Subversion Repositories ALCASAR

Rev

Rev 1139 | Rev 1157 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1139 Rev 1154
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-watchdog.sh 1139 2013-06-28 04:30:02Z franck $
2
# $Id: alcasar-watchdog.sh 1154 2013-07-15 14:27:10Z crox53 $
3
 
3
 
4
# alcasar-watchdog.sh
4
# alcasar-watchdog.sh
5
# by Rexy
5
# by Rexy
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
-
 
7
 
7
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
8
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
8
# il déconnecte les usagers dont
9
# il déconnecte les usagers dont
9
# - les équipements réseau ne répondent plus
10
# - les équipements réseau ne répondent plus
10
# - les adresses MAC sont usurpées
11
# - les adresses MAC sont usurpées
11
# This script tells users that Internet access is down
12
# This script tells users that Internet access is down
12
# it logs out users whose 
13
# it logs out users whose 
13
# - PCs are quiet
14
# - PCs are quiet
14
# - MAC address is used by other systems (usurped)
15
# - MAC address are in used by other systems (usurped)
15
 
16
 
16
EXTIF="eth0"
17
EXTIF="eth0"
17
INTIF="eth1"
18
INTIF="eth1"
18
conf_file="/usr/local/etc/alcasar.conf"
19
conf_file="/usr/local/etc/alcasar.conf"
19
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
20
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
20
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
21
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
21
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
22
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
22
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
-
 
23
tmp_file="/tmp/watchdog.txt"
23
tmp_file="/tmp/watchdog.txt"
24
DIR_WEB="/var/www/html"
24
DIR_WEB="/var/www/html"
25
Index_Page="$DIR_WEB/index.php"
25
Index_Page="$DIR_WEB/index.php"
26
OLDIFS=$IFS
26
OLDIFS=$IFS
27
IFS=$'\n'
27
IFS=$'\n'
28
 
28
 
29
function lan_down_alert ()
29
function lan_down_alert ()
30
# users are redirected on ALCASAR IP address if a LAN problem is detected
30
# users are redirected on ALCASAR IP address if LAN Pb detected
31
{
31
{
32
	case $LAN_DOWN in
32
	case $LAN_DOWN in
33
	"1")
33
	"1")
34
		logger "eth0 link down"
34
		logger "eth0 link down"
35
		echo "eth0 is down"
35
		echo "eth0 is down"
Line 40... Line 40...
40
		echo "can't contact the default router"
40
		echo "can't contact the default router"
41
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
41
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
42
		;;
42
		;;
43
	esac
43
	esac
44
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
44
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
45
	if [ $net_pb = "0" ] # user alert
45
	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
46
		then
46
		then
47
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
47
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
48
		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
48
		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
49
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
49
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
50
		/etc/init.d/dnsmasq restart
50
		/etc/init.d/dnsmasq restart
Line 121... Line 121...
121
					/usr/sbin/chilli_query dhcp-release $noresponse_mac  # release dhcp for mac_auth equipment 
121
					/usr/sbin/chilli_query dhcp-release $noresponse_mac  # release dhcp for mac_auth equipment 
122
				fi
122
				fi
123
			done
123
			done
124
			rm $tmp_file
124
			rm $tmp_file
125
		fi
125
		fi
126
# process each equipment known by chilli
126
# on traite chaque équipements connus de chilli
127
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
127
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
128
		do
128
		do
129
			active_ip=`echo $system |cut -d" " -f2`
129
			active_ip=`echo $system |cut -d" " -f2`
130
			active_session=`echo $system |cut -d" " -f5`
130
			active_session=`echo $system |cut -d" " -f5`
131
			active_mac=`echo $system | cut -d" " -f1`
131
			active_mac=`echo $system | cut -d" " -f1`
132
			active_user=`echo $system |cut -d" " -f6`
132
			active_user=`echo $system |cut -d" " -f6`
133
# process only equipment with an authenticated user
133
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
134
			if [[ $(expr $active_session) -eq 1 ]]
134
			if [[ $(expr $active_session) -eq 1 ]]
135
			then
135
				then
136
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
136
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
137
# store @IP of quiet equipments
137
# on stocke les adresses IP des stations muettes
138
				if [[ $(expr $arp_reply) -eq 0 ]]
138
				if [[ $(expr $arp_reply) -eq 0 ]]
139
	       				then
139
	       				then
140
					PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$'
-
 
141
					if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments
-
 
142
					then
-
 
143
						echo "$active_ip $active_mac $active_user" >> $tmp_file
140
					echo "$active_ip $active_mac $active_user" >> $tmp_file
144
					fi
-
 
145
				fi
141
				fi
146
# disconnect users whose equipement is usurped (@MAC)
142
# on deconnecte l'usager d'une stations usurpée (@MAC)
147
				if [[ $(expr $arp_reply) -gt 2 ]]
143
				if [[ $(expr $arp_reply) -gt 2 ]]
148
	       				then
144
	       				then
149
					echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
145
					echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
150
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
146
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
151
					/usr/sbin/chilli_query logout $active_mac
147
					/usr/sbin/chilli_query logout $active_mac