String": "",
"Systeminfo_Network_Server_Name": "",
"Systeminfo_Network_Server_Name_String": "",
"Systeminfo_Network_Server_Query": "",
"Systeminfo_Network_Server_Query_String": "",
"Systeminfo_Network_Server_Version": "",
"Systeminfo_Services": "",
"Systeminfo_Services_Description": "",
"Systeminfo_Services_Name": "",
"Systeminfo_Storage": "",
"Systeminfo_Storage_Device": "",
"Systeminfo_Storage_Mount": "",
"Systeminfo_Storage_Size": "",
"Systeminfo_Storage_Type": "",
"Systeminfo_Storage_Usage": "",
"Systeminfo_Storage_Usage_Free": "",
"Systeminfo_Storage_Usage_Mount": "",
"Systeminfo_Storage_Usage_Total": "",
"Systeminfo_Storage_Usage_Used": "",
"Systeminfo_System": "",
"Systeminfo_System_AVG": "",
"Systeminfo_System_Architecture": "",
"Systeminfo_System_Kernel": "",
"Systeminfo_System_OSVersion": "",
"Systeminfo_System_Running_Processes": "",
"Systeminfo_System_System": "",
"Systeminfo_System_Uname": "",
"Systeminfo_System_Uptime": "",
"Systeminfo_This_Client": "",
"Systeminfo_USB_Devices": "",
"TICKER_MIGRATE_TO_NETALERTX": "",
"TIMEZONE_description": "",
"TIMEZONE_name": "",
"UI_DEV_SECTIONS_description": "",
"UI_DEV_SECTIONS_name": "",
"UI_ICONS_description": "",
"UI_ICONS_name": "",
"UI_LANG_description": "",
"UI_LANG_name": "",
"UI_MY_DEVICES_description": "",
"UI_MY_DEVICES_name": "",
"UI_NOT_RANDOM_MAC_description": "",
"UI_NOT_RANDOM_MAC_name": "",
"UI_PRESENCE_description": "",
"UI_PRESENCE_name": "",
"UI_REFRESH_description": "",
"UI_REFRESH_name": "",
"VERSION_description": "",
"VERSION_name": "",
"WF_Action_Add": "",
"WF_Action_field": "",
"WF_Action_type": "",
"WF_Action_value": "",
"WF_Actions": "",
"WF_Add": "",
"WF_Add_Condition": "",
"WF_Add_Group": "",
"WF_Condition_field": "",
"WF_Condition_operator": "",
"WF_Condition_value": "",
"WF_Conditions": "",
"WF_Conditions_logic_rules": "",
"WF_Duplicate": "",
"WF_Enabled": "",
"WF_Export": "",
"WF_Export_Copy": "",
"WF_Import": "",
"WF_Import_Copy": "",
"WF_Name": "",
"WF_Remove": "",
"WF_Remove_Copy": "",
"WF_Save": "",
"WF_Trigger": "",
"WF_Trigger_event_type": "",
"WF_Trigger_type": "",
"add_icon_event_tooltip": "",
"add_option_event_tooltip": "",
"copy_icons_event_tooltip": "",
"devices_old": "",
"general_event_description": "",
"general_event_title": "",
"go_to_device_event_tooltip": "",
"go_to_node_event_tooltip": "",
"new_version_available": "",
"report_guid": "",
"report_guid_missing": "",
"report_select_format": "",
"report_time": "",
"run_event_tooltip": "",
"select_icon_event_tooltip": "",
"settings_core_icon": "",
"settings_core_label": "",
"settings_device_scanners": "",
"settings_device_scanners_icon": "",
"settings_device_scanners_info": "",
"settings_device_scanners_label": "",
"settings_enabled": "",
"settings_enabled_icon": "",
"settings_expand_all": "",
"settings_imported": "",
"settings_imported_label": "",
"settings_missing": "",
"settings_missing_block": "",
"settings_old": "",
"settings_other_scanners": "",
"settings_other_scanners_icon": "",
"settings_other_scanners_label": "",
"settings_publishers": "",
"settings_publishers_icon": "",
"settings_publishers_info": "",
"settings_publishers_label": "",
"settings_readonly": "",
"settings_saved": "",
"settings_system_icon": "",
"settings_system_label": "",
"settings_update_item_warning": "",
"test_event_tooltip": ""
}

3
front/php/templates/language/fr_fr.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Attention, renseigner des valeurs non cohérentes ci-dessous peut bloquer votre paramétrage. Veillez à faire une sauvegarde de votre base de données ou de la configuration de vos appareils en premier lieu (<a href=\"php/server/devices.php?action=ExportCSV\">clisuer ici pour la télécharger <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Renseignez-vous sur comment remettre les appareils depuis ce fichier via la <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">documentation des sauvegardes</a>. Afin d'enregistrer les changements, cliquer sur l'icône <b>Sauvegarder<i class=\"fa-solid fa-save\"></i></b> sur chaque champ que vous voulez mettre à jour.",
"Device_MultiEdit_Fields": "Champs modifiables:",
"Device_MultiEdit_MassActions": "Actions en masse:",
"Device_MultiEdit_No_Devices": "Aucun appareil sélectionné.",
"Device_MultiEdit_Tooltip": "Attention. Ceci va appliquer la valeur de gauche à tous les appareils sélectionnés au-dessus.",
"Device_Searchbox": "Rechercher",
"Device_Shortcut_AllDevices": "Mes appareils",
@@ -760,4 +761,4 @@
"settings_system_label": "Système",
"settings_update_item_warning": "Mettre à jour la valeur ci-dessous. Veillez à bien suivre le même format qu'auparavant. <b>Il n'y a pas de pas de contrôle.</b>",
"test_event_tooltip": "Enregistrer d'abord vos modifications avant de tester vôtre paramétrage."
}
}

3
front/php/templates/language/it_it.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Attento, l'inserimento di valori errati di seguito interromperà la configurazione. Effettua prima il backup del database o della configurazione dei dispositivi (<a href=\"php/server/devices.php?action=ExportCSV\">fai clic per scaricare <i class=\"fa-solid fa-download fa-bounce\"></i> </a>). Leggi come ripristinare i dispositivi da questo file nella <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\" _blank\">Documentazione di backup</a>. Per applicare le modifiche, fai clic sull'icona <b>Salva<i class=\"fa-solid fa-save\"></i></b> su ogni campo che desideri aggiornare.",
"Device_MultiEdit_Fields": "Modifica campi:",
"Device_MultiEdit_MassActions": "Azioni di massa:",
"Device_MultiEdit_No_Devices": "Nessun dispositivo selezionato.",
"Device_MultiEdit_Tooltip": "Attento. Facendo clic verrà applicato il valore sulla sinistra a tutti i dispositivi selezionati sopra.",
"Device_Searchbox": "Cerca",
"Device_Shortcut_AllDevices": "I miei dispositivi",
@@ -760,4 +761,4 @@
"settings_system_label": "Sistema",
"settings_update_item_warning": "Aggiorna il valore qui sotto. Fai attenzione a seguire il formato precedente. <b>La convalida non viene eseguita.</b>",
"test_event_tooltip": "Salva le modifiche prima di provare le nuove impostazioni."
}
}

