vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-09 16:18:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
6055 commits 26 branches 19 tags 450 MiB
Commit graph

2980 commits

Author SHA1 Message Date
Simone Mainardi
0946961be2 Fixes wrong reset of large rrd values causing empty charts 2019-03-21 17:15:16 +01:00
Simone Mainardi
091e89d5a3 Implements hosts walker by address CIDR 2019-03-21 15:25:00 +01:00
Simone Mainardi
4d162c17b5 Adds if_stats.lua Networks tab with broadcast domains 2019-03-21 11:17:09 +01:00
Simone Mainardi
295b60ddf1 Shows broadcast/multicast badges in host details 2019-03-20 11:00:53 +01:00
Simone Mainardi
2c50c66532 Fixes locales ordering 2019-03-18 16:37:55 +01:00
emanuele-f
c1be2c2a55 Add switch to print InfluxDB queries 2019-03-18 15:27:14 +01:00
emanuele-f
c00478f30f Improve "hosts" lists support and add MalwareDomainList 2019-03-18 12:52:21 +01:00
emanuele-f
8f5a6495a2 Add InfluxDB download link 2019-03-18 12:09:16 +01:00
Simone Mainardi
0023f7e247 Implements and shows ghost broadcast domains 2019-03-15 14:09:36 +01:00
Luca
c136776d84 Implementation of custom timeseries load 2019-03-15 13:44:15 +01:00
Simone Mainardi
dafe054c3d Revert "Add files via upload (#2457)" 
This reverts commit 44b735287f.
 2019-03-15 11:14:28 +01:00
Salvatore Costantino
44b735287f Add files via upload (#2457) 2019-03-14 19:43:21 +01:00
Simone Mainardi
bac4be911d Adds broadcast domain to the interface stats page 2019-03-14 17:17:18 +01:00
Simone Mainardi
b41eeffba7 [Security] Fixes possible stored XSS in runtime.lua 
XSS attempts were output to the ntopng logs for example as:

14/Mar/2019 12:53:07 [LuaEngine.cpp:9164] WARNING: Script failure [/home/simone/ntopng/scripts/lua/about.lua][/home/simone/ntopng/scripts/lua/modules/http_lint.lua:1555: [LINT] _POST["ntopng_license"] = "'><script>alert(2)</script>" parameter error: Validation error]

When page runtime.lua was reading logs to show them, the JS was interpreted and scripts were executed.

Fixes

XSS3 | Stored

URL
http://192.168.2.200:3000/lua/runtime.lua

METHOD
Get
 2019-03-14 13:01:13 +01:00
Simone Mainardi
5a67bf6e43 [Security] Fixes possible XSS in login.lua referer param 
Fixes

XSS1 | Reflected

URL
http://192.168.2.200:3000/lua/login.lua?referer=%27%3E%3Cscript%3Ealert(1)%3C/script%3E

