From c81a054d893bfd418ebd7e3d83884157e4dca89f Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Fri, 3 Oct 2025 00:08:26 +0000 Subject: [PATCH] Coderabit --- .devcontainer/devcontainer.json | 7 ++++- .../services/config/nginx/netalertx.conf | 1 - .../python/backend-extra-launch-parameters | 2 +- .devcontainer/scripts/setup.sh | 5 ++- .devcontainer/scripts/start-nginx.sh | 5 +-- .gitignore | 2 +- .vscode/settings.json | 8 +++-- front/plugins/avahi_scan/avahi_orig.py | 31 ++++++++++++++----- front/plugins/avahi_scan/avahi_scan.py | 5 ++- front/plugins/dhcp_servers/script.py | 2 +- install/production-filesystem/README.md | 8 ++--- .../services/config/nginx/netalertx.conf | 1 - .../services/config/nginx/nginx.conf | 2 +- 13 files changed, 51 insertions(+), 28 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index be3d648c..003d4fc3 100755 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -37,7 +37,12 @@ "jeff-hykin.better-dockerfile-syntax", "GitHub.codespaces", "ms-azuretools.vscode-containers", - "ms-python.vscode-python-envs" + "ms-python.vscode-python-envs", + "dbaeumer.vscode-eslint", + "esbenp.prettier-vscode", + "eamodio.gitlens", + "alexcvzz.vscode-sqlite", + "yzhang.markdown-all-in-one" ] , "settings": { diff --git a/.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf b/.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf index bb14e270..fb522d14 100755 --- a/.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf +++ b/.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf @@ -10,7 +10,6 @@ server { index index.php; add_header X-Forwarded-Prefix "/netalertx" always; - proxy_set_header X-Forwarded-Prefix "/netalertx"; location ~* \.php$ { add_header Cache-Control "no-store"; diff --git a/.devcontainer/resources/devcontainer-overlay/services/config/nginx/python/backend-extra-launch-parameters b/.devcontainer/resources/devcontainer-overlay/services/config/nginx/python/backend-extra-launch-parameters index 86855c04..06cac053 100644 --- a/.devcontainer/resources/devcontainer-overlay/services/config/nginx/python/backend-extra-launch-parameters +++ b/.devcontainer/resources/devcontainer-overlay/services/config/nginx/python/backend-extra-launch-parameters @@ -1 +1 @@ --m debugpy --listen 0.0.0.0:5678 \ No newline at end of file +-m debugpy --listen 0.0.0.0:5678 \ No newline at end of file diff --git a/.devcontainer/scripts/setup.sh b/.devcontainer/scripts/setup.sh index 24da4bc3..b7eccb61 100755 --- a/.devcontainer/scripts/setup.sh +++ b/.devcontainer/scripts/setup.sh @@ -79,10 +79,9 @@ configure_source() { sudo mount -o uid=$(id -u netalertx),gid=$(id -g netalertx),mode=775 -t tmpfs -o size=256M tmpfs "${NETALERTX_API}" mkdir -p ${NETALERTX_PLUGINS_LOG} touch ${NETALERTX_PLUGINS_LOG}/.git-placeholder ${NETALERTX_API}/.git-placeholder - # mount tmpfs with root:root ownership and 755 permissions + # tmpfs mounts configured with netalertx ownership and 775 permissions above + touch /app/log/nginx_error.log - - echo " -> Empty log"|tee ${INSTALL_DIR}/log/app.log \ ${INSTALL_DIR}/log/app_front.log \ ${INSTALL_DIR}/log/stdout.log diff --git a/.devcontainer/scripts/start-nginx.sh b/.devcontainer/scripts/start-nginx.sh index 77c88390..b8395c70 100755 --- a/.devcontainer/scripts/start-nginx.sh +++ b/.devcontainer/scripts/start-nginx.sh @@ -1,4 +1,5 @@ +#!/bin/bash -#create /services/nginx directory for nginx system files -nginx -c "/services/nginx/nginx.conf" -g "daemon off;" 2>&1 >/app/log/app_front.log \ No newline at end of file +#Logging handled in nginx.conf +nginx -c "/services/nginx/nginx.conf" -g "daemon off;" 2>&1 >/dev/null \ No newline at end of file diff --git a/.gitignore b/.gitignore index d9697b65..59628e8a 100755 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ .dotnet .vscode-server .gitconfig -\.*CommandMarker +.