marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d661a6099c
ids.alfacom.it/deployment/setup_crontab.sh
marco370 fcd4bbf2b2 Add comprehensive deployment and configuration guides for the IDS system 
This commit introduces detailed documentation for deploying the Intrusion Detection System (IDS) on AlmaLinux 9, including setup scripts, MikroTik router configuration, and update procedures via git. It also includes the syslog parser script for processing router logs and saving them to PostgreSQL.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: b2b01a4a-55da-4f33-9143-6bf0399e0a03
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/c9ITWqD
2025-11-15 11:30:55 +00:00

260 lines
8.5 KiB
Bash
Raw Blame History

#!/bin/bash
# Script per configurare crontab per il sistema IDS
# Eseguire con: chmod +x setup_crontab.sh && sudo ./setup_crontab.sh
# Colori per output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
echo -e "${BLUE}🔧 CONFIGURAZIONE CRONTAB SISTEMA IDS${NC}"
echo "=================================================="
# Rileva percorso corrente
IDS_DIR="/opt/ids"
echo -e "${YELLOW}📁 Directory IDS: ${IDS_DIR}${NC}"
# Percorsi dei log
TRAINING_LOG="/var/log/ids/training.log"
DETECT_LOG="/var/log/ids/detect.log"
FRONTEND_LOG="/var/log/ids/frontend.log"
BACKEND_LOG="/var/log/ids/backend.log"
CRON_LOG="/var/log/ids/cron.log"
# Crea directory log
mkdir -p /var/log/ids
chown -R ids:ids /var/log/ids
echo -e "${YELLOW}📄 Log files:${NC}"
echo -e " • Training: ${TRAINING_LOG}"
echo -e " • Detection: ${DETECT_LOG}"
echo -e " • Frontend: ${FRONTEND_LOG}"
echo -e " • Backend Python: ${BACKEND_LOG}"
echo -e " • Crontab: ${CRON_LOG}"
# Crea backup del crontab esistente
echo -e "\n${BLUE}💾 Backup crontab esistente...${NC}"
crontab -u ids -l > /tmp/crontab_backup_$(date +%Y%m%d_%H%M%S) 2>/dev/null || echo "Nessun crontab esistente"
# Crea il nuovo crontab
echo -e "\n${BLUE}⚙️ Configurazione nuovo crontab...${NC}"
cat > /tmp/new_crontab << EOF
# ============================================
# SISTEMA IDS - CONFIGURAZIONE AUTOMATICA
# ============================================
# Training ML ogni 12 ore (alle 00:00 e 12:00)
0 */12 * * * cd ${IDS_DIR}/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/train', json={'max_records': 10000, 'hours_back': 24})" >> ${TRAINING_LOG} 2>&1
# Detection automatica ogni 5 minuti
*/5 * * * * cd ${IDS_DIR}/python_ml && /usr/bin/python3.11 -c "import requests; requests.post('http://localhost:8000/detect', json={'max_records': 5000, 'auto_block': True, 'risk_threshold': 75})" >> ${DETECT_LOG} 2>&1
# Verifica processo backend Python ogni 5 minuti (riavvia se non attivo)
*/5 * * * * ${IDS_DIR}/deployment/check_backend.sh >> ${CRON_LOG} 2>&1
# Verifica processo frontend ogni 5 minuti (riavvia se non attivo)
*/5 * * * * ${IDS_DIR}/deployment/check_frontend.sh >> ${CRON_LOG} 2>&1
# Pulizia log settimanale (ogni domenica alle 02:00)
0 2 * * 0 find /var/log/ids -name "*.log" -size +100M -exec truncate -s 50M {} \; >> ${CRON_LOG} 2>&1
