| 2157 | franck | 1 | #!/bin/bash
 | 
        
           |  |  | 2 | # $Id: alcasar-watchdog-hl/sh 2113 2017-01-08 22:43:26Z richard $
 | 
        
           |  |  | 3 |   | 
        
           |  |  | 4 | # alcasar-watchdog-hl.sh
 | 
        
           |  |  | 5 | # by 3abtux
 | 
        
           |  |  | 6 | # This script is distributed under the Gnu General Public License (GPL)
 | 
        
           |  |  | 7 | # - Ce script déconnecte les équipements réseau qui sont identifiés en 0.0.0.0
 | 
        
           |  |  | 8 |   | 
        
           |  |  | 9 | # - This script disconnects the network equipments which are identified in 0.0.0.0
 | 
        
           |  |  | 10 |   | 
        
           |  |  | 11 |   | 
        
           |  |  | 12 | CONF_FILE="/usr/local/etc/alcasar.conf"
 | 
        
           |  |  | 13 | EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`			# EXTernal InterFace
 | 
        
           |  |  | 14 | INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`			# INTernal InterFace
 | 
        
           |  |  | 15 | private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
 | 
        
           |  |  | 16 | private_ip_mask=${private_ip_mask:=192.168.182.1/24}
 | 
        
           |  |  | 17 | PRIVATE_IP="192.168.180.1"
 | 
        
           |  |  | 18 |   | 
        
           |  |  | 19 | OLDIFS=$IFS
 | 
        
           |  |  | 20 | IFS=$'\n'
 | 
        
           |  |  | 21 |   | 
        
           |  |  | 22 |   | 
        
           |  |  | 23 | usage="Usage: alcasar-watchdog-hl.sh "
 | 
        
           |  |  | 24 | case $1 in
 | 
        
           |  |  | 25 | 	-\? | -h* | --h*)
 | 
        
           |  |  | 26 | 		echo "$usage"
 | 
        
           |  |  | 27 | 		exit 0
 | 
        
           |  |  | 28 | 		;;
 | 
        
           |  |  | 29 | 	*)
 | 
        
           |  |  | 30 | 		# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
 | 
        
           |  |  | 31 | 		# process each equipment known by chilli to check if IP address is usurped (with arping)
 | 
        
           |  |  | 32 | 		for system in `/usr/sbin/chilli_query list |grep  "0\.0\.0\.0 dnat"`
 | 
        
           |  |  | 33 | 		do
 | 
        
           |  |  | 34 | 			active_mac=`echo $system | cut -d" " -f1`
 | 
        
           |  |  | 35 | #			echo "$active_mac associe à 0.0.0.0"
 | 
        
           |  |  | 36 | 			# disconnect equipement is 0.0.0.0
 | 
        
           |  |  | 37 | 			echo "$(date "+[%x-%X] : ")alcasar-watchdog-hl : $active_mac is in bad lan. Alcasar release the equipment." >> /var/Save/security/watchdog-hl.log
 | 
        
           |  |  | 38 | 			/usr/sbin/chilli_query dhcp-release $active_mac
 | 
        
           |  |  | 39 | 		done
 | 
        
           |  |  | 40 | #		/usr/sbin/chilli_query list |grep  "0\.0\.0\.0 dnat"
 | 
        
           |  |  | 41 | 		;;
 | 
        
           |  |  | 42 | esac	
 | 
        
           |  |  | 43 | IFS=$OLDIFS
 |