cphipps/NetAlertX
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

📚Docs + Omada work #708

Browse Source
This commit is contained in:
jokob-sk
2024-06-29 10:28:14 +10:00
parent f64ebae3ee
commit eae93ef6b2
11 changed files with 239 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -15,7 +15,7 @@ ENV PATH="/opt/venv/bin:$PATH"
COPY . ${INSTALL_DIR}/ COPY . ${INSTALL_DIR}/
RUN pip install tplink-omada-client pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython \ RUN pip install netifaces tplink-omada-client pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython \
&& bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \ && bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
&& bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \ && bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
&& bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py' -o -name 'speedtest-cli' \) -exec chmod 750 {} \;" && bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py' -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"

16
README.md
View File

@@ -1,4 +1,4 @@
# 💻🔍 Network security scanner & notification framework # 💻🔍 Network scanner & notification framework
Get visibility of what's going on on your WIFI/LAN network. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT). Get visibility of what's going on on your WIFI/LAN network. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
@@ -18,7 +18,7 @@ Get visibility of what's going on on your WIFI/LAN network. Schedule scans for d
![network_setup][network_setup] ![network_setup][network_setup]
Head to [https://netalertx.com/](https://netalertx.com/) for more screenshots. Head to [https://netalertx.com/](https://netalertx.com/) for more gifs and screenshots 📷.
<details> <details>
<summary>📷 Click for more screenshots</summary> <summary>📷 Click for more screenshots</summary>
@@ -36,13 +36,13 @@ Head to [https://netalertx.com/](https://netalertx.com/) for more screenshots.
Most of us don't know what's going on on our home network, but we want our family and data to be safe. _Command-line tools_ are great, but the output can be _hard to understand_ and action if you are not a network specialist. Most of us don't know what's going on on our home network, but we want our family and data to be safe. _Command-line tools_ are great, but the output can be _hard to understand_ and action if you are not a network specialist.
Net <b>Alert</b><sup>x</sup> gives you peace of mind. _Visualize and immediately report 📬_ what is going on in your network - this is the first step to enhance your _network security 🔐_. Net<b>Alert</b><sup>x</sup> gives you peace of mind. _Visualize and immediately report 📬_ what is going on in your network - this is the first step to enhance your _network security 🔐_.
Net <b>Alert</b><sup>x</sup> combines several network and other scanning tools 🔍 with notifications 📧 into one user-friendly package 📦. Net<b>Alert</b><sup>x</sup> combines several network and other scanning tools 🔍 with notifications 📧 into one user-friendly package 📦.
Set up a _kill switch ☠_ for your network via a smart plug with the available [Home Assistant](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HOME_ASSISTANT.md) integration. Implement custom automations with the [CSV device Exports 📤](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/csv_backup), [Webhooks](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WEBHOOK_N8N.md), or [API endpoints](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) features. Set up a _kill switch ☠_ for your network via a smart plug with the available [Home Assistant](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HOME_ASSISTANT.md) integration. Implement custom automations with the [CSV device Exports 📤](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/csv_backup), [Webhooks](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WEBHOOK_N8N.md), or [API endpoints](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) features.
Extend the app if you want to create your own scanner [Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) and handle the results and notifications in Net <b>Alert</b><sup>x</sup>. Extend the app if you want to create your own scanner [Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) and handle the results and notifications in Net<b>Alert</b><sup>x</sup>.
Looking forward to your contributions if you decide to share your work with the community ❤. Looking forward to your contributions if you decide to share your work with the community ❤.
@@ -96,14 +96,16 @@ Thank you to all the wonderful people who are sponsoring this project.
<!-- SPONSORS-LIST DO NOT MODIFY ABOVE --> <!-- SPONSORS-LIST DO NOT MODIFY ABOVE -->
| [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) |
| --- | --- | --- |
<details> <details>
<summary>Click for more ways to donate</summary> <summary>Click for more ways to donate</summary>
<hr> <hr>
| [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) |
| --- | --- | --- |
- Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM` - Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM`
- Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7` - Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7`