*CommandMarker deviceid .DS_Store .cache diff --git a/.vscode/settings.json b/.vscode/settings.json index eb61ec14..0aa6c7cb 100755 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -11,6 +11,10 @@ // Let the Python extension invoke pytest via the interpreter; avoid hardcoded paths // Removed python.testing.pytestPath and legacy pytest.command overrides - "terminal.integrated.defaultProfile.linux": "bash", - "terminal.integrated.profiles.linux": { "bash": { "path": "/bin/fish" } } + "terminal.integrated.defaultProfile.linux": null, + "terminal.integrated.profiles.linux": { + "ash": { + "path": "/bin/fish" + } + } } \ No newline at end of file diff --git a/front/plugins/avahi_scan/avahi_orig.py b/front/plugins/avahi_scan/avahi_orig.py index ba00f8d3..9e8310a4 100644 --- a/front/plugins/avahi_scan/avahi_orig.py +++ b/front/plugins/avahi_scan/avahi_orig.py @@ -4,7 +4,7 @@ import os import pathlib import sys import json -import sqlite3 + import subprocess # Define the installation path and extend the system path for plugin imports @@ -43,8 +43,18 @@ plugin_objects = Plugin_Objects(RESULT_FILE) def main(): mylog('verbose', [f'[{pluginName}] In script']) - # timeout = get_setting_value('AVAHI_RUN_TIMEOUT') - timeout = 20 + # Retrieve timeout from settings (use AVAHISCAN_RUN_TIMEOUT), fall back to 20 + try: + _timeout_val = get_setting_value('AVAHISCAN_RUN_TIMEOUT') + if _timeout_val is None or _timeout_val == '': + timeout = 20 + else: + try: + timeout = int(_timeout_val) + except (ValueError, TypeError): + timeout = 20 + except Exception: + timeout = 20 # Create a database connection db = DB() # instance of class DB @@ -139,8 +149,11 @@ def execute_name_lookup(ip, timeout): except subprocess.CalledProcessError as e: mylog('none', [f'[{pluginName}] ⚠ ERROR - {e.output}']) - except subprocess.TimeoutExpired: - mylog('none', [f'[{pluginName}] TIMEOUT - the process forcefully terminated as timeout reached']) + except subprocess.TimeoutExpired as e: + # Return a distinct value that main() checks for when a timeout occurs + # Keep logging for telemetry/debugging + mylog('none', [f'[{pluginName}] TIMEOUT - the process forcefully terminated as timeout reached{": " + str(getattr(e, "output", "")) if getattr(e, "output", None) else ""}']) + return 'to' if output == "": mylog('none', [f'[{pluginName}] Scan: FAIL - check logs']) @@ -163,8 +176,12 @@ def ensure_avahi_running(attempt=1, max_retries=2): mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to check rc-status: {e.output}']) return - # Create OpenRC soft level - subprocess.run(['touch', '/run/openrc/softlevel'], check=True) + # Create OpenRC soft level (wrap in try/except to keep error handling consistent) + try: + subprocess.run(['touch', '/run/openrc/softlevel'], check=True, capture_output=True, text=True) + except subprocess.CalledProcessError as e: + mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to create OpenRC soft level: {e.stderr if e.stderr else str(e)}']) + return # Add Avahi daemon to runlevel try: diff --git a/front/plugins/avahi_scan/avahi_scan.py b/front/plugins/avahi_scan/avahi_scan.py index 1832c17c..5aea0202 100755 --- a/front/plugins/avahi_scan/avahi_scan.py +++ b/front/plugins/avahi_scan/avahi_scan.py @@ -4,7 +4,6 @@ import os import pathlib import sys import json -import time import dns.resolver # Define the installation path and extend the system path for plugin imports @@ -52,8 +51,8 @@ def resolve_ips_with_zeroconf(ips, timeout): # Construct the reverse IP for PTR query (e.g., 8.1.168.192.in-addr.arpa.) reverse_ip = '.'.join(reversed(ip.split('.'))) + '.in-addr.arpa.' - # Query PTR record with timeout - answers = dns.resolver.resolve(reverse_ip, 'PTR', lifetime=max(1, min(timeout, 5))) + # Query PTR record with timeout; respect the passed timeout per query + answers = dns.resolver.resolve(reverse_ip, 'PTR', lifetime=max(1, timeout)) if answers: # For PTR records, the hostname is in the target field diff --git a/front/plugins/dhcp_servers/script.py b/front/plugins/dhcp_servers/script.py index 63bd8c82..62f112f3 100755 --- a/front/plugins/dhcp_servers/script.py +++ b/front/plugins/dhcp_servers/script.py @@ -41,7 +41,7 @@ def main(): plugin_objects = Plugin_Objects(RESULT_FILE) timeoutSec = get_setting_value('DHCPSRVS_RUN_TIMEOUT') - nmapArgs = ['sudo', 'nmap', '--privileged' '--script', 'broadcast-dhcp-discover'] + nmapArgs = ['sudo', 'nmap', '--privileged', '--script', 'broadcast-dhcp-discover'] try: dhcp_probes = 1 diff --git