WebSVN – ALCASAR – Diff – /scripts/alcasar-watchdog.sh


#!/bin/bash
# $Id: alcasar-watchdog.sh 2106 2017-01-05 18:35:29Z richard $
 
# alcasar-watchdog.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# il déconnecte les usagers dont
# - les équipements réseau ne répondent plus ( si la fenetre status.php a été fermé. Les autorisations par adresse mac sont laissé de côté)
# - les adresses MAC sont usurpées
# This script tells users that Internet access is down
# it logs out users whose 
# - PCs are quiet (it means that status.php has been closed. We put aside @MAC Authorization )
# - MAC address is used by other systems (usurped)
 
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`			# EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`			# INTernal InterFace
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
tmp_file="/tmp/watchdog.txt"
tmp_users_file="/tmp/current_users.txt"
DIR_WEB="/var/www/html"
Index_Page="$DIR_WEB/index.php"
IPTABLES="/sbin/iptables"
TUNIF="tun0"						# listen device for chilli daemon
OLDIFS=$IFS
IFS=$'\n'
 
function lan_down_alert ()
# users are redirected on ALCASAR IP address if a LAN problem is detected
{
	case $LAN_DOWN in
	"1")
		logger "$EXTIF (WAN card) link down"
		echo "$EXTIF (WAN card) link down"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page
		;;
	"2")
		logger "can't contact the default router"
		echo "can't contact the default router"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
		;;
	esac
	net_pb=`grep "network_pb = True;" $Index_Page|wc -l`
	if [ $net_pb = "0" ] # user alert (only the first time)	
		then
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
		$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
	fi
}
 
function lan_test ()
# LAN connectiivity testing
{
	watchdog_process=`ps -C alcasar-watchdog.sh|wc -l`
	if [[ $(expr $watchdog_process) -gt 3 ]]
		then
		echo "ALCASAR watchdog is already running"
		exit 0
	fi
	# EXTIF testing
	LAN_DOWN="0"
	if [ `/sbin/ip link | grep $EXTIF|grep "NO-CARRIER" | wc -l` -eq "1" ]
		then
		LAN_DOWN="1"
	fi
	# Default GW testing
	if [ $LAN_DOWN -eq "0" ]
		then
		IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
		arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
		if [ $arp_reply -eq "0" ]
	       		then
			LAN_DOWN="2"
		fi
	fi
	# if LAN pb detected, users are warned
	if [ $LAN_DOWN != "0" ]
		then
			lan_down_alert
	# else switch in normal mode
	else
		echo "Internet access is OK for now"
		net_pb=`grep "network_pb = True;" $Index_Page|wc -l`
		if [ $net_pb != "0" ]
			then
			/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page
			$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
		fi
	fi
}
 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"
case $1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-lt | --lan_test)
		lan_test
		exit 0
		;;
	*)
		lan_test
		# read file that contains IP address of user who are not in $tmp_users_file (its means that status.php has been closed)
		if [ -e $tmp_file ]; then
			cat $tmp_file | while read noresponse
			do
				noresponse_ip=`echo $noresponse | cut -d" " -f1`
				noresponse_mac=`echo $noresponse | cut -d" " -f2`
				noresponse_user=`echo $noresponse | cut -d" " -f3`
				data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $noresponse_ip)
				if [ $(echo $data_users | wc -l) -eq 1 ] #if it still connected ...
	       			then
					if [[ $noresponse_user != $noresponse_mac ]] # we let @mac auth equipments connected
						then 
						logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)."
						echo "Disconnect : $noresponse_ip $noresponse_mac $noresponse_user"
						/usr/sbin/chilli_query logout $noresponse_mac
					fi
				fi
                                
			done
			rm $tmp_file
#			if [ -e $tmp_users_file ]; then
#				rm $tmp_users_file
#			fi
 
		fi
 
		# this temporary file contains every 'user IP address' which are connected to ALCASAR (status.php still open)
		if [ -e $tmp_users_file ]; then 
 
			for ip_user in $(cat $tmp_users_file)
			do
				# Check if thses users are also connected for chilli
				data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $ip_user)
				if [ $(echo $data_users | wc -l) -eq 0 ] #if user not in the file $tmp_users_file  (it means that status.php has been closed)
				then
					#save info in tmp_file
					active_ip=`echo $data_user |cut -d" " -f2`
		                        active_mac=`echo $data_user | cut -d" " -f1`
		                        active_user=`echo $data_user |cut -d" " -f6`
 
