Put custom list file to /usr/share/ntopng/httpdocs/misc/lists/custom not working?

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring

http://www.ntop.org

GNU General Public License v3.0

6.26k stars 656 forks source link

Put custom list file to /usr/share/ntopng/httpdocs/misc/lists/custom not working? #7240

Closed takenek closed 1 year ago

takenek commented 1 year ago

Hey, Can You check custom blacklist working? I just create file like this: root@NAT:/usr/share/ntopng/httpdocs/misc/lists/custom# cat /usr/share/ntopng/httpdocs/misc/lists/custom/cert.list {"name":"CERT","format":"domain","enabled":false,"update_interval":86400,"url":"https://hole.cert.pl/domains/domains.txt","category":"Malware"}

and put this file to: /usr/share/ntopng/httpdocs/misc/lists/custom/ root@NAT:/usr/share/ntopng/httpdocs/misc/lists/custom# ls -al razem 16 drwxr-xr-x 2 root root 4096 02-19 15:58 . drwxr-xr-x 4 root root 4096 02-17 06:22 .. -rw-r--r-- 1 root root 144 02-19 15:52 cert.list -rw-r--r-- 1 root root 83 02-17 18:21 README.txt

After restart ntopng he do not see new blacklist.

Best Regards TaKeN

takenek commented 1 year ago

The most funny he give me information Malware category not exist... Feb 19 16:07:48 NAT ntopng: [get_category_lists.lua:15] [lists_utils.lua:82] WARNING: Skipping invalid list /usr/share/ntopng/httpdocs/misc/lists/custom/cert.list: invalid category Malware Feb 19 16:07:48 NAT ntopng[48829]: 19/Feb/2023 16:07:48 [get_category_lists.lua:15] [lists_utils.lua:82] WARNING: Skipping invalid list /usr/share/ntopng/httpdocs/misc/lists/custom/cert.list: invalid category Malware

takenek commented 1 year ago

OK I find where is problem. In GUI there is information Category name is "Malware" with big M

but in list files name of category is "malware" with small m...

Best Regards

takenek commented 1 year ago

If possible maybe do any standard for category name in file & GUI - Use only "Malware" or "malware" as category name or ignore case in list file category name.

NicoMaio commented 1 year ago

Hi @takenek, in the dev branch, it should be fixed. Please update and let me know.

takenek commented 1 year ago

Hey @NicoMaio Thank You for Your work but i do not have developer environment so i can`t test it... When will be in stable i check it. I use now this repo: deb [signed-by=/usr/share/keyrings/ntop-archive-keyring.gpg] https://packages.ntop.org/apt-stable/bullseye/ x64/ deb [signed-by=/usr/share/keyrings/ntop-archive-keyring.gpg] https://packages.ntop.org/apt-stable/bullseye/ all/

NicoMaio commented 1 year ago

Hi @takenek Now, it should be fixed in the stable version too. Please update and let me know.

takenek commented 1 year ago

Thanks :-) Still need to wait for build debian 11 package because show me no updates now.

NicoMaio commented 1 year ago

It's strange because the build with this fix finished on Friday. Can you please run this command from your terminal: apt update && apt upgrade ?

takenek commented 1 year ago

Ohhh i was thinking You fixed in stable branch today ;-) Look: Start-Date: 2023-02-26 08:37:04 Commandline: apt-get dist-upgrade --assume-yes Upgrade: nprobe:amd64 (10.2.230217-7991, 10.2.230225-7992), libtiff5:amd64 (4.2.0-1+deb11u3, 4.2.0-1+deb11u4), ntopng-data:amd64 (5.6.230217, 5.6.230225), cento:amd64 (1.18.230217-775, 1.18.230225-778), n2disk:amd64 (3.6.230217-5278, 3.6.230225-5278), pfring-dkms:amd64 (8.4.0.8138, 8.4.0.8142), ntopng:amd64 (5.6.230217-19582, 5.6.230225-19647), ndpi:amd64 (4.6.0-4125, 4.6.0-4126), pfring:amd64 (8.4.0-8138, 8.4.0-8142) End-Date: 2023-02-26 08:37:50

I update server yesterday so i check right now it's working properly now.

takenek commented 1 year ago

Looks like working: {"name":"CERT","format":"domain","enabled":true,"update_interval":86400,"url":"https://hole.cert.pl/domains/domains.txt","category":"Malware"}

and i see this blacklist. But still there is a limit 90000 domains so i am unable to use it :(