36
front/php/templates/language/lang.php
View File

@@ -5,7 +5,7 @@
// ###################################
$defaultLang = "en_us";
$allLanguages = ["en_us", "es_es", "de_de", "fr_fr", "it_it", "ru_ru", "nb_no", "pl_pl", "pt_br", "pt_pt", "tr_tr", "zh_cn", "cs_cz", "ar_ar", "ca_ca", "uk_ua"];
$allLanguages = [ "ar_ar", "ca_ca", "cs_cz", "de_de", "en_us", "es_es", "fa_fa", "fr_fr", "it_it", "nb_no", "pl_pl", "pt_br", "pt_pt", "ru_ru", "tr_tr", "uk_ua", "zh_cn"];
global $db;
@@ -14,22 +14,24 @@ $result = $db->querySingle("SELECT setValue FROM Settings WHERE setKey = 'UI_LAN
// below has to match exactly the values in /front/php/templates/language/lang.php & /front/js/common.js
switch($result){
case 'Spanish': $pia_lang_selected = 'es_es'; break;
case 'German': $pia_lang_selected = 'de_de'; break;
case 'Norwegian': $pia_lang_selected = 'nb_no'; break;
case 'Polish (pl_pl)': $pia_lang_selected = 'pl_pl'; break;
case 'Portuguese (pt_br)': $pia_lang_selected = 'pt_br'; break;
case 'Portuguese (pt_pt)': $pia_lang_selected = 'pt_pt'; break;
case 'Italian (it_it)': $pia_lang_selected = 'it_it'; break;
case 'Russian': $pia_lang_selected = 'ru_ru'; break;
case 'Turkish (tr_tr)': $pia_lang_selected = 'tr_tr'; break;
case 'French': $pia_lang_selected = 'fr_fr'; break;
case 'Chinese (zh_cn)': $pia_lang_selected = 'zh_cn'; break;
case 'Czech (cs_cz)': $pia_lang_selected = 'cs_cz'; break;
case 'Arabic (ar_ar)': $pia_lang_selected = 'ar_ar'; break;
case 'Catalan (ca_ca)': $pia_lang_selected = 'ca_ca'; break;
case 'Ukrainian (uk_ua)': $pia_lang_selected = 'uk_ua'; break;
default: $pia_lang_selected = 'en_us'; break;
case 'Arabic (ar_ar)': $pia_lang_selected = 'ar_ar'; break;
case 'Catalan (ca_ca)': $pia_lang_selected = 'ca_ca'; break;
case 'Czech (cs_cz)': $pia_lang_selected = 'cs_cz'; break;
case 'German (de_de)': $pia_lang_selected = 'de_de'; break;
case 'English (en_us)': $pia_lang_selected = 'en_us'; break;
case 'Spanish (es_es)': $pia_lang_selected = 'es_es'; break;
case 'Farsi (fa_fa)': $pia_lang_selected = 'fa_fa'; break;
case 'French (fr_fr)': $pia_lang_selected = 'fr_fr'; break;
case 'Italian (it_it)': $pia_lang_selected = 'it_it'; break;
case 'Norwegian (nb_no)': $pia_lang_selected = 'nb_no'; break;
case 'Polish (pl_pl)': $pia_lang_selected = 'pl_pl'; break;
case 'Portuguese (pt_br)': $pia_lang_selected = 'pt_br'; break;
case 'Portuguese (pt_pt)': $pia_lang_selected = 'pt_pt'; break;
case 'Russian (ru_ru)': $pia_lang_selected = 'ru_ru'; break;
case 'Turkish (tr_tr)': $pia_lang_selected = 'tr_tr'; break;
case 'Ukrainian (uk_ua)': $pia_lang_selected = 'uk_ua'; break;
case 'Chinese (zh_cn)': $pia_lang_selected = 'zh_cn'; break;
default: $pia_lang_selected = 'en_us'; break;
}
if (isset($pia_lang_selected) == FALSE or (strlen($pia_lang_selected) == 0)) {$pia_lang_selected = $defaultLang;}

3
front/php/templates/language/merge_translations.py
View File

@@ -33,6 +33,7 @@ def merge_translations(main_file, other_files):
if __name__ == "__main__":
current_path = os.path.dirname(os.path.abspath(__file__))
# language codes can be found here: http://www.lingoes.net/en/translator/langcode.htm
json_files = ["en_us.json", "de_de.json", "es_es.json", "fr_fr.json", "nb_no.json", "ru_ru.json", "it_it.json", "pt_br.json", "pt_pt.json", "pl_pl.json", "zh_cn.json", "tr_tr.json", "cs_cz.json", "ar_ar.json", "ca_ca.json", "uk_ua.json"]
# "en_us.json" has to be first!
json_files = [ "en_us.json", "ar_ar.json", "ca_ca.json", "cs_cz.json", "de_de.json", "es_es.json", "fa_fa.json", "fr_fr.json", "it_it.json", "nb_no.json", "pl_pl.json", "pt_br.json", "pt_pt.json", "ru_ru.json", "tr_tr.json", "uk_ua.json", "zh_cn.json"]
file_paths = [os.path.join(current_path, file) for file in json_files]
merge_translations(file_paths[0], file_paths[1:])

1
front/php/templates/language/nb_no.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Forsiktig, hvis du legger inn feil verdier nedenfor, vil oppsettet ditt ødelegges. Ta sikkerhetskopi av databasen eller enhetskonfigurasjonen først (<a href=\"php/server/devices.php?action=ExportCSV\">klikk for å laste ned <i class=\"fa-solid fa-download fa-bounce\"></i> </a>). Les hvordan du gjenoppretter enheter fra denne filen i <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">Sikkerhetskopierings dokumentasjon</a>.",
"Device_MultiEdit_Fields": "Rediger felt:",
"Device_MultiEdit_MassActions": "Flerhandlinger:",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "Forsiktig. Ved å klikke på denne vil verdien til venstre brukes på alle enhetene som er valgt ovenfor.",
"Device_Searchbox": "Søk",
"Device_Shortcut_AllDevices": "Mine Enheter",

1
front/php/templates/language/pl_pl.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Uwaga, wprowadzenie niepoprawnych wartości poniżej może uszkodzić Twoją konfigurację. Najpierw wykonaj kopię zapasową bazy danych lub konfiguracji urządzeń (<a href=\"php/server/devices.php?action=ExportCSV\">kliknij, aby pobrać <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Instrukcje odzyskiwania urządzeń z tego pliku znajdziesz w <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">dokumentacji kopii zapasowych</a>. Aby zastosować zmiany, kliknij ikonę <b>Zapisz<i class=\"fa-solid fa-save\"></i></b> przy każdym polu, które chcesz zaktualizować.",
"Device_MultiEdit_Fields": "Edytuj pola:",
"Device_MultiEdit_MassActions": "Operacje zbiorcze:",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "Uwaga. Kliknięcie tego spowoduje zastosowanie wartości po lewej stronie do wszystkich wybranych powyżej urządzeń.",
"Device_Searchbox": "Szukaj",
"Device_Shortcut_AllDevices": "Moje urządzenia",