					echo "$active_ip $active_mac $active_user" >> $tmp_file #save info for next time, user will be disconnected.
				fi
			done
			rm $tmp_users_file
		else
			for system in $(/usr/sbin/chilli_query list |grep -v "\.0\.0\.0" | awk '$5 == 1')
			do
				#disconnect all users
                                active_ip=`echo $system |cut -d" " -f2`
                                active_mac=`echo $system | cut -d" " -f1`
                                active_user=`echo $system |cut -d" " -f6`
                                echo "$active_ip $active_mac $active_user" >> $tmp_file
			done
		fi
 
 
		# process each equipment known by chilli to check if any equipment is usurped (@MAC)
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
		do
			active_ip=`echo $system |cut -d" " -f2`
			active_session=`echo $system |cut -d" " -f5`
			active_mac=`echo $system | cut -d" " -f1`
			active_user=`echo $system |cut -d" " -f6`
			# process only equipment with an authenticated user
			if [[ $(expr $active_session) -eq 1 ]]
			then
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
				# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output.
				if [[ $(expr $arp_reply) -gt 2 ]]
	       				then 
					echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
					/usr/sbin/chilli_query logout $active_mac
					chmod 644 /var/Save/security/watchdog.log
				fi
			fi
		done
		;;
esac	
IFS=$OLDIFS
 

