| 308 | richard | 1 | #!/bin/sh
 | 
        
           | 64 | franck | 2 | # $Id: alcasar-watchdog.sh 309 2010-10-26 21:58:25Z richard $
 | 
        
           | 1 | root | 3 | # by rexy
 | 
        
           | 308 | richard | 4 | # Ce script prévient les usagers de l'indisponibilité de l'accès Internet
 | 
        
           |  |  | 5 | # il déconnecte les usagers dont
 | 
        
           | 1 | root | 6 | # - les équipementis réseau ne répondent plus
 | 
        
           |  |  | 7 | # - les adresses MAC sont usurpées
 | 
        
           | 308 | richard | 8 | # This script tells users that Internet access is down
 | 
        
           |  |  | 9 | # it logs out users whose 
 | 
        
           | 1 | root | 10 | # - PCs are quiet
 | 
        
           |  |  | 11 | # - MAC address are in used by other systems (usurped)
 | 
        
           |  |  | 12 |   | 
        
           | 308 | richard | 13 | EXTIF="eth0"
 | 
        
           | 1 | root | 14 | INTIF="eth1"
 | 
        
           |  |  | 15 | PRIVATE_IP="192.168.182.1"
 | 
        
           |  |  | 16 | tmp_file="/tmp/watchdog.txt"
 | 
        
           | 308 | richard | 17 | Network_Pb_Page="/var/www/html/redirect/index-network-pb.php"
 | 
        
           | 1 | root | 18 | IFS=$'\n'
 | 
        
           | 308 | richard | 19 |   | 
        
           |  |  | 20 | # Fonction appelée si un Pb de connectivité Internet
 | 
        
           |  |  | 21 | # On fait pointer les usagers sur une page d'erreur
 | 
        
           |  |  | 22 | function ext_down_alert ()
 | 
        
           |  |  | 23 | {
 | 
        
           |  |  | 24 | 	case $EXT_DOWN in
 | 
        
           |  |  | 25 | 	"1")
 | 
        
           |  |  | 26 | 		logger "eth0 link down"
 | 
        
           |  |  | 27 | 		/bin/sed -i "s?diagnostic =.*?diagnostic = eth0 link down?g" $Network_Pb_Page
 | 
        
           |  |  | 28 | 		;;
 | 
        
           |  |  | 29 | 	"2")
 | 
        
           |  |  | 30 | 		logger "can't contact the default router"
 | 
        
           |  |  | 31 | 		/bin/sed -i "s?diagnostic =.*?diagnostic = can't contact the default router?g" $Network_Pb_Page
 | 
        
           |  |  | 32 | 		;;
 | 
        
           |  |  | 33 | 	"3")
 | 
        
           |  |  | 34 | 		logger "can't contact the Internet DNS"
 | 
        
           |  |  | 35 | 		/bin/sed -i "s?diagnostic =.*?diagnostic = can't contact the Internet DNS?g" $Network_Pb_Page
 | 
        
           |  |  | 36 | 		;;
 | 
        
           |  |  | 37 | 	esac
 | 
        
           |  |  | 38 | 	net_pb=`cat /etc/dnsmasq.d/alcasar-dnsmasq.conf|grep "address=/#/"|wc -l`
 | 
        
           |  |  | 39 | 	if [ $net_pb != "1" ]
 | 
        
           |  |  | 40 | 		then
 | 
        
           | 309 | richard | 41 | 		ln -sf /var/www/html/redirect/index-network-pb.php /var/www/html/redirect/index.php
 | 
        
           | 308 | richard | 42 | 		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq.d/alcasar-dnsmasq.conf
 | 
        
           |  |  | 43 | 		/etc/init.d/dnsmasq restart
 | 
        
           |  |  | 44 | 	fi
 | 
        
           |  |  | 45 | }
 | 
        
           |  |  | 46 |   | 
        
           |  |  | 47 | # On teste la connectivité réseau
 | 
        
           |  |  | 48 | # On teste l'état d'EXTIF
 | 
        
           |  |  | 49 | EXT_DOWN="0"
 | 
        
           |  |  | 50 | if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
 | 
        
           |  |  | 51 | 	then
 | 
        
           |  |  | 52 | 	EXT_DOWN="1"
 | 
        
           |  |  | 53 | fi
 | 
        
           |  |  | 54 | # si EXTIF ok, on teste la connectivité vers le routeur par défaut (Box FAI)
 | 
        