1
front/php/templates/language/pt_br.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Cuidado, inserir valores errados abaixo interromperá sua configuração. Faça backup do seu banco de dados ou da configuração dos dispositivos primeiro (<a href=\"php/server/devices.php?action=ExportCSV\">clique para baixar <i class=\"fa-solid fa-download fa-bounce\"></i> </a>). Leia como recuperar dispositivos deste arquivo no <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\" _blank\">Documentação de backups</a>.",
"Device_MultiEdit_Fields": "Editar campos:",
"Device_MultiEdit_MassActions": "Ações em massa:",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "Cuidadoso. Clicar aqui aplicará o valor à esquerda a todos os dispositivos selecionados acima.",
"Device_Searchbox": "Procurar",
"Device_Shortcut_AllDevices": "Meus dispositivos",

3
front/php/templates/language/pt_pt.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "",
"Device_MultiEdit_Fields": "Editar campos:",
"Device_MultiEdit_MassActions": "Ações em massa:",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "Cuidadoso. Clicar aqui aplicará o valor à esquerda a todos os dispositivos selecionados acima.",
"Device_Searchbox": "Procurar",
"Device_Shortcut_AllDevices": "",
@@ -760,4 +761,4 @@
"settings_system_label": "",
"settings_update_item_warning": "",
"test_event_tooltip": "Guarde as alterações antes de testar as definições."
}
}

1
front/php/templates/language/ru_ru.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Будьте осторожны: ввод неправильных значений ниже приведет к поломке вашей настройки. Сначала сделайте резервную копию базы данных или конфигурации устройств (<a href=\"php/server/devices.php?action=ExportCSV\">нажмите для загрузки <i class=\"fa-solid fa-download fa-bounce\"></i></a>). О том, как восстановить Устройства из этого файла, читайте в разделе <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">Документация о резервном копировании</a>. Чтобы применить свои изменения, нажмите на значок <b> Сохранить <i class = \"fa-solid fa-save\"> </i> </b> в каждом поле, которое вы хотите обновить.",
"Device_MultiEdit_Fields": "Редактировать поля:",
"Device_MultiEdit_MassActions": "Массовые действия:",
"Device_MultiEdit_No_Devices": "Устройства не выбраны.",
"Device_MultiEdit_Tooltip": "Осторожно. При нажатии на эту кнопку значение слева будет применено ко всем устройствам, выбранным выше.",
"Device_Searchbox": "Поиск",
"Device_Shortcut_AllDevices": "Мои устройства",

1
front/php/templates/language/tr_tr.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Dikkat, aşağıya yanlış değerler girmeniz yapılandırmanızı bozabilir. Lütfen önce veritabanınızı veya Cihazlar yapılandırmanızı yedekleyin (<a href=\"php/server/devices.php?action=ExportCSV\">İndirmeniz için tıklayın <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Bu dosyadan Cihazları nasıl geri yükleyeceğinizi öğrenmek için <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">Yedekleme dökümantasyonunu</a> okuyun.",
"Device_MultiEdit_Fields": "Alanları Düzenle:",
"Device_MultiEdit_MassActions": "Toplu komutlar:",
"Device_MultiEdit_No_Devices": "",
"Device_MultiEdit_Tooltip": "Dikkat. Buna tıklamak, soldaki değeri yukarıda seçilen tüm cihazlara uygulayacaktır.",
"Device_Searchbox": "Arama",
"Device_Shortcut_AllDevices": "Cihazlarım",

3
front/php/templates/language/uk_ua.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "Обережно, введення неправильних значень нижче призведе до порушення роботи налаштувань. Спочатку створіть резервну копію бази даних або конфігурації пристроїв (<a href=\"php/server/devices.php?action=ExportCSV\">натисніть, щоб завантажити <i class=\"fa-solid fa-download fa-bounce\"></i></a>). Прочитайте, як відновити пристрої з цього файлу, у <a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">документації щодо резервних копій</a>. Щоб застосувати зміни, натисніть значок <b>Зберегти<i class=\"fa-solid fa-save\"></i></b> у кожному полі, яке потрібно оновити.",
"Device_MultiEdit_Fields": "Редагувати поля:",
"Device_MultiEdit_MassActions": "Масові акції:",
"Device_MultiEdit_No_Devices": "Не вибрано жодного пристрою.",
"Device_MultiEdit_Tooltip": "Обережно. Якщо натиснути це, значення зліва буде застосовано до всіх пристроїв, вибраних вище.",
"Device_Searchbox": "Пошук",
"Device_Shortcut_AllDevices": "Мої пристрої",
@@ -760,4 +761,4 @@
"settings_system_label": "Система",
"settings_update_item_warning": "Оновіть значення нижче. Слідкуйте за попереднім форматом. <b>Перевірка не виконана.</b>",
"test_event_tooltip": "Перш ніж перевіряти налаштування, збережіть зміни."
}
}

1
front/php/templates/language/zh_cn.json
View File

@@ -199,6 +199,7 @@
"Device_MultiEdit_Backup": "小心,输入错误的值将破坏您的设置。请先备份您的数据库或设备配置(<a href=\"php/server/devices.php?action=ExportCSV\">点击下载<i class=\"fa-solid fa-download fa-bounce\"></i></a>)。在<a href=\"https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md#scenario-2-corrupted-database\" target=\"_blank\">备份文档</a>中了解如何从此文件恢复设备。要应用更改,请在每个需要更新的字段点击<b>保存<i class='fa-solid fa-save'></i></b>图标。",
"Device_MultiEdit_Fields": "编辑:",
"Device_MultiEdit_MassActions": "谨慎操作:",
"Device_MultiEdit_No_Devices": "未选择设备。",
"Device_MultiEdit_Tooltip": "小心。 单击此按钮会将左侧的值应用到上面选择的所有设备。",
"Device_Searchbox": "搜索",
"Device_Shortcut_AllDevices": "我的设备",

31
front/plugins/arp_scan/config.json
View File

@@ -64,7 +64,8 @@
"name": "subnets",
"type": "setting",
"value": "SCAN_SUBNETS",
"base64": true
"base64": true,
"timeoutMultiplier": true
}
],
"settings": [
@@ -387,6 +388,34 @@
"string": "Arguments to run arps-scan with. Recommended and tested only with the setting: <br/> <code>sudo arp-scan --ignoredups --retry=6</code>."
}
]
},
{
"function": "DURATION",
"type": {
"dataType": "integer",
"elements": [
{
"elementType": "input",
"elementOptions": [{ "type": "number" }],
"transformers": []
}
]
},
"default_value": 0,
"options": [],
"localized": ["name", "description"],
"name": [
{
"language_code": "en_us",
"string": "Discovery duration"
}
],
"description": [
{
"language_code": "en_us",
"string": "If <code>DURATION</code> is not <code>0</code>, the scan runs repeatedly per interface for that many seconds. <strong>Important:</strong> <code>RUN_TIMEOUT</code> must be greater than <code>DURATION</code>, otherwise the scan will fail."
}
]
}
],
"database_column_definitions": [