Rev 2075	Rev 2106
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-watchdog.sh 2075 2016-11-28 17:46:32Z richard $`	2	`# $Id: alcasar-watchdog.sh 2106 2017-01-05 18:35:29Z richard $`
3		3
4	`# alcasar-watchdog.sh`	4	`# alcasar-watchdog.sh`
5	`# by Rexy`	5	`# by Rexy`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# Ce script prévient les usagers de l'indisponibilité de l'accès Internet`	7	`# Ce script prévient les usagers de l'indisponibilité de l'accès Internet`
8	`# il déconnecte les usagers dont`	8	`# il déconnecte les usagers dont`
9	`# - les équipements réseau ne répondent plus ( si la fenetre status.php a été fermé. Les autorisations par adresse mac sont laissé de côté)`	9	`# - les équipements réseau ne répondent plus ( si la fenetre status.php a été fermé. Les autorisations par adresse mac sont laissé de côté)`
10	`# - les adresses MAC sont usurpées`	10	`# - les adresses MAC sont usurpées`
11	`# This script tells users that Internet access is down`	11	`# This script tells users that Internet access is down`
12	`# it logs out users whose`	12	`# it logs out users whose`
13	`# - PCs are quiet (it means that status.php has been closed. We put aside @MAC Authorization )`	13	`# - PCs are quiet (it means that status.php has been closed. We put aside @MAC Authorization )`
14	`# - MAC address is used by other systems (usurped)`	14	`# - MAC address is used by other systems (usurped)`
15		15
16	`CONF_FILE="/usr/local/etc/alcasar.conf"`	16	`CONF_FILE="/usr/local/etc/alcasar.conf"`
17	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2` # EXTernal InterFace	17	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2` # EXTernal InterFace
18	INTIF=`grep ^INTIF= $CONF_FILE\|cut -d"=" -f2` # INTernal InterFace	18	INTIF=`grep ^INTIF= $CONF_FILE\|cut -d"=" -f2` # INTernal InterFace
19	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	19	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
20	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`	20	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`
21	PRIVATE_IP=`echo "$private_ip_mask" \|cut -d"/" -f1` # @ip du portail (côté LAN)	21	PRIVATE_IP=`echo "$private_ip_mask" \|cut -d"/" -f1` # @ip du portail (côté LAN)
22	`PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}`	22	`PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}`
23	`tmp_file="/tmp/watchdog.txt"`	23	`tmp_file="/tmp/watchdog.txt"`
24	`tmp_users_file="/tmp/current_users.txt"`	24	`tmp_users_file="/tmp/current_users.txt"`
25	`DIR_WEB="/var/www/html"`	25	`DIR_WEB="/var/www/html"`
26	`Index_Page="$DIR_WEB/index.php"`	26	`Index_Page="$DIR_WEB/index.php"`
27	`IPTABLES="/sbin/iptables"`	27	`IPTABLES="/sbin/iptables"`
28	`TUNIF="tun0" # listen device for chilli daemon`	28	`TUNIF="tun0" # listen device for chilli daemon`
29	`OLDIFS=$IFS`	29	`OLDIFS=$IFS`
30	`IFS=$'\n'`	30	`IFS=$'\n'`
31		31
32	`function lan_down_alert ()`	32	`function lan_down_alert ()`
33	`# users are redirected on ALCASAR IP address if a LAN problem is detected`	33	`# users are redirected on ALCASAR IP address if a LAN problem is detected`
34	`{`	34	`{`
35	`case $LAN_DOWN in`	35	`case $LAN_DOWN in`
36	`"1")`	36	`"1")`
37	`logger "$EXTIF (WAN card) link down"`	37	`logger "$EXTIF (WAN card) link down"`
38	`echo "$EXTIF (WAN card) link down"`	38	`echo "$EXTIF (WAN card) link down"`
39	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page`	39	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page`
40	`;;`	40	`;;`
41	`"2")`	41	`"2")`
42	`logger "can't contact the default router"`	42	`logger "can't contact the default router"`
43	`echo "can't contact the default router"`	43	`echo "can't contact the default router"`
44	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`	44	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`
45	`;;`	45	`;;`
46	`esac`	46	`esac`
47	net_pb=`grep "network_pb = True;" $Index_Page\|wc -l`	47	net_pb=`grep "network_pb = True;" $Index_Page\|wc -l`
48	`if [ $net_pb = "0" ] # user alert (only the first time)`	48	`if [ $net_pb = "0" ] # user alert (only the first time)`
49	`then`	49	`then`
50	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page`	50	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page`
51	`$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`	51	`$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`
52	`fi`	52	`fi`
53	`}`	53	`}`
54		54
55	`function lan_test ()`	55	`function lan_test ()`
56	`# LAN connectiivity testing`	56	`# LAN connectiivity testing`
57	`{`	57	`{`
