4,7 → 4,6 |
# alcasar-watchdog.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
|
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet |
# il déconnecte les usagers dont |
# - les équipements réseau ne répondent plus |
12,7 → 11,7 |
# This script tells users that Internet access is down |
# it logs out users whose |
# - PCs are quiet |
# - MAC address are in used by other systems (usurped) |
# - MAC address is used by other systems (usurped) |
|
EXTIF="eth0" |
INTIF="eth1" |
19,7 → 18,8 |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
tmp_file="/tmp/watchdog.txt" |
DIR_WEB="/var/www/html" |
Index_Page="$DIR_WEB/index.php" |
27,7 → 27,7 |
IFS=$'\n' |
|
function lan_down_alert () |
# users are redirected on ALCASAR IP address if LAN Pb detected |
# users are redirected on ALCASAR IP address if a LAN problem is detected |
{ |
case $LAN_DOWN in |
"1") |
42,7 → 42,7 |
;; |
esac |
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l` |
if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas). |
if [ $net_pb = "0" ] # user alert |
then |
/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page |
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf |
123,7 → 123,7 |
done |
rm $tmp_file |
fi |
# on traite chaque équipements connus de chilli |
# process each equipment known by chilli |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
130,16 → 130,20 |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
active_user=`echo $system |cut -d" " -f6` |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes) |
# process only equipment with an authenticated user |
if [[ $(expr $active_session) -eq 1 ]] |
then |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
# on stocke les adresses IP des stations muettes |
# store @IP of quiet equipments |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
echo "$active_ip $active_mac $active_user" >> $tmp_file |
PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$' |
if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments |
then |
echo "$active_ip $active_mac $active_user" >> $tmp_file |
fi |
fi |
# on deconnecte l'usager d'une stations usurpée (@MAC) |
# disconnect users whose equipement is usurped (@MAC) |
if [[ $(expr $arp_reply) -gt 2 ]] |
then |
echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log |