# Restart completo del sistema ogni settimana (domenica alle 03:00)
0 3 * * 0 ${IDS_DIR}/deployment/restart_all.sh >> ${CRON_LOG} 2>&1
# Backup database giornaliero (alle 04:00)
0 4 * * * ${IDS_DIR}/deployment/backup_db.sh >> ${CRON_LOG} 2>&1
EOF
# Installa il nuovo crontab
crontab -u ids /tmp/new_crontab
echo -e "${GREEN}✅ Crontab configurato con successo!${NC}"
# Crea script di controllo backend Python
echo -e "\n${BLUE}📜 Creazione script di controllo backend...${NC}"
cat > ${IDS_DIR}/deployment/check_backend.sh << 'EOF'
#!/bin/bash
# Script per verificare e riavviare il backend Python se necessario
BACKEND_LOG="/var/log/ids/backend.log"
IDS_DIR="/opt/ids"
PIDFILE="/var/run/ids/backend.pid"
mkdir -p /var/run/ids
# Funzione per avviare backend
start_backend() {
echo "$(date): Avvio backend Python FastAPI..." >> "$BACKEND_LOG"
cd "$IDS_DIR/python_ml"
nohup /usr/bin/python3.11 main.py >> "$BACKEND_LOG" 2>&1 &
echo $! > "$PIDFILE"
echo "$(date): Backend avviato con PID $(cat $PIDFILE)" >> "$BACKEND_LOG"
}
# Verifica se il processo è attivo
if [ -f "$PIDFILE" ]; then
PID=$(cat "$PIDFILE")
if ps -p "$PID" > /dev/null 2>&1; then
# Processo attivo, verifica health endpoint
if ! curl -f http://localhost:8000/health > /dev/null 2>&1; then
echo "$(date): Backend non risponde, riavvio..." >> "$BACKEND_LOG"
kill "$PID" 2>/dev/null
sleep 5
start_backend
fi
else
echo "$(date): Backend non trovato, riavvio..." >> "$BACKEND_LOG"
start_backend
fi
else
echo "$(date): File PID non trovato, avvio backend..." >> "$BACKEND_LOG"
start_backend
fi
EOF
chmod +x ${IDS_DIR}/deployment/check_backend.sh
# Crea script di controllo frontend
echo -e "\n${BLUE}📜 Creazione script di controllo frontend...${NC}"
cat > ${IDS_DIR}/deployment/check_frontend.sh << 'EOF'
#!/bin/bash
# Script per verificare e riavviare il frontend se necessario
FRONTEND_LOG="/var/log/ids/frontend.log"
IDS_DIR="/opt/ids"
PIDFILE="/var/run/ids/frontend.pid"
mkdir -p /var/run/ids
# Funzione per avviare frontend
start_frontend() {
echo "$(date): Avvio frontend Node.js..." >> "$FRONTEND_LOG"
cd "$IDS_DIR"
nohup npm run dev >> "$FRONTEND_LOG" 2>&1 &
echo $! > "$PIDFILE"
echo "$(date): Frontend avviato con PID $(cat $PIDFILE)" >> "$FRONTEND_LOG"
}
# Verifica se il processo è attivo
if [ -f "$PIDFILE" ]; then
PID=$(cat "$PIDFILE")
if ps -p "$PID" > /dev/null 2>&1; then
# Processo attivo, verifica se risponde
if ! curl -f http://localhost:5000 > /dev/null 2>&1; then
echo "$(date): Frontend non risponde, riavvio..." >> "$FRONTEND_LOG"
kill "$PID" 2>/dev/null
sleep 5
start_frontend
fi
else
echo "$(date): Frontend non trovato, riavvio..." >> "$FRONTEND_LOG"
start_frontend
fi
else
echo "$(date): File PID non trovato, avvio frontend..." >> "$FRONTEND_LOG"
start_frontend
fi
EOF
chmod +x ${IDS_DIR}/deployment/check_frontend.sh
# Crea script di restart completo
echo -e "\n${BLUE}🔄 Creazione script di restart...${NC}"