31
front/plugins/arp_scan/script.py
View File

@@ -1,6 +1,7 @@
#!/usr/bin/env python
import os
import time
import pathlib
import argparse
import sys
@@ -46,7 +47,7 @@ def main():
plugin_objects = Plugin_Objects(RESULT_FILE)
# Print a message to indicate that the script is starting.
mylog('verbose', ['[ARP Scan] In script '])
mylog('verbose', [f'[{pluginName}] In script '])
# holds a list of user-submitted subnets.
# mylog('verbose', ['[ARP Scan] values.userSubnets: ', values.userSubnets])
@@ -150,16 +151,28 @@ def execute_arpscan_on_interface(interface):
# Prepare command arguments
arpscan_args = get_setting_value('ARPSCAN_ARGS').split() + interface.split()
# Execute command
# Optional duration in seconds (0 = run once)
try:
# try running a subprocess safely
result = subprocess.check_output(arpscan_args, universal_newlines=True)
except subprocess.CalledProcessError as e:
# An error occurred, handle it
error_type = type(e).__name__ # Capture the error type
result = ""
scan_duration = int(get_setting_value('ARPSCAN_DURATION'))
except Exception:
scan_duration = 0 # default: single run
return result
results = []
start_time = time.time()
while True:
try:
result = subprocess.check_output(arpscan_args, universal_newlines=True)
results.append(result)
except subprocess.CalledProcessError as e:
result = ""
# stop looping if duration not set or expired
if scan_duration == 0 or (time.time() - start_time) > scan_duration:
break
time.sleep(2) # short delay between scans
# concatenate all outputs (for regex parsing)
return "\n".join(results)