58	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`	58	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`
59	`if [[ $(expr $watchdog_process) -gt 3 ]]`	59	`if [[ $(expr $watchdog_process) -gt 3 ]]`
60	`then`	60	`then`
61	`echo "ALCASAR watchdog is already running"`	61	`echo "ALCASAR watchdog is already running"`
62	`exit 0`	62	`exit 0`
63	`fi`	63	`fi`
64	`# EXTIF testing`	64	`# EXTIF testing`
65	`LAN_DOWN="0"`	65	`LAN_DOWN="0"`
66	if [ `/sbin/ip link \| grep $EXTIF\|grep "NO-CARRIER" \| wc -l` -eq "1" ]	66	if [ `/sbin/ip link \| grep $EXTIF\|grep "NO-CARRIER" \| wc -l` -eq "1" ]
67	`then`	67	`then`
68	`LAN_DOWN="1"`	68	`LAN_DOWN="1"`
69	`fi`	69	`fi`
70	`# Default GW testing`	70	`# Default GW testing`
71	`if [ $LAN_DOWN -eq "0" ]`	71	`if [ $LAN_DOWN -eq "0" ]`
72	`then`	72	`then`
73	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`	73	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`
74	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`	74	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`
75	`if [ $arp_reply -eq "0" ]`	75	`if [ $arp_reply -eq "0" ]`
76	`then`	76	`then`
77	`LAN_DOWN="2"`	77	`LAN_DOWN="2"`
78	`fi`	78	`fi`
79	`fi`	79	`fi`
80	`# if LAN pb detected, users are warned`	80	`# if LAN pb detected, users are warned`
81	`if [ $LAN_DOWN != "0" ]`	81	`if [ $LAN_DOWN != "0" ]`
82	`then`	82	`then`
83	`lan_down_alert`	83	`lan_down_alert`
84	`# else switch in normal mode`	84	`# else switch in normal mode`
85	`else`	85	`else`
86	`echo "Internet access is OK for now"`	86	`echo "Internet access is OK for now"`
87	net_pb=`grep "network_pb = True;" $Index_Page\|wc -l`	87	net_pb=`grep "network_pb = True;" $Index_Page\|wc -l`
88	`if [ $net_pb != "0" ]`	88	`if [ $net_pb != "0" ]`
89	`then`	89	`then`
90	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page`	90	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page`
91	`$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`	91	`$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`
92	`fi`	92	`fi`
93	`fi`	93	`fi`
94	`}`	94	`}`
95		95
96	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"`	96	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"`
97	`case $1 in`	97	`case $1 in`
98	`-\? \| -h* \| --h*)`	98	`-\? \| -h* \| --h*)`
99	`echo "$usage"`	99	`echo "$usage"`
100	`exit 0`	100	`exit 0`
101	`;;`	101	`;;`
102	`-lt \| --lan_test)`	102	`-lt \| --lan_test)`
103	`lan_test`	103	`lan_test`
104	`exit 0`	104	`exit 0`
105	`;;`	105	`;;`
106	`*)`	106	`*)`
107	`lan_test`	107	`lan_test`
108	`# read file that contains IP address of user who are not in $tmp_users_file (its means that status.php has been closed)`	108	`# read file that contains IP address of user who are not in $tmp_users_file (its means that status.php has been closed)`
109	`if [ -e $tmp_file ]; then`	109	`if [ -e $tmp_file ]; then`
110	`cat $tmp_file \| while read noresponse`	110	`cat $tmp_file \| while read noresponse`
111	`do`	111	`do`
112	noresponse_ip=`echo $noresponse \| cut -d" " -f1`	112	noresponse_ip=`echo $noresponse \| cut -d" " -f1`
113	noresponse_mac=`echo $noresponse \| cut -d" " -f2`	113	noresponse_mac=`echo $noresponse \| cut -d" " -f2`
114	noresponse_user=`echo $noresponse \| cut -d" " -f3`	114	noresponse_user=`echo $noresponse \| cut -d" " -f3`
115	`data_user=$(/usr/sbin/chilli_query list \| grep -v "\.0\.0\.0" \| awk '$5 == 1' \| grep $noresponse_ip)`	115	`data_user=$(/usr/sbin/chilli_query list \| grep -v "\.0\.0\.0" \| awk '$5 == 1' \| grep $noresponse_ip)`
116	`if [ $(echo $data_users \| wc -l) -eq 1 ] #if it still connected ...`	116	`if [ $(echo $data_users \| wc -l) -eq 1 ] #if it still connected ...`
117	`then`	117	`then`
118	`if [[ $noresponse_user != $noresponse_mac ]] # we let @mac auth equipments connected`	118	`if [[ $noresponse_user != $noresponse_mac ]] # we let @mac auth equipments connected`
119	`then`	119	`then`
120	`logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)."`	120	`logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)."`
121	`echo "Disconnect : $noresponse_ip $noresponse_mac $noresponse_user"`	121	`echo "Disconnect : $noresponse_ip $noresponse_mac $noresponse_user"`
122	`/usr/sbin/chilli_query logout $noresponse_mac`	122	`/usr/sbin/chilli_query logout $noresponse_mac`
123	`fi`	123	`fi`
124	`fi`	124	`fi`
125		125
126	`done`	126	`done`
127	`rm $tmp_file`	127	`rm $tmp_file`
128	`# if [ -e $tmp_users_file ]; then`	128	`# if [ -e $tmp_users_file ]; then`
129	`# rm $tmp_users_file`	129	`# rm $tmp_users_file`
130	`# fi`	130	`# fi`
131		131
132	`fi`	132	`fi`
