search

jokob-sk / NetAlertX

🖧🔍 WIFI / LAN intruder detector. Scans for devices connected to your network and alerts you if new and unknown devices are found.
GNU General Public License v3.0
3k stars 181 forks source link

Rogue DHCP Servers script timeout fixed at 10s #851

Open milindpatel63 opened 1 week ago

milindpatel63 commented 1 week ago

Is there an existing issue for this?

Current Behavior

The timeout for DHCPSRVS script is hardcoded at 10s which is causing my script to fail since it takes slightly bit longer. As you can see here: https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/dhcp_servers/script.py Line no 30 It should take the timeout value from the settings config, but it's not.

Expected Behavior

Timeout specified in the settings should be applied to the script.

Steps To Reproduce

  1. Set a custom timeout in the settings like so. image

  2. Wait for script to run

  3. It fails after 10s timeout like so. image

app.conf

Config was too long for github
https://pastebin.com/cYXn8UKt

docker-compose.yml

version: "3"
services:
  netalertx:
    container_name: netalertx
    hostname: NetAlertX
    privileged: true
    image: jokobsk/netalertx:latest
    environment:
      - TZ=Asia/Calcutta
    restart: unless-stopped
    volumes:
      - /home/user/Docker/netalertx/db:/app/db
      - /home/user/Docker/netalertx/config:/app/config
      - /home/user/Docker/netalertx/dhcp.leases:/etc/dnsmasq/dhcp.leases
      - /home/user/Docker/netalertx/log:/app/front/log
    network_mode: host
networks: {}

What branch are you running?

