4,14 → 4,13 |
# alcasar-watchdog.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet |
# il déconnecte les usagers dont |
# - les équipements réseau ne répondent plus ( si la fenetre status.php a été fermé. Les autorisations par adresse mac sont laissé de côté) |
# - les adresses MAC sont usurpées |
# This script tells users that Internet access is down |
# it logs out users whose |
# - PCs are quiet (it means that status.php has been closed. We put aside @MAC Authorization ) |
# - MAC address is used by other systems (usurped) |
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet |
# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé) |
# - Il deconnecte les usagers dont les adresses MAC sont usurpées |
# |
# - This script tells users that Internet access is down |
# - It logs out users whose PCs are quiet (their status tab is closed) |
# - It logs out users whose MAC address is used by other systems (usurped) |
|
CONF_FILE="/usr/local/etc/alcasar.conf" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
20,8 → 19,7 |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
tmp_file="/tmp/watchdog.txt" |
current_users_file="/tmp/current_users.txt" |
current_users_file="/var/tmp/havp/current_users.txt" # file containing active users with their "status.php" tab open |
DIR_WEB="/var/www/html" |
Index_Page="$DIR_WEB/index.php" |
IPTABLES="/sbin/iptables" |
105,10 → 103,8 |
;; |
*) |
lan_test |
|
# We disconnect inactive users (its means that status.php has been closed) |
# Each user inform about his connectivity by filling in /tmp/current_users.txt his own @IP |
# process each equipment known by chilli to check if any equipment is usurped (@MAC) |
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file) |
# process each equipment known by chilli to check if IP address is usurped (with arping) |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
115,37 → 111,31 |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
active_user=`echo $system |cut -d" " -f6` |
|
#We disconnect inactive user here : |
#We check if this is not an auth @MAC and if he is still connected |
if [ "$active_user" != "$active_mac" ] && [ $(echo $system | awk '$5 == 1' | wc -c) -gt 1 ]; then |
if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then |
# If /tmp/current_user.txt exists ... |
if [ -e $current_users_file ]; then |
# We check if user @IP is in 'current_users.txt' |
cmp_user_ok=$(cat $current_users_file | grep $active_ip | wc -w) |
# If this @IP is not in this file, we disconnect this user. |
# If not we disconnect this user. |
if [ $cmp_user_ok -eq 0 ]; then |
logger "alcasar-watchdog $active_ip ($active_mac) can't be contact. Alcasar disconnects the user ($active_user)." |
echo "Disconnect : $active_ip $active_mac $active_user" |
/usr/sbin/chilli_query logout $active_mac |
fi |
# We clean 'current_users.txt'. Every user need to inform their @IP everytime to prove thier connectivity. |
sed -i 'd' $current_users_file |
else # If /tmp/current_user.txt does not exists we disconnect every users. |
# Remove the user's IP from 'current_users.txt'. Every user need to insert their @IP everytime to prove their connectivity. |
sed -i "/^$active_ip/d" $current_users_file |
else # "/tmp/current_user.txt" does not exists. We disconnect every users. |
logger "Le fichier /tmp/current_users.txt n'existe pas." |
logger "alcasar-watchdog $active_ip ($active_mac) can't be contact. Alcasar disconnects the user ($active_user)." |
echo "Disconnect : $active_ip $active_mac $active_user" |
/usr/sbin/chilli_query logout $active_mac |
fi |
fi |
|
|
|
# process only equipment with an authenticated user |
# IP usurpation test : process only equipment with an authenticated user |
if [[ $(expr $active_session) -eq 1 ]] |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output. |
# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 3 lines in output. |
if [[ $(expr $arp_reply) -gt 2 ]] |
then |
echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log |
158,4 → 148,3 |
;; |
esac |
IFS=$OLDIFS |
|