291
front/plugins/avahi_scan/avahi_scan.py
View File

@@ -1,215 +1,142 @@
#!/usr/bin/env python
#!/usr/bin/env python3
import os
import pathlib
import sys
import json
import sqlite3
import subprocess
import socket
import ipaddress
from zeroconf import Zeroconf, ServiceBrowser, ServiceInfo, InterfaceChoice, IPVersion
from zeroconf.asyncio import AsyncZeroconf
# Define the installation path and extend the system path for plugin imports
INSTALL_PATH = "/app"
sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"])
from plugin_helper import Plugin_Object, Plugin_Objects, decodeBase64
from plugin_utils import get_plugins_configs
from plugin_helper import Plugin_Objects
from logger import mylog, Logger
from const import pluginsPath, fullDbPath, logPath
from helper import timeNowTZ, get_setting_value
from messaging.in_app import write_notification
from const import logPath
from helper import get_setting_value
from database import DB
from models.device_instance import DeviceInstance
import conf
from pytz import timezone
# Make sure the TIMEZONE for logging is correct
conf.tz = timezone(get_setting_value('TIMEZONE'))
# Configure timezone and logging
conf.tz = timezone(get_setting_value("TIMEZONE"))
Logger(get_setting_value("LOG_LEVEL"))
# Make sure log level is initialized correctly
Logger(get_setting_value('LOG_LEVEL'))
pluginName = "AVAHISCAN"
pluginName = 'AVAHISCAN'
# Define log paths
LOG_PATH = os.path.join(logPath, "plugins")
LOG_FILE = os.path.join(LOG_PATH, f"script.{pluginName}.log")
RESULT_FILE = os.path.join(LOG_PATH, f"last_result.{pluginName}.log")
# Define the current path and log file paths
LOG_PATH = logPath + '/plugins'
LOG_FILE = os.path.join(LOG_PATH, f'script.{pluginName}.log')
RESULT_FILE = os.path.join(LOG_PATH, f'last_result.{pluginName}.log')
# Initialize the Plugin obj output file
# Initialize plugin results
plugin_objects = Plugin_Objects(RESULT_FILE)
# =============================================================================
# Helper functions
# =============================================================================
def resolve_mdns_name(ip: str, timeout: int = 5) -> str:
"""
Attempts to resolve a hostname via multicast DNS using the Zeroconf library.
Args:
ip (str): The IP address to resolve.
timeout (int): Timeout in seconds for mDNS resolution.
Returns:
str: Resolved hostname (or empty string if not found).
"""
mylog("debug", [f"[{pluginName}] Resolving mDNS for {ip}"])
# Convert string IP to an address object
try:
addr = ipaddress.ip_address(ip)
except ValueError:
mylog("none", [f"[{pluginName}] Invalid IP: {ip}"])
return ""
# Reverse lookup name, e.g. "121.1.168.192.in-addr.arpa"
if addr.version == 4:
rev_name = ipaddress.ip_address(ip).reverse_pointer
else:
rev_name = ipaddress.ip_address(ip).reverse_pointer
try:
zeroconf = Zeroconf()
hostname = socket.getnameinfo((ip, 0), socket.NI_NAMEREQD)[0]
zeroconf.close()
if hostname and hostname != ip:
mylog("debug", [f"[{pluginName}] Found mDNS name: {hostname}"])
return hostname
except Exception as e:
mylog("debug", [f"[{pluginName}] Zeroconf lookup failed for {ip}: {e}"])
finally:
try:
zeroconf.close()
except Exception:
pass
return ""
# =============================================================================
# Main logic
# =============================================================================
def main():
mylog('verbose', [f'[{pluginName}] In script'])
mylog("verbose", [f"[{pluginName}] Script started"])
# timeout = get_setting_value('AVAHI_RUN_TIMEOUT')
timeout = 20
timeout = get_setting_value("AVAHISCAN_RUN_TIMEOUT")
use_mock = "--mockdata" in sys.argv
# Create a database connection
db = DB() # instance of class DB
db.open()
if use_mock:
mylog("verbose", [f"[{pluginName}] Running in MOCK mode"])
devices = [
{"devMac": "00:11:22:33:44:55", "devLastIP": "192.168.1.121"},
{"devMac": "00:11:22:33:44:56", "devLastIP": "192.168.1.9"},
{"devMac": "00:11:22:33:44:57", "devLastIP": "192.168.1.82"},
]
else:
db = DB()
db.open()
device_handler = DeviceInstance(db)
devices = (
device_handler.getAll()
if get_setting_value("REFRESH_FQDN")
else device_handler.getUnknown()
)
# Initialize the Plugin obj output file
plugin_objects = Plugin_Objects(RESULT_FILE)
# Create a DeviceInstance instance
device_handler = DeviceInstance(db)
# Retrieve devices
if get_setting_value("REFRESH_FQDN"):
devices = device_handler.getAll()
else:
devices = device_handler.getUnknown()
mylog('verbose', [f'[{pluginName}] Devices count: {len(devices)}'])
# Mock list of devices (replace with actual device_handler.getUnknown() in production)
# devices = [
# {'devMac': '00:11:22:33:44:55', 'devLastIP': '192.168.1.121'},
# {'devMac': '00:11:22:33:44:56', 'devLastIP': '192.168.1.9'},
# {'devMac': '00:11:22:33:44:57', 'devLastIP': '192.168.1.82'},
# ]
if len(devices) > 0:
# ensure service is running
ensure_avahi_running()
mylog("verbose", [f"[{pluginName}] Devices count: {len(devices)}"])
for device in devices:
domain_name = execute_name_lookup(device['devLastIP'], timeout)
ip = device["devLastIP"]
mac = device["devMac"]
# check if found and not a timeout ('to')
if domain_name != '' and domain_name != 'to':
hostname = resolve_mdns_name(ip, timeout)
if hostname:
plugin_objects.add_object(
# "MAC", "IP", "Server", "Name"
primaryId = device['devMac'],
secondaryId = device['devLastIP'],
watched1 = '', # You can add any relevant info here if needed
watched2 = domain_name,
watched3 = '',
watched4 = '',
extra = '',
foreignKey = device['devMac'])
primaryId=mac,
secondaryId=ip,
watched1="",
watched2=hostname,
watched3="",
watched4="",
extra="",
foreignKey=mac,
)
plugin_objects.write_result_file()
mylog('verbose', [f'[{pluginName}] Script finished'])
mylog("verbose", [f"[{pluginName}] Script finished"])
return 0
#===============================================================================
# Execute scan
#===============================================================================
def execute_name_lookup(ip, timeout):
"""
Execute the avahi-resolve command on the IP.
"""
args = ['avahi-resolve', '-a', ip]
# Execute command
output = ""
try:
mylog('debug', [f'[{pluginName}] DEBUG CMD :', args])
# Run the subprocess with a forced timeout
output = subprocess.check_output(args, universal_newlines=True, stderr=subprocess.STDOUT, timeout=timeout)
mylog('debug', [f'[{pluginName}] DEBUG OUTPUT : {output}'])
domain_name = ''
# Split the output into lines
lines = output.splitlines()
# Look for the resolved IP address
for line in lines:
if ip in line:
parts = line.split()
if len(parts) > 1:
domain_name = parts[1] # Second part is the resolved domain name
else:
mylog('verbose', [f'[{pluginName}] ⚠ ERROR - Unexpected output format: {line}'])
mylog('debug', [f'[{pluginName}] Domain Name: {domain_name}'])
return domain_name
except subprocess.CalledProcessError as e:
mylog('none', [f'[{pluginName}] ⚠ ERROR - {e.output}'])
except subprocess.TimeoutExpired:
mylog('none', [f'[{pluginName}] TIMEOUT - the process forcefully terminated as timeout reached'])
if output == "":
mylog('none', [f'[{pluginName}] Scan: FAIL - check logs'])
else:
mylog('debug', [f'[{pluginName}] Scan: SUCCESS'])
return ''
# Function to ensure Avahi and its dependencies are running
def ensure_avahi_running(attempt=1, max_retries=2):
"""
Ensure that D-Bus is running and the Avahi daemon is started, with recursive retry logic.
"""
mylog('debug', [f'[{pluginName}] Attempt {attempt} - Ensuring D-Bus and Avahi daemon are running...'])
# Check rc-status
try:
subprocess.run(['rc-status'], check=True)
except subprocess.CalledProcessError as e:
mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to check rc-status: {e.output}'])
return
# Create OpenRC soft level
subprocess.run(['touch', '/run/openrc/softlevel'], check=True)
# Add Avahi daemon to runlevel
try:
subprocess.run(['rc-update', 'add', 'avahi-daemon'], check=True)
except subprocess.CalledProcessError as e:
mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to add Avahi to runlevel: {e.output}'])
return
# Start the D-Bus service
try:
subprocess.run(['rc-service', 'dbus', 'start'], check=True)
except subprocess.CalledProcessError as e:
mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to start D-Bus: {e.output}'])
return
# Check Avahi status
status_output = subprocess.run(['rc-service', 'avahi-daemon', 'status'], capture_output=True, text=True)
if 'started' in status_output.stdout:
mylog('debug', [f'[{pluginName}] Avahi Daemon is already running.'])
return
mylog('none', [f'[{pluginName}] Avahi Daemon is not running, attempting to start... (Attempt {attempt})'])
# Start the Avahi daemon
try:
subprocess.run(['rc-service', 'avahi-daemon', 'start'], check=True)
except subprocess.CalledProcessError as e:
mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to start Avahi daemon: {e.output}'])
# Check status after starting
status_output = subprocess.run(['rc-service', 'avahi-daemon', 'status'], capture_output=True, text=True)
if 'started' in status_output.stdout:
mylog('debug', [f'[{pluginName}] Avahi Daemon successfully started.'])
return
# Retry if not started and attempts are left
if attempt < max_retries:
mylog('debug', [f'[{pluginName}] Retrying... ({attempt + 1}/{max_retries})'])
ensure_avahi_running(attempt + 1, max_retries)
else:
mylog('none', [f'[{pluginName}] ⚠ ERROR - Avahi Daemon failed to start after {max_retries} attempts.'])
# rc-update add avahi-daemon
# rc-service avahi-daemon status
# rc-service avahi-daemon start
if __name__ == '__main__':
main()
# =============================================================================
# Entrypoint
# =============================================================================
if __name__ == "__main__":
main()

2
front/plugins/dhcp_servers/script.py
View File

@@ -41,7 +41,7 @@ def main():
plugin_objects = Plugin_Objects(RESULT_FILE)
timeoutSec = get_setting_value('DHCPSRVS_RUN_TIMEOUT')
nmapArgs = ['sudo', 'nmap', '--script', 'broadcast-dhcp-discover']
nmapArgs = ['sudo', 'nmap', '--privileged', '--script', 'broadcast-dhcp-discover']
try:
dhcp_probes = 1

2
front/plugins/icmp_scan/README.md
View File

@@ -2,6 +2,8 @@
Plugin for pinging existing devices via the [ping](https://linux.die.net/man/8/ping) network utility. The devices have to be accessible from the container. You can use this plugin with other suplementing plugins as described in the [subnets docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md).
This plugin can be used if you are getting false offline positives on specific devices. See the [Fix offline detection guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/FIX_OFFLINE_DETECTION.md) for details.
### Usage
- Check the Settings page for details.