Production

app.log

NetAlertX:/# tail -100 /app/front/log/app.log 18:01:55 [API] Updating table_appevents.json file in /front/api 18:01:55 [API] Updating table_plugins_history.json file in /front/api 18:01:55 [API] Updating table_plugins_objects.json file in /front/api 18:01:55 [Plugin utils] --------------------------------------------- 18:01:55 [Plugin utils] display_name: DB cleanup 18:01:55 [Plugins] Executing: python3 /app/front/plugins/db_cleanup/script.py 18:01:55 [DBCLNP] In script 18:01:55 [DBCLNP] Upkeep Database: 18:01:55 [DBCLNP] Online_History: Delete all but keep latest 150 entries 18:01:55 [DBCLNP] Events: Delete all older than 90 days (DAYS_TO_KEEP_EVENTS setting) 18:01:55 [DBCLNP] Plugins_History: Trim Plugins_History entries to less than 250 per Plugin (PLUGINS_KEEP_HIST setting) 18:01:55 [DBCLNP] Plugins_History: Trim Notifications entries to less than 100 18:01:55 [DBCLNP] Trim AppEvents to less than 5000 18:01:55 [DBCLNP] Pholus_Scan: Delete all duplicates 18:01:55 [DBCLNP] Plugins_Objects: Delete all duplicates 18:01:55 [DBCLNP] Shrink Database 18:01:56 [DBCLNP] Cleanup complete 18:01:56 [Plugins] No output received from the plugin "DBCLNP" 18:01:56 [Plugin utils] --------------------------------------------- 18:01:56 [Plugin utils] display_name: Rogue DHCP 18:01:56 [Plugins] Executing: python3 /app/front/plugins/dhcp_servers/script.py 18:01:57 [DHCPSRVS] In script 18:02:07 Error in main:Command '['sudo', 'nmap', '--script', 'broadcast-dhcp-discover']' timed out after 10 seconds 18:02:07 [Plugins] No output received from the plugin "DHCPSRVS" 18:02:07 [Process Scan] Exclude ignored devices 18:02:07 [Process Scan] Processing scan results 18:02:07 [Process Scan] Print Stats 18:02:07 [Scan Stats] Devices Detected.......: 37 18:02:07 [Scan Stats] New Devices............: 0 18:02:07 [Scan Stats] Down Alerts............: 0 18:02:07 [Scan Stats] New Down Alerts........: 0 18:02:07 [Scan Stats] New Connections........: 1 18:02:07 [Scan Stats] Disconnections.........: 1 18:02:07 [Scan Stats] IP Changes.............: 7 18:02:07 [Scan Stats] Scan Method Statistics: 18:02:07 DHCPLSS: 8 18:02:07 INTRNT: 1 18:02:07 arp-scan: 19 18:02:07 nmap-dev-scan: 9 18:02:07 [Process Scan] Stats end 18:02:07 [Process Scan] Sessions Events (connect / disconnect) 18:02:07 [Process Scan] Creating new devices 18:02:07 [Process Scan] Updating Devices Info 18:02:07 [Process Scan] Voiding false (ghost) disconnections 18:02:07 [Process Scan] Pairing session events (connection / disconnection) 18:02:07 [Process Scan] Creating sessions snapshot 18:02:07 [Process Scan] Inserting scan results into Online_History 18:02:07 [Process Scan] Skipping repeated notifications 18:02:07 [Skip Repeated Notifications] Skip Repeated 18:02:07 [Plugin utils] --------------------------------------------- 18:02:07 [Plugin utils] display_name: AVAHISCAN (Name discovery) 18:02:07 [Plugins] Executing: python3 /app/front/plugins/avahi_scan/avahi_scan.py 18:02:08 [AVAHISCAN] In script 18:02:08 [Database] Opening DB 18:02:08 [AVAHISCAN] Unknown devices count: 0 18:02:08 [AVAHISCAN] Script finished 18:02:08 [Plugins] No output received from the plugin "AVAHISCAN" 18:02:08 [Plugin utils] --------------------------------------------- 18:02:08 [Plugin utils] display_name: NBTSCAN (Name discovery) 18:02:08 [Plugins] Executing: python3 /app/front/plugins/nbtscan_scan/nbtscan.py 18:02:08 [NBTSCAN] In script 18:02:08 [Database] Opening DB 18:02:08 [NBTSCAN] Unknown devices count: 0 18:02:08 [NBTSCAN] Script finished 18:02:08 [Plugins] No output received from the plugin "NBTSCAN" 18:02:08 [Notification] Check if something to report 18:02:08 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 18:02:08 [Notification] No changes to report 18:02:08 [MAIN] Process: Wait 18:02:13 [API] Updating table_appevents.json file in /front/api 18:02:13 [API] Updating table_devices.json file in /front/api 18:02:13 [API] Updating table_plugins_history.json file in /front/api 18:02:13 [API] Updating table_online_history.json file in /front/api 18:02:13 [API] Updating table_custom_endpoint.json file in /front/api 18:02:13 [Plugin utils] --------------------------------------------- 18:02:13 [Plugin utils] display_name: Rogue DHCP 18:02:13 [Plugins] Executing: python3 /app/front/plugins/dhcp_servers/script.py 18:02:14 [DHCPSRVS] In script 18:02:24 Error in main:Command '['sudo', 'nmap', '--script', 'broadcast-dhcp-discover']' timed out after 10 seconds 18:02:24 [Plugins] No output received from the plugin "DHCPSRVS" 18:02:24 [Plugin utils] --------------------------------------------- 18:02:24 [Plugin utils] display_name: AVAHISCAN (Name discovery) 18:02:24 [Plugins] Executing: python3 /app/front/plugins/avahi_scan/avahi_scan.py 18:02:24 [AVAHISCAN] In script 18:02:24 [Database] Opening DB 18:02:24 [AVAHISCAN] Unknown devices count: 0 18:02:24 [AVAHISCAN] Script finished 18:02:24 [Plugins] No output received from the plugin "AVAHISCAN" 18:02:24 [Plugin utils] --------------------------------------------- 18:02:24 [Plugin utils] display_name: NBTSCAN (Name discovery) 18:02:24 [Plugins] Executing: python3 /app/front/plugins/nbtscan_scan/nbtscan.py 18:02:24 [NBTSCAN] In script 18:02:24 [Database] Opening DB 18:02:24 [NBTSCAN] Unknown devices count: 0 18:02:24 [NBTSCAN] Script finished 18:02:24 [Plugins] No output received from the plugin "NBTSCAN" 18:02:24 [Notification] Check if something to report 18:02:24 [Notification] Included sections: ['new_devices', 'down_devices', 'events'] 18:02:25 [Notification] No changes to report 18:02:25 [MAIN] Process: Wait

Debug enabled

jokob-sk commented 1 week ago

Hi @milindpatel63 ,

Thanks a lot for the detailed description. This helps a lot 🙏

This should be available in the next release. It would be great if you could test this. Can you please switch to the netalertx-dev docker image (backup everything at first), in about 15 minutes (or after the last action finishes) from now.

Make sure you refresh your browser cache - and click the 🔄 refresh button in the top right corner.

Thanks in advance, j

milindpatel63 commented 5 days ago

Hi @milindpatel63 ,

Thanks a lot for the detailed description. This helps a lot 🙏

This should be available in the next release. It would be great if you could test this. Can you please switch to the netalertx-dev docker image (backup everything at first), in about 15 minutes (or after the last action finishes) from now.

Make sure you refresh your browser cache - and click the 🔄 refresh button in the top right corner.

Thanks in advance, j

Can confirm, it works fine now. image tested using the latest netalertx-dev image.