METHOD
Get

PARAMETER
referer

PAYLOAD
'><script>alert(1)</script>
 2019-03-14 11:35:35 +01:00
Simone Mainardi
522347dc1b Fixes pools initialization via API that was causing mixed pool ids 2019-03-12 16:27:20 +01:00
Simone Mainardi
4b3ae0e652 Makes the ARP matrix generation optional using a pref 2019-03-12 14:53:06 +01:00
Simone Mainardi
71158cb056 Handles deletion of host pools both with InfluxDB and RRDs 2019-03-12 13:16:27 +01:00
Simone Mainardi
dca0b2a2d8 Fixes flows certificates visualization 2019-03-12 10:28:48 +01:00
Simone Mainardi
5b667beadb Fixes getAlertTimeBounds failing with enqueued flow alerts 2019-03-11 17:01:10 +01:00
Simone Mainardi
0a903c97ce Finishes rework of ArpStatsHashMatrix 2019-03-07 14:20:41 +01:00
Luca
ea8e3e8d62 Nil fix 2019-03-06 19:48:15 +01:00
Simone Mainardi
3a6e8f8797 Prevents host label from showing up when same as name 2019-03-06 15:47:53 +01:00
Simone Mainardi
8613ffd7ee Add link to active flow in flow alerts 2019-03-06 14:56:10 +01:00
Luca Deri
0b50e6a2e4
Merge pull request #2446 from FrancescoStaccini/dev 
ARP Data Structures
 2019-03-06 13:35:03 +01:00
Simone Mainardi
912e461fdf Adds description and threshold for long-lived flows 2019-03-06 12:58:39 +01:00
Simone Mainardi
dcd1c61d78 Alert anomalies fixes 2019-03-06 12:43:45 +01:00
emanuele-f
b4bb8599ff Fix InfluxDB total stats accounting one excess point 
E.g. calculating a total on 1h interval starting from 11:00
  - Before this patch: total on [11:00,12:00]
  - With this patch: total on [11:00,11:59]
 2019-03-06 10:52:22 +01:00
Francesco Staccini
c2711abf57
Update show_arp_matrix_data.lua 2019-03-06 10:44:25 +01:00
Simone Mainardi
a3701168fe Fixes redefinition of variable causing missing flows 2019-03-06 10:43:26 +01:00
Francesco Staccini
963e461c86
Merge pull request #1 from ntop/dev 
sync my repo
 2019-03-06 10:27:14 +01:00
Luca Deri
468558ddb4 Adding a new timeseries: how to add number of unrecheable flows client/server per host. 2019-03-06 10:05:05 +01:00
Francesco
58a72c8e88 ARP Stats Structures 2019-03-05 20:26:07 +01:00
emanuele-f
9d09d2e616 Improve timeseries documentation 
Hopefully the docs are now more usable for a beginner
 2019-03-05 19:27:31 +01:00
Simone Mainardi
f8b120a9ce Implements alerts for ICMP anomalies 
Partially addresses #2387
 2019-03-05 18:02:34 +01:00
Luca Deri
cce7e53d82 Updates on Google Assistant beta integration 2019-03-05 17:02:31 +01:00
Simone Mainardi
de286daf9c Implements alerts for DNS anomalies 
Partially addresses #2387
 2019-03-05 16:49:50 +01:00
emanuele-f
c53082bb72 Use hosts rather than local hosts in the process memory chart 2019-03-05 14:12:12 +01:00
emanuele-f
8977ac81f6 Add ntopng process memory chart 2019-03-05 13:59:38 +01:00
Simone Mainardi
0516e485d1 Fixes category/application name clashes in RRDs 2019-03-04 16:03:12 +01:00
Simone Mainardi
4b30932d36 Fixes encoding issue with jp lang file 2019-03-04 10:11:10 +01:00
Simone Mainardi
a9db8e8c1e Adds validation for host pool assoc via API 2019-03-03 11:28:15 +01:00
Simone Mainardi
f7cf85d169 Fixes nil table access upon nEdge http http_bridge_conf_utils.lua 
Fixes

02/Mar/2019 18:16:46 [LuaEngine.cpp:8712] WARNING: Script failure [/home/simone/ntopng/scripts/callbacks/system/startup.lua][/home/simone/ntopng/scripts/lua/modules/tracker.lua:33: attempt to index a nil value (global '_SESSION')]
 2019-03-02 18:19:08 +01:00
Simone Mainardi
626677705b Adds Application label to flow alerts 2019-02-28 19:10:53 +01:00
Simone Mainardi
7f7dea8d87 Additional ICMP details in flow alerts 
Fixes #2414
 2019-02-28 18:44:41 +01:00
Simone Mainardi
df088c7971 Adds host pool active hosts and l2 devices charts 2019-02-28 16:22:22 +01:00
Simone Mainardi
c581f085cd Checks n2disk service upon visits to page if_stats 
Handles n2disk installations with a running ntopng
 2019-02-28 10:49:58 +01:00
Simone Mainardi
6774d8dd52 Hides traffic providers when n2disk is not available 2019-02-28 10:36:05 +01:00
emanuele-f
75747407dc Fix automatic abort in timeseries table 2019-02-28 10:15:29 +01:00
Simone Mainardi
0785c81517 Makes the allowed device applications page always visible 2019-02-27 23:16:13 +01:00