8
front/plugins/mikrotik_scan/README.md
View File

@@ -25,3 +25,11 @@ To assign a meaningful device name, the plugin resolves it in the following orde
- **Comment**: The `comment` field in the MikroTik router's DHCP lease configuration. This is useful for naming static leases of known devies.
- **Hostname**: The hostname provided by the device during DHCP negotiation.
- **"(unknown)"**: as the fallback name, allowing other plugins to resolve the device name later.
### Other info
- Version: 1.0
- Author: [lookflying](https://github.com/lookflying)
- Maintainer(s): [elraro](https://github.com/elraro), [kamil-olszewski-devskiller](https://github.com/kamil-olszewski-devskiller)
- Release Date: 12-Sep-2024

7
front/plugins/sync/sync.py
View File

@@ -178,7 +178,7 @@ def main():
if file_name != 'last_result.log':
mylog('verbose', [f'[{pluginName}] Processing: "{file_name}"'])
# make sure the file has teh correct name (e.g last_result.encoded.Node_1.1.log) to skip any otehr plugin files
# make sure the file has the correct name (e.g last_result.encoded.Node_1.1.log) to skip any otehr plugin files
if len(file_name.split('.')) > 2:
# Store e.g. Node_1 from last_result.encoded.Node_1.1.log
syncHubNodeName = file_name.split('.')[1]
@@ -210,9 +210,10 @@ def main():
existing_mac_addresses = set(row[0] for row in cursor.fetchall())
# insert devices into the lats_result.log to manage state
# insert devices into the last_result.log and thus CurrentScan table to manage state
for device in device_data:
if device['devPresentLastScan'] == 1:
# only insert devices taht were online and skip the root node to prevent IP flipping on the hub
if device['devPresentLastScan'] == 1 and str(device['devMac']).lower() != 'internet':
plugin_objects.add_object(
primaryId = device['devMac'],
secondaryId = device['devLastIP'],

27
front/plugins/ui_settings/config.json
View File

@@ -213,6 +213,33 @@
}
]
},
{
"function": "DEFAULT_PAGE_SIZE",
"type": {
"dataType": "integer",
"elements": [
{
"elementType": "input",
"elementOptions": [{ "type": "number" }],
"transformers": []
}
]
},
"maxLength": 50,
"default_value": 20,
"options": [],
"localized": [],
"name": [
{
"string": "Default page size"
}
],
"description": [
{
"string": "Default number of items shown in tables per page, for example in teh Devices lists."
}
]
},
{
"function": "DEV_SECTIONS",
"type": {

7
front/plugins/unifi_api_import/unifi_api_import.py
View File

@@ -112,7 +112,12 @@ def get_device_data(site, api):
mylog('verbose', [f'[{pluginName}] Site: {site_name} clients: {json.dumps(clients_resp, indent=2)}'])
# Build a lookup for devices by their 'id' to find parent MAC easily
device_id_to_mac = {dev['id']: dev.get('macAddress', '') for dev in unifi_devices}
device_id_to_mac = {}
for dev in unifi_devices:
if "id" not in dev:
mylog("verbose", [f"[{pluginName}] Skipping device without 'id': {json.dumps(dev)}"])
continue
device_id_to_mac[dev["id"]] = dev.get("macAddress", "")
# Helper to resolve uplinkDeviceId to parent MAC, or "Internet" if no uplink
def resolve_parent_mac(uplink_id):

2
front/plugins/vendor_update/script.py
View File

@@ -61,7 +61,7 @@ def update_vendor_database():
# Update vendors DB (iab oui)
mylog('verbose', [' Updating vendors DB (iab & oui)'])
update_args = ['sh', applicationPath + '/back/update_vendors.sh']
update_args = ['sh', applicationPath + '/services/update_vendors.sh']
# Execute command
try:

116
front/settings.php
View File

@@ -566,122 +566,6 @@ $settingsJSON_DB = json_encode($settings, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX
setCodeName = set["setKey"]
settingsArray = collectSetting(prefix, setCodeName, setType, settingsArray)
// // console.log(prefix);
// const setTypeObject = JSON.parse(processQuotes(setType))
// // console.log(setTypeObject);
// const dataType = setTypeObject.dataType;
// // get the element with the input value(s)
// let elements = setTypeObject.elements.filter(element => element.elementHasInputValue === 1);
// // if none found, take last
// if(elements.length == 0)
// {
// elementWithInputValue = setTypeObject.elements[setTypeObject.elements.length - 1]
// } else
// {
// elementWithInputValue = elements[0]
// }
// const { elementType, elementOptions = [], transformers = [] } = elementWithInputValue;
// const {
// inputType,
// readOnly,
// isMultiSelect,
// isOrdeable,
// cssClasses,
// placeholder,
// suffix,
// sourceIds,
// separator,
// editable,
// valRes,
// getStringKey,
// onClick,
// onChange,
// customParams,
// customId,
// columns,
// base64Regex,
// elementOptionsBase64
// } = handleElementOptions('none', elementOptions, transformers, val = "");
// let value;
// if (dataType === "string" && elementWithInputValue.elementType === "datatable" ) {
// value = collectTableData(`#${setCodeName}_table`)
// settingsArray.push([prefix, setCodeName, dataType, btoa(JSON.stringify(value))]);
// } else if (dataType === "string" ||
// (dataType === "integer" && (inputType === "number" || inputType === "text"))) {
// value = $('#' + setCodeName).val();
// value = applyTransformers(value, transformers);
// settingsArray.push([prefix, setCodeName, dataType, value]);
// } else if (inputType === 'checkbox') {
// value = $(`#${setCodeName}`).is(':checked') ? 1 : 0;
// if(dataType === "boolean")
// {
// value = value == 1 ? "True" : "False";
// }
// value = applyTransformers(value, transformers);
// settingsArray.push([prefix, setCodeName, dataType, value]);
// } else if (dataType === "array" ) {
// let temps = [];
// if(isOrdeable)
// {
// temps = $(`#${setCodeName}`).val()
// } else
// {
// // make sure to collect all if set as "editable" or selected only otherwise
// $(`#${setCodeName}`).attr("my-editable") == "true" ? additionalSelector = "" : additionalSelector = ":selected";
// $(`#${setCodeName} option${additionalSelector}`).each(function() {
// const vl = $(this).val();
// if (vl !== '') {
// temps.push(applyTransformers(vl, transformers));
// }
// });
// }
// value = JSON.stringify(temps);
// settingsArray.push([prefix, setCodeName, dataType, value]);
// } else if (dataType === "none") {
// // no value to save
// value = ""
// settingsArray.push([prefix, setCodeName, dataType, value]);
// } else if (dataType === "json") {
// value = $('#' + setCodeName).val();
// value = applyTransformers(value, transformers);
// value = JSON.stringify(value, null, 2)
// settingsArray.push([prefix, setCodeName, dataType, value]);
// } else {
// console.error(`[saveSettings] Couldn't determine how to handle (setCodeName|dataType|inputType):(${setCodeName}|${dataType}|${inputType})`);
// value = $('#' + setCodeName).val();
// value = applyTransformers(value, transformers);
// console.error(`[saveSettings] Saving value "${value}"`);
// settingsArray.push([prefix, setCodeName, dataType, value]);
// }
});
// sanity check to make sure settings were loaded & collected correctly

1
front/systeminfoServer.php
View File

@@ -4,6 +4,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/security.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/server/db.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/language/lang.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/php/templates/globals.php';
?>
<?php

2
front/userNotifications.php
View File

@@ -74,6 +74,8 @@ require 'php/templates/header.php';
$(document).ready(function() {
const table = $('#notificationsTable').DataTable({
"pageLength": parseInt(getSetting("UI_DEFAULT_PAGE_SIZE")),
'lengthMenu' : getLengthMenu(parseInt(getSetting("UI_DEFAULT_PAGE_SIZE"))),
"columns": [
{ "data": "timestamp" ,
"render": function(data, type, row) {