a/install/production-filesystem/README.md b/install/production-filesystem/README.md index 313a1d13..d4ee2b68 100644 --- a/install/production-filesystem/README.md +++ b/install/production-filesystem/README.md @@ -3,18 +3,18 @@ This is the default filesystem for NetAlertX. it contains - `/app` - The main application location. This structure is where the source code (back, front and server directories) is copied and executed in read-only form. It also provides default structures for the working directories, such as: config, db, and log. All other directories are not required in the production image and are not tracked. - `/build` - a place where services can be initialized during docker container build. This folder is copied in, executed near the end of the build before the system is locked down, and then deleted. It is only available during build time. -- `/opt/venv/lib/pthon3.12/site-acakges/aiofreebox` - this holds a certificate used by aiofreebox package, which interacts with freebox OS. +- `/opt/venv/lib/python3.12/site-packages/aiofreebox` - this holds a certificate used by aiofreebox package, which interacts with freebox OS. - `/services` - a directory where all scripts which control system executions are held - `/services/config` - a directory which holds all configuration files and `conf.d` folders used in the production image. - `/services/config/cond` - `crond` daemon config. - `/services/config/nginx` - `nginx` conf files. - `/services/config/php` - php conf file. - `/services/config/php/php-fmp.d` - a `.d` style directory, debugger parameters or other configurations can be dropped in here. + - `/services/config/php/php-fpm.d` - a `.d` style directory, debugger parameters or other configurations can be dropped in here. - `/services/config/python-backend-extra-launch-parameters` - the contents of this file are added to launch params. It can be used to add debugging capabilities. - - `/services/capcheck.sh` - This is run at startup to warn the user if the container does not hold requried permissions to operate certain raw-packet tools. + - `/services/capcheck.sh` - This is run at startup to warn the user if the container does not hold required permissions to operate certain raw-packet tools. - `/services/healthcheck.sh` - The system healthcheck. This script tests the services and reports if something fails. - `/services/start-backend.sh` - The launcher for python services. This is called at startup by `entrypoint.sh`. - `/services/start-crond.sh` - The launcher for crond task scheduler. This is called at startup by `entrypoint.sh`. - `/services/start-nginx.sh` - The launcher for nginx frontend/website services. This is called at startup by `entrypoint.sh`. - `/services/start-php-fpm.sh` - The launcher for php-fpm, used to interpret php for the frontend website. This is called at startup by `entrypoint.sh`. -- `/entrypoint.sh` - Called at system startup to launch all services and servers requried by NetAlertX. \ No newline at end of file +- `/entrypoint.sh` - Called at system startup to launch all services and servers required by NetAlertX. \ No newline at end of file diff --git a/install/production-filesystem/services/config/nginx/netalertx.conf b/install/production-filesystem/services/config/nginx/netalertx.conf index b5d28376..0bd679a9 100644 --- a/install/production-filesystem/services/config/nginx/netalertx.conf +++ b/install/production-filesystem/services/config/nginx/netalertx.conf @@ -13,7 +13,6 @@ server { root /app/front; index index.php; add_header X-Forwarded-Prefix "/app" always; - proxy_set_header X-Forwarded-Prefix "/app"; # # Authentication endpoint # location = /auth { diff --git a/install/production-filesystem/services/config/nginx/nginx.conf b/install/production-filesystem/services/config/nginx/nginx.conf index 115264a5..f87b0d0d 100644 --- a/install/production-filesystem/services/config/nginx/nginx.conf +++ b/install/production-filesystem/services/config/nginx/nginx.conf @@ -49,7 +49,7 @@ http { # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; # Path of the file with Diffie-Hellman parameters for EDH ciphers. # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048`