cat > ${IDS_DIR}/deployment/restart_all.sh << 'EOF'
#!/bin/bash
# Script per restart completo del sistema IDS
CRON_LOG="/var/log/ids/cron.log"
IDS_DIR="/opt/ids"
echo "$(date): === RESTART SETTIMANALE SISTEMA IDS ===" >> "$CRON_LOG"
# Termina backend
if [ -f "/var/run/ids/backend.pid" ]; then
PID=$(cat /var/run/ids/backend.pid)
kill -TERM "$PID" 2>/dev/null
rm -f /var/run/ids/backend.pid
fi
# Termina frontend
if [ -f "/var/run/ids/frontend.pid" ]; then
PID=$(cat /var/run/ids/frontend.pid)
kill -TERM "$PID" 2>/dev/null
rm -f /var/run/ids/frontend.pid
fi
sleep 10
# Pulizia file temporanei
echo "$(date): Pulizia file temporanei..." >> "$CRON_LOG"
find /tmp -name "*ids*" -mtime +1 -delete 2>/dev/null
find "$IDS_DIR" -name "*.pyc" -delete 2>/dev/null
find "$IDS_DIR" -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null
# Riavvio servizi
echo "$(date): Riavvio servizi..." >> "$CRON_LOG"
${IDS_DIR}/deployment/check_backend.sh
${IDS_DIR}/deployment/check_frontend.sh
EOF
chmod +x ${IDS_DIR}/deployment/restart_all.sh
# Crea script di backup database
echo -e "\n${BLUE}💾 Creazione script di backup database...${NC}"
cat > ${IDS_DIR}/deployment/backup_db.sh << 'EOF'
#!/bin/bash
# Backup giornaliero database PostgreSQL
BACKUP_DIR="/opt/ids/backups"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/ids_backup_$TIMESTAMP.sql"
mkdir -p "$BACKUP_DIR"
# Esegui backup
PGPASSWORD="ids_password_change_me" pg_dump -U ids_user -h localhost ids_database > "$BACKUP_FILE"
# Comprimi backup
gzip "$BACKUP_FILE"
# Mantieni solo gli ultimi 7 backup
find "$BACKUP_DIR" -name "ids_backup_*.sql.gz" -mtime +7 -delete
echo "$(date): Backup completato: ${BACKUP_FILE}.gz"
EOF
chmod +x ${IDS_DIR}/deployment/backup_db.sh
# Avvio immediato dei processi
echo -e "\n${BLUE}🚀 Avvio immediato dei processi...${NC}"
sudo -u ids ${IDS_DIR}/deployment/check_backend.sh
sudo -u ids ${IDS_DIR}/deployment/check_frontend.sh
echo -e "\n${GREEN}✅ CONFIGURAZIONE COMPLETATA!${NC}"
echo ""
echo -e "${YELLOW}📋 COMANDI UTILI:${NC}"
echo -e " • Visualizza log backend: ${BLUE}tail -f ${BACKEND_LOG}${NC}"
echo -e " • Visualizza log frontend: ${BLUE}tail -f ${FRONTEND_LOG}${NC}"
echo -e " • Visualizza log training: ${BLUE}tail -f ${TRAINING_LOG}${NC}"
echo -e " • Visualizza log detection: ${BLUE}tail -f ${DETECT_LOG}${NC}"
echo -e " • Stato crontab: ${BLUE}crontab -u ids -l${NC}"
echo -e " • Stato processi: ${BLUE}ps aux | grep -E 'python.*main|npm.*dev'${NC}"
echo -e " • Restart manuale: ${BLUE}sudo ${IDS_DIR}/deployment/restart_all.sh${NC}"
echo ""
echo -e "${YELLOW}⚠️ IMPORTANTE:${NC}"
echo -e " • Training automatico ogni 12 ore"
echo -e " • Detection automatica ogni 5 minuti"
echo -e " • Monitoring processi ogni 5 minuti"
echo -e " • Restart automatico ogni domenica alle 03:00"
echo -e " • Backup database giornaliero alle 04:00"
echo ""
echo -e "${GREEN}🎉 Sistema IDS configurato per l'esecuzione automatica!${NC}"
Reference in New Issue View Git Blame Copy Permalink