17
install/debian12/install_dependencies.debian12.sh
View File

@@ -6,6 +6,15 @@ echo "---------------------------------------------------------"
# ❗ IMPORTANT - if you modify this file modify the root Dockerfile as well ❗
SCRIPT_DIR="$(cd -- "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
REQUIREMENTS_FILE="${REPO_ROOT}/requirements.txt"
if [[ ! -f "${REQUIREMENTS_FILE}" ]]; then
echo "requirements.txt not found at ${REQUIREMENTS_FILE}. Please ensure the repository root is available." >&2
exit 1
fi
# Check if script is run as root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root. Please use 'sudo'."
@@ -14,7 +23,7 @@ fi
# Install dependencies
apt-get install -y \
tini snmp ca-certificates curl libwww-perl arp-scan perl apt-utils cron sudo \
tini snmp ca-certificates curl libwww-perl arp-scan perl apt-utils cron sudo gettext-base \
nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools \
python3 python3-dev iproute2 nmap python3-pip zip usbutils traceroute nbtscan avahi-daemon avahi-utils openrc build-essential git
@@ -24,10 +33,10 @@ sudo phpenmod -v 8.2 sqlite3
# setup virtual python environment so we can use pip3 to install packages
apt-get install python3-venv -y
python3 -m venv myenv
source myenv/bin/activate
python3 -m venv /opt/venv
source /opt/venv/bin/activate
update-alternatives --install /usr/bin/python python /usr/bin/python3 10
# install packages thru pip3
pip3 install openwrt-luci-rpc asusrouter asyncio aiohttp graphene flask flask-cors unifi-sm-api tplink-omada-client wakeonlan pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros yattag git+https://github.com/foreign-sub/aiofreepybox.git
pip3 install -r "${REQUIREMENTS_FILE}"

8
install/debian12/start.debian12.sh
View File

@@ -102,10 +102,10 @@ else
echo "The file ieee-oui.txt does not exist. Running update_vendors..."
# Run the update_vendors.sh script
if [ -f "${INSTALL_PATH}/back/update_vendors.sh" ]; then
"${INSTALL_PATH}/back/update_vendors.sh"
if [ -f "${SYSTEM_SERVICES}/update_vendors.sh" ]; then
"${SYSTEM_SERVICES}/update_vendors.sh"
else
echo "update_vendors.sh script not found in $INSTALL_DIR."
echo "update_vendors.sh script not found in $SYSTEM_SERVICES."
fi
fi
@@ -175,7 +175,7 @@ nginx -t || { echo "[INSTALL] nginx config test failed"; exit 1; }
# sudo systemctl restart nginx
# Activate the virtual python environment
source myenv/bin/activate
source /opt/venv/bin/activate
echo "[INSTALL] 🚀 Starting app - navigate to your <server IP>:${PORT}"

2
install/netalertx.template.conf
View File

@@ -10,6 +10,8 @@
server {
listen ${LISTEN_ADDR}:${PORT} default_server;
large_client_header_buffers 4 16k;
root ${INSTALL_DIR}/front;
index index.php;
add_header X-Forwarded-Prefix "/app" always;

94
install/production-filesystem/README.md Executable file
View File

@@ -0,0 +1,94 @@
# NetAlertX Production Container Filesystem
This document describes the filesystem structure of the NetAlertX production Docker container. This setup focuses on security by separating application code, configuration, and runtime data.
## Directory Structure
### `/app` - Main Application Directory
The core application location where NetAlertX runs. This directory contains the main application code and working data, with source code directories mounted in read-only mode for security. It provides the runtime environment for all NetAlertX operations including device scanning, web interface, and data processing.
The core application location. Contains:
- Source code directories (`back`, `front`, `server`) copied in read-only mode
- Working directories for runtime data (`config`, `db`, `log`)
- Other directories are not needed in production and are excluded
### `/build` - Build-Time Scripts
Temporary directory used during Docker image building to prepare the container environment. Scripts in this directory run during the build process to set up the system before it's locked down for production use. This ensures the container is properly configured before runtime.
Temporary directory used during Docker image building:
- Scripts run at the end of the build process
- Deleted after build to reduce image size
- Only exists during container creation
### `/opt/venv/lib/python3.12/site-packages/aiofreebox` - Certificate Storage
Contains SSL certificates required for secure communication with Freebox OS devices. The aiofreebox Python package uses these certificates to authenticate and establish encrypted connections when integrating with Freebox routers for network device discovery.
Contains certificates for the aiofreebox package, which communicates with Freebox OS devices.
### `/services` - Service Management
Contains all scripts and configurations for running NetAlertX services. This directory holds the complete service orchestration layer that manages the container's runtime behavior, including startup scripts, configuration files, and utility tools for system maintenance and monitoring.
Contains all scripts and configurations for running NetAlertX services:
#### `/services/config` - Service Configurations
Configuration files for each service that runs in the container. These files define how services like the web server, task scheduler, and Python backend operate, including security settings, resource limits, and integration parameters.
Configuration files for each service:
- `crond/` - Task scheduler settings
- `nginx/` - Web server configuration
- `php/` - PHP interpreter settings
- `php-fpm.d/` - Additional PHP configurations
- `python/` - Python backend launch parameters
#### `/services/scripts` - System Scripts and Utilities
Pre-startup checks and specialized maintenance tools. Files named `check-*` are intended to verify system functions at startup and correct issues or warn users as needed. Additional scripts perform various update tasks and provide integration capabilities with external systems.
Pre-startup checks and specialized maintenance tools:
- `check-cap.sh` - Verifies container permissions for network tools
- `check-first-run-config.sh` - Sets up initial configuration
- `check-first-run-db.sh` - Prepares database on first run
- `check-permissions.sh` - Validates file and directory permissions
- `check-ramdisk.sh` - Checks temporary storage setup
- `check-root.sh` - Confirms proper user privileges
- `check-storage.sh` - Ensures storage directories exist
- `update_vendors.sh` - Updates MAC address vendor database
- `checkmk/` - Checkmk monitoring integration scripts
- `db_cleanup/` - Database maintenance and cleanup tools
- `db_empty/` - Database reset utilities
- `list-ports.sh` - Network port enumeration script
- `opnsense_leases/` - OPNsense DHCP lease integration tools
#### `/services/run` - Runtime Data
Directory for storing runtime data and logs generated by services during container operation. This provides a centralized location for monitoring service activity and troubleshooting issues that occur during normal operation.
- `logs/` - Service runtime log files
#### Service Control Scripts
Scripts that start and manage the core services required for NetAlertX operation. These scripts handle the initialization of the web server, application server, task scheduler, and backend processing components that work together to provide network monitoring functionality.
- `start-backend.sh` - Launches Python backend service
- `start-crond.sh` - Starts task scheduler
- `start-nginx.sh` - Starts web server
- `start-php-fpm.sh` - Starts PHP processor
- `healthcheck.sh` - Container health verification
- `cron_script.sh` - Scheduled task definitions
### `/entrypoint.sh` - Container Startup Script
The main orchestration script that runs when the container starts. It coordinates the entire container initialization process, from pre-startup validation through service startup and ongoing monitoring, ensuring NetAlertX operates reliably in production environments.
The main script that runs when the container starts:
- Runs all pre-startup checks from `/services/scripts`
- Creates necessary directories and files
- Starts all required services (crond, PHP-FPM, nginx, Python backend)
- Monitors services and handles failures
- Ensures clean shutdown on container stop
## Security Considerations
- Application code is read-only to prevent modifications
- Services run with minimal required permissions
- Configurations are separated from code
- Pre-startup checks verify system integrity
- Runtime data is isolated in dedicated directories
- Container exits immediately if any service fails (enables restart policies)