           |  |  | 55 | if [ $EXT_DOWN -eq "0" ]
 | 
        
           |  |  | 56 | 	then
 | 
        
           |  |  | 57 | 	IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
 | 
        
           |  |  | 58 | 	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
 | 
        
           |  |  | 59 | 	if [ $arp_reply -eq "0" ]
 | 
        
           |  |  | 60 | 	       	then
 | 
        
           |  |  | 61 | 		EXT_DOWN="2"
 | 
        
           |  |  | 62 | 	fi
 | 
        
           |  |  | 63 | fi
 | 
        
           |  |  | 64 | # si routeur OK, on teste la connectivité vers les DNS externes
 | 
        
           |  |  | 65 | # + tard (EXT_DOWN=3)
 | 
        
           |  |  | 66 | # si Pb réseau, on avertit les usagers
 | 
        
           |  |  | 67 | if [ $EXT_DOWN != "0" ]
 | 
        
           |  |  | 68 | 	then
 | 
        
           |  |  | 69 | 		ext_down_alert
 | 
        
           |  |  | 70 | 	else
 | 
        
           |  |  | 71 | # sinon, on rebascule en mode normal
 | 
        
           |  |  | 72 | 	net_pb=`cat /etc/dnsmasq.d/alcasar-dnsmasq.conf|grep "address=/#/"|wc -l`
 | 
        
           |  |  | 73 | 	if [ $net_pb -eq "1" ]
 | 
        
           |  |  | 74 | 		then
 | 
        
           | 309 | richard | 75 | 		ln -sf /var/www/html/redirect/index-access-deny.php /var/www/html/redirect/index.php
 | 
        
           | 308 | richard | 76 | 		/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq.d/alcasar-dnsmasq.conf
 | 
        
           |  |  | 77 | 		/etc/init.d/dnsmasq restart
 | 
        
           |  |  | 78 | 	fi
 | 
        
           |  |  | 79 | fi
 | 
        
           | 1 | root | 80 | # lecture du fichier contenant les adresses IP des stations muettes
 | 
        
           |  |  | 81 | if [ -e $tmp_file ]; then
 | 
        
           |  |  | 82 | 	cat $tmp_file | while read noresponse
 | 
        
           |  |  | 83 | 	do
 | 
        
           |  |  | 84 | 		noresponse_ip=`echo $noresponse | cut -d" " -f1`
 | 
        
           |  |  | 85 | 		noresponse_mac=`echo $noresponse | cut -d" " -f2`
 | 
        
           | 109 | richard | 86 | 		arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2`
 | 
        
           | 1 | root | 87 | 		if [[ $(expr $arp_reply) -eq 0 ]]
 | 
        
           |  |  | 88 | 	       	then
 | 
        
           | 18 | franck | 89 | 			logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) reste muette. On déconnecte."
 | 
        
           | 1 | root | 90 | 			/usr/sbin/chilli_query logout $noresponse_mac
 | 
        
           |  |  | 91 | 		fi
 | 
        
           |  |  | 92 | 	done
 | 
        
           |  |  | 93 | 	rm $tmp_file
 | 
        
           |  |  | 94 | fi
 | 
        
           |  |  | 95 | # on traite chaque équipements connus de chilli
 | 
        
           |  |  | 96 | for system in `/usr/sbin/chilli_query list`
 | 
        
           |  |  | 97 | do
 | 
        
           |  |  | 98 | 	active_ip=`echo $system |cut -d" " -f2`
 | 
        
           |  |  | 99 | 	active_session=`echo $system |cut -d" " -f5`
 | 
        
           |  |  | 100 | 	active_mac=`echo $system | cut -d" " -f1`
 | 
        
           | 109 | richard | 101 | # on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
 | 
        
           | 1 | root | 102 | if [[ $(expr $active_session) -eq 1 ]]
 | 
        
           |  |  | 103 | 	then
 | 
        
           | 109 | richard | 104 | 	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep response|cut -d" " -f2`
 | 
        
           | 1 | root | 105 | # on stocke les adresses IP des stations muettes
 | 
        
           |  |  | 106 | 	if [[ $(expr $arp_reply) -eq 0 ]]
 | 
        
           |  |  | 107 | 	       	then
 | 
        
           |  |  | 108 | 			echo "$active_ip $active_mac" >> $tmp_file
 | 
        
           |  |  | 109 | 	fi
 | 
        
           |  |  | 110 | # on deconnecte l'usager d'une stations usurpée (@MAC)
 | 
        
           |  |  | 111 | 	if [[ $(expr $arp_reply) -gt 2 ]]
 | 
        
           |  |  | 112 | 	       	then
 | 
        
           | 18 | franck | 113 | 			logger "alcasar-watchdog : $active_ip est usurpée ($active_mac). On déconnecte."
 | 
        
           | 1 | root | 114 | 			/usr/sbin/chilli_query logout $active_mac
 | 
        
           |  |  | 115 | 	fi
 | 
        
           |  |  | 116 | fi
 | 
        
           |  |  | 117 | done
 | 
        
           | 308 | richard | 118 |   |