4
dockerfiles/README.md
View File

@@ -4,7 +4,7 @@
![GitHub Release](https://img.shields.io/github/v/release/jokob-sk/NetAlertX?color=0aa8d2&logoColor=fff&logo=GitHub) ![GitHub Release](https://img.shields.io/github/v/release/jokob-sk/NetAlertX?color=0aa8d2&logoColor=fff&logo=GitHub)
[![GitHub Sponsors](https://img.shields.io/github/sponsors/jokob-sk?style=social)](https://github.com/sponsors/jokob-sk) [![GitHub Sponsors](https://img.shields.io/github/sponsors/jokob-sk?style=social)](https://github.com/sponsors/jokob-sk)
# NetAlertX 💻🔍 Network security scanner & notification framework # NetAlertX 💻🔍 Network scanner & notification framework
| 🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/netalertx) | 📑 [Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) |🆕 [Release notes](https://github.com/jokob-sk/NetAlertX/releases) | 📚 [All Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) | | 🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/netalertx) | 📑 [Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) |🆕 [Release notes](https://github.com/jokob-sk/NetAlertX/releases) | 📚 [All Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) |
|----------------------|----------------------| ----------------------| ----------------------| |----------------------|----------------------| ----------------------| ----------------------|
@@ -13,6 +13,8 @@
<img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" width="1000px" /> <img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" width="1000px" />
</a> </a>
Head to [https://netalertx.com/](https://netalertx.com/) for more gifs and screenshots 📷.
> [!NOTE] > [!NOTE]
> There is also an experimental 🧪 [bare-metal install](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) method available. > There is also an experimental 🧪 [bare-metal install](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) method available.

35
front/php/templates/auth.php Executable file
View File

@@ -0,0 +1,35 @@
<?php
session_start();
$isAuthenticated = false;
// Check if the user is logged in
if (isset($_SESSION["login"]) && $_SESSION["login"] == 1) {
$isAuthenticated = true;
}
// $current_directory = __DIR__;
// echo "Current directory: " . $current_directory;
// Check if a valid cookie is present
$CookieSaveLoginName = "NetAlertX_SaveLogin";
$config_file = "../../../config/app.conf"; // depends on where this file is called from
$config_file_lines = file($config_file);
$config_file_lines = array_values(preg_grep('/^SETPWD_password.*=/', $config_file_lines));
$password_line = explode("'", $config_file_lines[0]);
$Pia_Password = $password_line[1];
if (isset($_COOKIE[$CookieSaveLoginName]) && $Pia_Password == $_COOKIE[$CookieSaveLoginName]) {
$isAuthenticated = true;
}
if ($isAuthenticated) {
echo 'Authorized 200';
http_response_code(200);
exit; // Important: Ensure script exits after successful authentication
} else {
http_response_code(401);
echo 'Unauthorized 401';
exit; // Ensure script exits after failed authentication
}
?>

33
front/plugins/__template/config.json
View File

@@ -1,9 +1,9 @@
{ {
"code_name": "folder_name", "code_name": "folder_name",
"unique_prefix": "", "unique_prefix": "",
"plugin_type": "core|general|system|scanner|other|publisher", "plugin_type": "scanner",
"enabled": true, "enabled": true,
"data_source": "script|app-db-query|template|sqlite-db-query", "data_source": "script",
"mapped_to_table": "CurrentScan", "mapped_to_table": "CurrentScan",
"data_filters": [ "data_filters": [
{ {
@@ -122,6 +122,25 @@
} }
] ]
}, },
{
"function": "list_example",
"type": "list",
"default_value": ["existing_entry_1", "existing_entry_2"],
"options": [],
"localized": ["name", "description"],
"name": [
{
"language_code": "en_us",
"string": "Setting name"
}
],
"description": [
{
"language_code": "en_us",
"string": "Description / simple setup instructions"
}
]
},
{ {
"function": "multiselect_example_from_setting", "function": "multiselect_example_from_setting",
"type": "text.multiselect", "type": "text.multiselect",
@@ -255,7 +274,7 @@
}, },
{ {
"column": "Watched_Value3", "column": "Watched_Value3",
"mapped_to_column": "cur_SyncHubNodeName", "mapped_to_column": "cur_Type",
"css_classes": "col-sm-2", "css_classes": "col-sm-2",
"show": true, "show": true,
"type": "label", "type": "label",
@@ -265,14 +284,14 @@
"name": [ "name": [
{ {
"language_code": "en_us", "language_code": "en_us",
"string": "Sync Node" "string": "Device Type"
} }
] ]
}, },
{ {
"column": "Watched_Value4", "column": "Watched_Value4",
"css_classes": "col-sm-2", "css_classes": "col-sm-2",
"show": true, "show": false,
"type": "label", "type": "label",
"default_value": "", "default_value": "",
"options": [], "options": [],
@@ -280,7 +299,7 @@
"name": [ "name": [
{ {
"language_code": "en_us", "language_code": "en_us",
"string": "Device GUID" "string": "N/A"
} }
] ]
}, },
@@ -288,7 +307,7 @@
"column": "Dummy", "column": "Dummy",
"mapped_to_column": "cur_ScanMethod", "mapped_to_column": "cur_ScanMethod",
"mapped_to_column_data": { "mapped_to_column_data": {
"value": "sync" "value": "Example Plugin"
}, },
"css_classes": "col-sm-2", "css_classes": "col-sm-2",
"show": true, "show": true,

