ids.alfacom.it/deployment/COMANDI_RAPIDI.md

# ⚡ Comandi Rapidi IDS

Riferimento veloce per operazioni comuni sul sistema IDS.

---

## 🚀 Installazione Iniziale (Solo Prima Volta)

```bash
# 1. Clone repository
cd /opt/ids
sudo -u ids git clone https://<USER>:<TOKEN>@git.alfacom.it/<OWNER>/ids.git .

# 2. Setup sistema
./deployment/setup_almalinux.sh

# 3. Configura environment
sudo -u ids cp .env.example .env
sudo -u ids cp git.env.example git.env
sudo -u ids nano .env        # Configura password
sudo -u ids nano git.env     # Configura git

# 4. Installa dipendenze
cd /opt/ids
sudo -u ids npm install
cd python_ml && sudo -u ids pip3.11 install -r requirements.txt

# 5. Database
cd /opt/ids
sudo -u ids npm run db:push

# 6. Syslog
./deployment/setup_syslog_server.sh

# 7. Avvio
./deployment/setup_crontab.sh
```

---

## 🔄 Aggiornamento da Git

```bash
cd /opt/ids
sudo -u ids ./deployment/update_from_git.sh
```

---

## 🔍 Monitoring

### Processi Attivi
```bash
ps aux | grep -E 'python.*main|npm.*dev|syslog_parser'
```

### Log Real-time
```bash
# Backend Python
tail -f /var/log/ids/backend.log

# Frontend Node
tail -f /var/log/ids/frontend.log

# Syslog Parser
tail -f /var/log/ids/syslog_parser.log

# Training ML
tail -f /var/log/ids/training.log

# Detection
tail -f /var/log/ids/detect.log

# Log router
tail -f /var/log/mikrotik/raw.log
```

---

## 🔄 Restart Servizi

```bash
# Restart completo
/opt/ids/deployment/restart_all.sh

# Solo backend Python
/opt/ids/deployment/check_backend.sh

# Solo frontend
/opt/ids/deployment/check_frontend.sh
```

---

## 🗄️ Database

### Accesso PostgreSQL
```bash
psql -U ids_user -d ids_database
```

### Query Utili
```sql
-- Conta log totali
SELECT COUNT(*) FROM network_logs;

-- Ultimi 10 log
SELECT * FROM network_logs ORDER BY timestamp DESC LIMIT 10;

-- Detections bloccate
SELECT COUNT(*) FROM detections WHERE blocked = true;

-- Router configurati
SELECT * FROM routers;

-- Whitelist IP
SELECT * FROM whitelist;

-- Training history
SELECT * FROM training_history ORDER BY trained_at DESC LIMIT 5;
```

### Backup Manuale
```bash
/opt/ids/deployment/backup_db.sh
```

---

## 🤖 Machine Learning

### Training Manuale
```bash
curl -X POST http://localhost:8000/train \
  -H "Content-Type: application/json" \
  -d '{"max_records": 10000, "hours_back": 24, "contamination": 0.01}'
```

### Detection Manuale
```bash
curl -X POST http://localhost:8000/detect \
  -H "Content-Type: application/json" \
  -d '{"max_records": 5000, "auto_block": true, "risk_threshold": 75}'
```

### Statistiche
```bash
curl http://localhost:8000/stats | jq
```

### Health Check
```bash
curl http://localhost:8000/health
```

---

## 🔥 Firewall

### Verifica Regole
```bash
firewall-cmd --list-all
```

### Apri Porta
```bash
firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload
```

---

## 📡 Syslog / Router

### Verifica Rsyslog
```bash
systemctl status rsyslog
```

### Restart Rsyslog
```bash
systemctl restart rsyslog
```

### Verifica Porta 514
```bash
netstat -ulnp | grep 514
```

### Test Log da Router
Sul router MikroTik:
```mikrotik
/log print where topics~"firewall"
```

---

## ⏰ Crontab

### Visualizza Crontab
```bash
crontab -u ids -l
```

### Modifica Crontab
```bash
crontab -u ids -e
```

---

## 🔧 Troubleshooting

### Log non arrivano
```bash
# Verifica rsyslog
systemctl status rsyslog
netstat -ulnp | grep 514

# Verifica log file
ls -la /var/log/mikrotik/
tail -f /var/log/mikrotik/raw.log

# Riavvia rsyslog
systemctl restart rsyslog
```

### Database non si popola
```bash
# Verifica parser
ps aux | grep syslog_parser
tail -f /var/log/ids/syslog_parser.log

# Riavvia parser
pkill -f syslog_parser
cd /opt/ids/python_ml
sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
```

### Backend non risponde
```bash
# Verifica processo
ps aux | grep "python.*main"
tail -f /var/log/ids/backend.log

# Test API
curl http://localhost:8000/health

# Riavvia
/opt/ids/deployment/check_backend.sh
```

### Frontend non carica
```bash
# Verifica processo
ps aux | grep "npm.*dev"
tail -f /var/log/ids/frontend.log

# Test
curl http://localhost:5000

# Riavvia
/opt/ids/deployment/check_frontend.sh
```

---

## 📊 Spazio Disco

```bash
# Verifica spazio
df -h

# Dimensione log
du -sh /var/log/ids/*
du -sh /var/log/mikrotik/*

# Pulisci log vecchi
find /var/log/ids -name "*.log" -size +100M -exec truncate -s 50M {} \;

# Pulisci backup vecchi
find /opt/ids/backups -name "*.sql.gz" -mtime +7 -delete
```

---

## 🌐 Accesso Web

```bash
# Dashboard
http://<IP_SERVER>:5000

# API Backend Docs
http://<IP_SERVER>:8000/docs
```

---

## 🔐 Sicurezza

### Genera Password Sicura
```bash
openssl rand -base64 32
```

### Cambia Password Database
```bash
# Genera nuova password
NEW_PASS=$(openssl rand -base64 32)
echo "Nuova password: $NEW_PASS"

# Aggiorna PostgreSQL
sudo -u postgres psql -c "ALTER USER ids_user WITH PASSWORD '$NEW_PASS';"

# Aggiorna .env
sudo -u ids nano /opt/ids/.env
# Modifica PGPASSWORD=<NUOVA_PASSWORD>

# Restart servizi
/opt/ids/deployment/restart_all.sh
```

---

## 📋 Info Sistema

```bash
# Versione sistema
cat /etc/os-release

# Versioni software
python3.11 --version
node --version
npm --version
psql --version

# Uptime
uptime

# Memoria
free -h

# CPU
top -bn1 | head -20
```

---

## 🚨 Comandi Emergenza

### Stop Tutto
```bash
pkill -f "python.*main"
pkill -f "npm.*dev"
pkill -f "syslog_parser"
```

### Restart Completo Sistema
```bash
/opt/ids/deployment/restart_all.sh
```

### Restore Backup Database
```bash
# Lista backup disponibili
ls -lh /opt/ids/backups/

# Restore backup specifico
gunzip -c /opt/ids/backups/ids_backup_20250115_120000.sql.gz | \
  psql -U ids_user -d ids_database
```

---

**Per guida completa:** `cat /opt/ids/deployment/INSTALLAZIONE_STEP_BY_STEP.md`