f356181ada
Create detailed Markdown documentation for IDS installation, including quick start, step-by-step, and configuration details. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: e8ff5164-9660-4159-93ac-0d6cae981bb0 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/c9ITWqD
5.7 KiB
5.7 KiB
⚡ Comandi Rapidi IDS
Riferimento veloce per operazioni comuni sul sistema IDS.
🚀 Installazione Iniziale (Solo Prima Volta)
# 1. Clone repository
cd /opt/ids
sudo -u ids git clone https://<USER>:<TOKEN>@git.alfacom.it/<OWNER>/ids.git .
# 2. Setup sistema
./deployment/setup_almalinux.sh
# 3. Configura environment
sudo -u ids cp .env.example .env
sudo -u ids cp git.env.example git.env
sudo -u ids nano .env # Configura password
sudo -u ids nano git.env # Configura git
# 4. Installa dipendenze
cd /opt/ids
sudo -u ids npm install
cd python_ml && sudo -u ids pip3.11 install -r requirements.txt
# 5. Database
cd /opt/ids
sudo -u ids npm run db:push
# 6. Syslog
./deployment/setup_syslog_server.sh
# 7. Avvio
./deployment/setup_crontab.sh
🔄 Aggiornamento da Git
cd /opt/ids
sudo -u ids ./deployment/update_from_git.sh
🔍 Monitoring
Processi Attivi
ps aux | grep -E 'python.*main|npm.*dev|syslog_parser'
Log Real-time
# Backend Python
tail -f /var/log/ids/backend.log
# Frontend Node
tail -f /var/log/ids/frontend.log
# Syslog Parser
tail -f /var/log/ids/syslog_parser.log
# Training ML
tail -f /var/log/ids/training.log
# Detection
tail -f /var/log/ids/detect.log
# Log router
tail -f /var/log/mikrotik/raw.log
🔄 Restart Servizi
# Restart completo
/opt/ids/deployment/restart_all.sh
# Solo backend Python
/opt/ids/deployment/check_backend.sh
# Solo frontend
/opt/ids/deployment/check_frontend.sh
🗄️ Database
Accesso PostgreSQL
psql -U ids_user -d ids_database
Query Utili
-- Conta log totali
SELECT COUNT(*) FROM network_logs;
-- Ultimi 10 log
SELECT * FROM network_logs ORDER BY timestamp DESC LIMIT 10;
-- Detections bloccate
SELECT COUNT(*) FROM detections WHERE blocked = true;
-- Router configurati
SELECT * FROM routers;
-- Whitelist IP
SELECT * FROM whitelist;
-- Training history
SELECT * FROM training_history ORDER BY trained_at DESC LIMIT 5;
Backup Manuale
/opt/ids/deployment/backup_db.sh
🤖 Machine Learning
Training Manuale
curl -X POST http://localhost:8000/train \
-H "Content-Type: application/json" \
-d '{"max_records": 10000, "hours_back": 24, "contamination": 0.01}'
Detection Manuale
curl -X POST http://localhost:8000/detect \
-H "Content-Type: application/json" \
-d '{"max_records": 5000, "auto_block": true, "risk_threshold": 75}'
Statistiche
curl http://localhost:8000/stats | jq
Health Check
curl http://localhost:8000/health
🔥 Firewall
Verifica Regole
firewall-cmd --list-all
Apri Porta
firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload
📡 Syslog / Router
Verifica Rsyslog
systemctl status rsyslog
Restart Rsyslog
systemctl restart rsyslog
Verifica Porta 514
netstat -ulnp | grep 514
Test Log da Router
Sul router MikroTik:
/log print where topics~"firewall"
⏰ Crontab
Visualizza Crontab
crontab -u ids -l
Modifica Crontab
crontab -u ids -e
🔧 Troubleshooting
Log non arrivano
# Verifica rsyslog
systemctl status rsyslog
netstat -ulnp | grep 514
# Verifica log file
ls -la /var/log/mikrotik/
tail -f /var/log/mikrotik/raw.log
# Riavvia rsyslog
systemctl restart rsyslog
Database non si popola
# Verifica parser
ps aux | grep syslog_parser
tail -f /var/log/ids/syslog_parser.log
# Riavvia parser
pkill -f syslog_parser
cd /opt/ids/python_ml
sudo -u ids nohup python3.11 syslog_parser.py > /var/log/ids/syslog_parser.log 2>&1 &
Backend non risponde
# Verifica processo
ps aux | grep "python.*main"
tail -f /var/log/ids/backend.log
# Test API
curl http://localhost:8000/health
# Riavvia
/opt/ids/deployment/check_backend.sh
Frontend non carica
# Verifica processo
ps aux | grep "npm.*dev"
tail -f /var/log/ids/frontend.log
# Test
curl http://localhost:5000
# Riavvia
/opt/ids/deployment/check_frontend.sh
📊 Spazio Disco
# Verifica spazio
df -h
# Dimensione log
du -sh /var/log/ids/*
du -sh /var/log/mikrotik/*
# Pulisci log vecchi
find /var/log/ids -name "*.log" -size +100M -exec truncate -s 50M {} \;
# Pulisci backup vecchi
find /opt/ids/backups -name "*.sql.gz" -mtime +7 -delete
🌐 Accesso Web
# Dashboard
http://<IP_SERVER>:5000
# API Backend Docs
http://<IP_SERVER>:8000/docs
🔐 Sicurezza
Genera Password Sicura
openssl rand -base64 32
Cambia Password Database
# Genera nuova password
NEW_PASS=$(openssl rand -base64 32)
echo "Nuova password: $NEW_PASS"
# Aggiorna PostgreSQL
sudo -u postgres psql -c "ALTER USER ids_user WITH PASSWORD '$NEW_PASS';"
# Aggiorna .env
sudo -u ids nano /opt/ids/.env
# Modifica PGPASSWORD=<NUOVA_PASSWORD>
# Restart servizi
/opt/ids/deployment/restart_all.sh
📋 Info Sistema
# Versione sistema
cat /etc/os-release
# Versioni software
python3.11 --version
node --version
npm --version
psql --version
# Uptime
uptime
# Memoria
free -h
# CPU
top -bn1 | head -20
🚨 Comandi Emergenza
Stop Tutto
pkill -f "python.*main"
pkill -f "npm.*dev"
pkill -f "syslog_parser"
Restart Completo Sistema
/opt/ids/deployment/restart_all.sh
Restore Backup Database
# Lista backup disponibili
ls -lh /opt/ids/backups/
# Restore backup specifico
gunzip -c /opt/ids/backups/ids_backup_20250115_120000.sql.gz | \
psql -U ids_user -d ids_database
Per guida completa: cat /opt/ids/deployment/INSTALLAZIONE_STEP_BY_STEP.md