44
front/plugins/__template/rename_me.py
View File

@@ -6,7 +6,6 @@ import sys
import json import json
import sqlite3 import sqlite3
# Define the installation path and extend the system path for plugin imports # Define the installation path and extend the system path for plugin imports
INSTALL_PATH = "/app" INSTALL_PATH = "/app"
sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"]) sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"])
@@ -47,18 +46,18 @@ def main():
#"database_column_definitions": [ #"database_column_definitions": [
# { # {
# "column": "Object_PrimaryID", <--------- the value I save into primaryId # "column": "Object_PrimaryID", <--------- the value I save into primaryId
# "mapped_to_column": "cur_MAC", <--------- gets unserted into the CurrentScan DB table column cur_MAC # "mapped_to_column": "cur_MAC", <--------- gets inserted into the CurrentScan DB table column cur_MAC
# #
for device in device_data: for device in device_data:
plugin_objects.add_object( plugin_objects.add_object(
primaryId = device['some_id'], primaryId = device['mac_address'],
secondaryId = device['some_id'], secondaryId = device['ip_address'],
watched1 = device['some_id'], watched1 = device['hostname'],
watched2 = device['some_id'], watched2 = device['vendor'],
watched3 = device['some_id'], watched3 = device['device_type'],
watched4 = device['some_id'], watched4 = device['last_seen'],
extra = '', extra = '',
foreignKey = device['some_id']) foreignKey = device['mac_address'])
mylog('verbose', [f'[{pluginName}] New entries: "{len(new_devices)}"']) mylog('verbose', [f'[{pluginName}] New entries: "{len(new_devices)}"'])
@@ -75,7 +74,34 @@ def get_device_data(some_setting):
# do some processing, call exteranl APIs, and return a device_data list # do some processing, call exteranl APIs, and return a device_data list
# ... # ...
# #
# Sample data for testing purposes, you can adjust the processing in main() as needed
# ... before adding it to the plugin_objects.add_object(...)
device_data = [
{
'device_id': 'device1',
'mac_address': '00:11:22:33:44:55',
'ip_address': '192.168.1.2',
'hostname': 'iPhone 12',
'vendor': 'Apple Inc.',
'device_type': 'Smartphone',
'last_seen': '2024-06-27 10:00:00',
'port': '1',
'network_id': 'network1'
},
{
'device_id': 'device2',
'mac_address': '00:11:22:33:44:66',
'ip_address': '192.168.1.3',
'hostname': 'Moto G82',
'vendor': 'Motorola Inc.',
'device_type': 'Laptop',
'last_seen': '2024-06-27 10:05:00',
'port': '',
'network_id': 'network1'
}
]
# Return the data to be detected by teh main application
return device_data return device_data
if __name__ == '__main__': if __name__ == '__main__':

82
front/plugins/omada_sdn_imp/config.json
View File

@@ -119,22 +119,21 @@
] ]
}, },
{ {
"function": "site", "function": "sites",
"type": "text", "type": "list",
"maxLength": 50, "default_value": [],
"default_value": "",
"options": [], "options": [],
"localized": ["name", "description"], "localized": ["name", "description"],
"name": [ "name": [
{ {
"language_code": "en_us", "language_code": "en_us",
"string": "OMADA site" "string": "OMADA sites"
} }
], ],
"description": [ "description": [
{ {
"language_code": "en_us", "language_code": "en_us",
"string": "Omada SDN site id. You can get it by..." "string": "Omada SDN site IDs. You can get it by..."
} }
] ]
}, },
@@ -178,6 +177,25 @@
} }
] ]
}, },
{
"function": "force_overwrite",
"type": "boolean",
"default_value": false,
"options": [],
"localized": ["name", "description"],
"name": [
{
"language_code": "en_us",
"string": "Force overwrite"
}
],
"description": [
{
"language_code": "en_us",
"string": "By default NetAlertX will only populate missing names in OMADASDN devices (i.e.: where the name is defaulting to the device MAC address) ; with this setting toggled, it will overwrite existing values regardless."
}
]
},
{ {
"function": "CMD", "function": "CMD",
"type": "readonly", "type": "readonly",
@@ -247,6 +265,58 @@
"string": "Maximale Zeit in Sekunden, die auf den Abschluss des Skripts gewartet werden soll. Bei Überschreitung dieser Zeit wird das Skript abgebrochen." "string": "Maximale Zeit in Sekunden, die auf den Abschluss des Skripts gewartet werden soll. Bei Überschreitung dieser Zeit wird das Skript abgebrochen."
} }
] ]
},
{
"default_value": [],
"description": [
{
"language_code": "en_us",
"string": "Send a notification if selected values change. Use <code>CTRL + Click</code> to select/deselect. <ul> <li><code>Watched_Value1</code> is Hostname </li><li><code>Watched_Value2</code> is Parent Node </li><li><code>Watched_Value3</code> is Port </li><li><code>Watched_Value4</code> is SSID </li></ul>"
}
],
"function": "WATCH",
"localized": ["name", "description"],
"name": [
{
"language_code": "en_us",
"string": "Watched"
},
{
"language_code": "es_es",
"string": "Visto"
}
],
"options": [
"Watched_Value1",
"Watched_Value2",
"Watched_Value3",
"Watched_Value4"
],
"type": "text.multiselect"
},
{
"default_value": ["new", "watched-changed"],
"description": [
{
"language_code": "en_us",
"string": "Send a notification only on these statuses. <code>new</code> means a new unique (unique combination of PrimaryId and SecondaryId) object was discovered. <code>watched-changed</code> means that selected <code>Watched_ValueN</code> columns changed."
}
],
"function": "REPORT_ON",
"localized": ["name", "description"],
"name": [
{
"language_code": "en_us",
"string": "Report on"
}
],
"options": [
"new",
"watched-changed",
"watched-not-changed",
"missing-in-last-scan"
],
"type": "text.multiselect"
} }
], ],
"database_column_definitions": [ "database_column_definitions": [