133		133
134	`#this temporary file contains every 'user IP address' which are connected to ALCASAR (status.php still open)`	134	`# this temporary file contains every 'user IP address' which are connected to ALCASAR (status.php still open)`
135	`if [ -e $tmp_users_file ]; then`	135	`if [ -e $tmp_users_file ]; then`
136		-
137	`for ip_user in $(cat $tmp_users_file)`	136	`for ip_user in $(cat $tmp_users_file)`
138	`do`	137	`do`
139	`#Check if user is still connected`	138	`# Check if thses users are also connected for chilli`
140	`data_user=$(/usr/sbin/chilli_query list \| grep -v "\.0\.0\.0" \| awk '$5 == 1' \| grep $ip_user)`	139	`data_user=$(/usr/sbin/chilli_query list \| grep -v "\.0\.0\.0" \| awk '$5 == 1' \| grep $ip_user)`
141	`if [ $(echo $data_users \| wc -l) -eq 0 ] #if user not in the file $tmp_users_file (it means that status.php has been closed)`	140	`if [ $(echo $data_users \| wc -l) -eq 0 ] #if user not in the file $tmp_users_file (it means that status.php has been closed)`
142	`then`	141	`then`
143	`#save info in tmp_file`	142	`#save info in tmp_file`
144	active_ip=`echo $data_user \|cut -d" " -f2`	143	active_ip=`echo $data_user \|cut -d" " -f2`
145	active_mac=`echo $data_user \| cut -d" " -f1`	144	active_mac=`echo $data_user \| cut -d" " -f1`
146	active_user=`echo $data_user \|cut -d" " -f6`	145	active_user=`echo $data_user \|cut -d" " -f6`
147		-
148	`echo "$active_ip $active_mac $active_user" >> $tmp_file #save info for next time, user will be disconnected.`	146	`echo "$active_ip $active_mac $active_user" >> $tmp_file #save info for next time, user will be disconnected.`
149	`fi`	147	`fi`
150	`done`	148	`done`
151	`rm $tmp_users_file`	149	`rm $tmp_users_file`
152	`else`	150	`else`
153	`for system in $(/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0" \| awk '$5 == 1')`	151	`for system in $(/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0" \| awk '$5 == 1')`
154	`do`	152	`do`
155	`#disconnect all users`	153	`#disconnect all users`
156	active_ip=`echo $system \|cut -d" " -f2`	154	active_ip=`echo $system \|cut -d" " -f2`
157	active_mac=`echo $system \| cut -d" " -f1`	155	active_mac=`echo $system \| cut -d" " -f1`
158	active_user=`echo $system \|cut -d" " -f6`	156	active_user=`echo $system \|cut -d" " -f6`
159	`echo "$active_ip $active_mac $active_user" >> $tmp_file`	157	`echo "$active_ip $active_mac $active_user" >> $tmp_file`
160	`done`	158	`done`
161	`fi`	159	`fi`
162		160
163		161
164	`# process each equipment known by chilli to check if any equipment is usurped (@MAC)`	162	`# process each equipment known by chilli to check if any equipment is usurped (@MAC)`
165	for system in `/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0"`	163	for system in `/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0"`
166	`do`	164	`do`
167	active_ip=`echo $system \|cut -d" " -f2`	165	active_ip=`echo $system \|cut -d" " -f2`
168	active_session=`echo $system \|cut -d" " -f5`	166	active_session=`echo $system \|cut -d" " -f5`
169	active_mac=`echo $system \| cut -d" " -f1`	167	active_mac=`echo $system \| cut -d" " -f1`
170	active_user=`echo $system \|cut -d" " -f6`	168	active_user=`echo $system \|cut -d" " -f6`
171	`# process only equipment with an authenticated user`	169	`# process only equipment with an authenticated user`
172	`if [[ $(expr $active_session) -eq 1 ]]`	170	`if [[ $(expr $active_session) -eq 1 ]]`
173	`then`	171	`then`
174	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip\|grep "Unicast reply"\|wc -l`	172	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip\|grep "Unicast reply"\|wc -l`
175	`# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output.`	173	`# disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output.`
176	`if [[ $(expr $arp_reply) -gt 2 ]]`	174	`if [[ $(expr $arp_reply) -gt 2 ]]`
177	`then`	175	`then`
178	`echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log`	176	`echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log`
179	`logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."`	177	`logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."`
180	`/usr/sbin/chilli_query logout $active_mac`	178	`/usr/sbin/chilli_query logout $active_mac`
181	`chmod 644 /var/Save/security/watchdog.log`	179	`chmod 644 /var/Save/security/watchdog.log`
182	`fi`	180	`fi`
183	`fi`	181	`fi`
184	`done`	182	`done`
185	`;;`	183	`;;`
186	`esac`	184	`esac`
187	`IFS=$OLDIFS`	185	`IFS=$OLDIFS`
188		186

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh @ 2221 – Rev 2075 → 2106