108
install/production-filesystem/app/config/app.conf Executable file
View File

@@ -0,0 +1,108 @@
#-----------------AUTOGENERATED FILE-----------------#
# #
# Generated: 2022-12-30_22-19-40 #
# #
# Config file for the LAN intruder detection app: #
# https://github.com/jokob-sk/NetAlertX #
# #
#-----------------AUTOGENERATED FILE-----------------#
# 🔺 Use the Settings UI - only edit when necessary 🔺
# General
#---------------------------
# Scan using interface eth0
# SCAN_SUBNETS = ['192.168.1.0/24 --interface=eth0']
#
# Scan multiple interfaces (eth1 and eth0):
# SCAN_SUBNETS = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ]
DISCOVER_PLUGINS=True
SCAN_SUBNETS=['--localnet']
TIMEZONE='Europe/Berlin'
LOADED_PLUGINS=['ARPSCAN', 'AVAHISCAN', 'CSVBCKP','DBCLNP', 'DIGSCAN', 'INTRNT', 'MAINT', 'NEWDEV', 'NBTSCAN', 'NSLOOKUP','NTFPRCS', 'SETPWD', 'SMTP', 'SYNC', 'VNDRPDT', 'WORKFLOWS', 'UI']
DAYS_TO_KEEP_EVENTS=90
# Used for generating links in emails. Make sure not to add a trailing slash!
REPORT_DASHBOARD_URL='update_REPORT_DASHBOARD_URL_setting'
# Make sure at least these scanners are enabled for new installs, other defaults are taken from the config.json
INTRNT_RUN='schedule'
ARPSCAN_RUN='schedule'
NSLOOKUP_RUN='before_name_updates'
AVAHISCAN_RUN='before_name_updates'
NBTSCAN_RUN='before_name_updates'
# Email
#-------------------------------------
# (add SMTP to LOADED_PLUGINS to load)
#-------------------------------------
SMTP_RUN='disabled' # use 'on_notification' to enable
SMTP_SERVER='smtp.gmail.com'
SMTP_PORT=587
SMTP_REPORT_TO='user@gmail.com'
SMTP_REPORT_FROM='NetAlertX <user@gmail.com>'
SMTP_SKIP_LOGIN=False
SMTP_USER='user@gmail.com'
SMTP_PASS='password'
SMTP_SKIP_TLS=False
# Webhook
#-------------------------------------
# (add WEBHOOK to LOADED_PLUGINS to load)
#-------------------------------------
WEBHOOK_RUN='disabled' # use 'on_notification' to enable
WEBHOOK_URL='http://n8n.local:5555/webhook-test/aaaaaaaa-aaaa-aaaa-aaaaa-aaaaaaaaaaaa'
WEBHOOK_PAYLOAD='json' # webhook payload data format for the "body > attachements > text" attribute
# in https://github.com/jokob-sk/NetAlertX/blob/main/docs/webhook_json_sample.json
# supported values: 'json', 'html' or 'text'
# e.g.: for discord use 'html'
WEBHOOK_REQUEST_METHOD='GET'
# Apprise
#-------------------------------------
# (add APPRISE to LOADED_PLUGINS to load)
#-------------------------------------
APPRISE_RUN='disabled' # use 'on_notification' to enable
APPRISE_HOST='http://localhost:8000/notify'
APPRISE_URL='mailto://smtp-relay.sendinblue.com:587?from=user@gmail.com&name=apprise&user=user@gmail.com&pass=password&to=user@gmail.com'
# NTFY
#-------------------------------------
# (add NTFY to LOADED_PLUGINS to load)
#-------------------------------------
NTFY_RUN='disabled' # use 'on_notification' to enable
NTFY_HOST='https://ntfy.sh'
NTFY_TOPIC='replace_my_secure_topicname_91h889f28'
NTFY_USER='user'
NTFY_PASSWORD='passw0rd'
# PUSHSAFER
#-------------------------------------
# (add PUSHSAFER to LOADED_PLUGINS to load)
#-------------------------------------
PUSHSAFER_RUN='disabled' # use 'on_notification' to enable
PUSHSAFER_TOKEN='ApiKey'
# MQTT
#-------------------------------------
# (add MQTT to LOADED_PLUGINS to load)
#-------------------------------------
MQTT_RUN='disabled' # use 'on_notification' to enable
MQTT_BROKER='192.168.1.2'
MQTT_PORT=1883
MQTT_USER='mqtt'
MQTT_PASSWORD='passw0rd'
MQTT_QOS=0
MQTT_DELAY_SEC=2
#-------------------IMPORTANT INFO-------------------#
# This file is ingested by a python script, so if #
# modified it needs to use python syntax #
#-------------------IMPORTANT INFO-------------------#

BIN
install/production-filesystem/app/db/app.db Executable file
View File

Binary file not shown.

0
api/.git-placeholder → install/production-filesystem/app/log/IP_changes.log
View File

0
log/plugins/.git-placeholder → install/production-filesystem/app/log/app.log
View File

0
install/production-filesystem/app/log/app.php_errors.log Executable file
View File

0
install/production-filesystem/app/log/app_front.log Executable file
View File

0
install/production-filesystem/app/log/crond.log Executable file
View File

0
install/production-filesystem/app/log/db_is_locked.log Executable file
View File

0
install/production-filesystem/app/log/execution_queue.log Executable file
View File

0
install/production-filesystem/app/log/plugins/.dockerignore Executable file
View File

0
install/production-filesystem/app/log/report_output.html Executable file
View File

0
install/production-filesystem/app/log/report_output.json Executable file
View File

0
install/production-filesystem/app/log/report_output.txt Executable file
View File

0
install/production-filesystem/app/log/stderr.log Executable file
View File

0
install/production-filesystem/app/log/stdout.log Executable file
View File

4
install/production-filesystem/build/init-backend.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
echo "Initializing backend..."
# Future backend initialization steps can go here.
echo "Backend initialized."

4
install/production-filesystem/build/init-crond.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
echo "Initializing crond..."
#Future crond initializations can go here.
echo "crond initialized."

Some files were not shown because too many files have changed in this diff Show More