2
install/install_dependencies.debian.sh
View File

@@ -30,5 +30,5 @@ source myenv/bin/activate
update-alternatives --install /usr/bin/python python /usr/bin/python3 10 update-alternatives --install /usr/bin/python python /usr/bin/python3 10
# install packages thru pip3 # install packages thru pip3
pip3 install tplink-omada-client pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography pip3 install netifaces tplink-omada-client pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography

43
install/netalertx.template.conf
View File

@@ -1,3 +1,13 @@
# map $request_uri $auth_result {
# default "";
# ~^/api/ /auth_result;
# }
# log_format auth_request_log '$remote_addr - $remote_user [$time_local] '
# '"$request" $status $body_bytes_sent '
# '"$http_referer" "$http_user_agent" '
# '$auth_result';
server { server {
listen ${LISTEN_ADDR}:${PORT} default_server; listen ${LISTEN_ADDR}:${PORT} default_server;
root ${INSTALL_DIR}/front; root ${INSTALL_DIR}/front;
@@ -5,35 +15,38 @@ server {
add_header X-Forwarded-Prefix "/app" always; add_header X-Forwarded-Prefix "/app" always;
proxy_set_header X-Forwarded-Prefix "/app"; proxy_set_header X-Forwarded-Prefix "/app";
# # Increase buffer sizes to handle larger headers # # Authentication endpoint
# proxy_buffer_size 512k; # location = /auth {
# proxy_buffers 16 512k; # internal;
# proxy_busy_buffers_size 512k; # proxy_pass http://127.0.0.1/php/templates/auth.php;
# proxy_http_version 1.1; # proxy_set_header Content-Length "";
# proxy_set_header Connection ""; # proxy_pass_request_body off;
# }
# # Whitelisting IP addresses and CORS for /api/
# # Whitelisting IP addresses
# location /api/ { # location /api/ {
# # Allow requests from localhost (loopback address) # auth_request /auth;
# allow 127.0.0.1; # access_log /var/log/nginx/auth_request.log auth_request_log;
# # Allow requests from other trusted IP addresses
# # allow 192.168.1.0/24; # Replace with the actual IP of a trusted client
# # Deny all other IP addresses
# deny all;
# # Enable CORS for specific frontend domain # # Enable CORS for specific frontend domain
# add_header 'Access-Control-Allow-Origin' 'http://vlan_ip' always; # add_header 'Access-Control-Allow-Origin' 'http://192.168.1.82:20211' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always; # add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
# if ($request_method = 'OPTIONS') { # if ($request_method = 'OPTIONS') {
# return 204; # return 204;
# } # }
# error_page 401 = @unauthorized;
# # Other headers and configurations
# try_files $uri $uri/ =404; # try_files $uri $uri/ =404;
# } # }
# location @unauthorized {
# return 401;
# }
location ~* \.php$ { location ~* \.php$ {
# Set Cache-Control header to prevent caching on the first load # Set Cache-Control header to prevent caching on the first load

4
server/plugin_utils.py
View File

@@ -254,7 +254,9 @@ def decode_and_rename_files(file_dir, file_prefix):
# Initialize the list of files to be processed and Sync Hub Node name # Initialize the list of files to be processed and Sync Hub Node name
files_to_process = [] files_to_process = []
# key to decrypt data if available # key to decrypt data if SYNC loaded and key available
encryption_key = None
if "SYNC" in get_setting_value('LOADED_PLUGINS'):
encryption_key = get_setting_value('SYNC_encryption_key') encryption_key = get_setting_value('SYNC_encryption_key')
# Check for files starting with the specified prefix # Check for files starting with the specified prefix