| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-watchdog.sh 2516 2018-03-17 16:33:45Z rexy $
|
2 |
# $Id: alcasar-watchdog.sh 2537 2018-04-30 04:07:45Z tom.houdayer $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-watchdog.sh
|
4 |
# alcasar-watchdog.sh
|
| 5 |
# by Rexy
|
5 |
# by Rexy
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet
|
7 |
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet
|
| Line 30... |
Line 30... |
| 30 |
function lan_down_alert ()
|
30 |
function lan_down_alert ()
|
| 31 |
# users are redirected on ALCASAR IP address if a LAN problem is detected
|
31 |
# users are redirected on ALCASAR IP address if a LAN problem is detected
|
| 32 |
{
|
32 |
{
|
| 33 |
case $LAN_DOWN in
|
33 |
case $LAN_DOWN in
|
| 34 |
"1")
|
34 |
"1")
|
| 35 |
logger "$EXTIF (WAN card) link down"
|
35 |
logger -t alcasar-watchdog "$EXTIF (WAN card) link down"
|
| 36 |
echo "$EXTIF (WAN card) link down"
|
36 |
echo "$EXTIF (WAN card) link down"
|
| 37 |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page
|
37 |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page
|
| 38 |
;;
|
38 |
;;
|
| 39 |
"2")
|
39 |
"2")
|
| 40 |
logger "can't contact the default router"
|
40 |
logger -t alcasar-watchdog 'can't contact the default router'
|
| 41 |
echo "can't contact the default router"
|
41 |
echo "can't contact the default router"
|
| 42 |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
|
42 |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
|
| 43 |
;;
|
43 |
;;
|
| 44 |
esac
|
44 |
esac
|
| 45 |
net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
|
45 |
net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
|
| Line 117... |
Line 117... |
| 117 |
if [ -e $current_users_file ]; then
|
117 |
if [ -e $current_users_file ]; then
|
| 118 |
# We check if user @IP is in 'current_users.txt'
|
118 |
# We check if user @IP is in 'current_users.txt'
|
| 119 |
cmp_user_ok=$(cat $current_users_file | awk -F':' "\$1 == \"$active_ip\" {print \$2}")
|
119 |
cmp_user_ok=$(cat $current_users_file | awk -F':' "\$1 == \"$active_ip\" {print \$2}")
|
| 120 |
# If not we disconnect this user.
|
120 |
# If not we disconnect this user.
|
| 121 |
if [ -z "$cmp_user_ok" ]; then
|
121 |
if [ -z "$cmp_user_ok" ]; then
|
| 122 |
logger "alcasar-watchdog : $active_ip ($active_mac) can't be contact. We disconnects the user ($active_user)."
|
122 |
logger -t alcasar-watchdog "$active_ip ($active_mac) can't be contact. We disconnects the user ($active_user)."
|
| 123 |
/usr/sbin/chilli_query logout $active_mac
|
123 |
/usr/sbin/chilli_query logout $active_mac
|
| 124 |
elif [ "$cmp_user_ok" == "TEMP" ]; then
|
124 |
elif [ "$cmp_user_ok" == "TEMP" ]; then
|
| 125 |
# Remove the user's IP from 'current_users.txt'. Every user need to insert their @IP everytime to prove their connectivity.
|
125 |
# Remove the user's IP from 'current_users.txt'. Every user need to insert their @IP everytime to prove their connectivity.
|
| 126 |
sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file
|
126 |
sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file
|
| 127 |
fi
|
127 |
fi
|
| 128 |
else # "current_user.txt" does not exists. We disconnect every users.
|
128 |
else # "current_user.txt" does not exists. We disconnect every users.
|
| 129 |
logger "alcasar-watchdog : The file /var/tmp/havp/current_users.txt doen't' exist. We disconnects the user $active_user"
|
129 |
logger -t alcasar-watchdog "The file /var/tmp/havp/current_users.txt doen't' exist. We disconnects the user $active_user"
|
| 130 |
/usr/sbin/chilli_query logout $active_mac
|
130 |
/usr/sbin/chilli_query logout $active_mac
|
| 131 |
fi
|
131 |
fi
|
| 132 |
fi
|
132 |
fi
|
| 133 |
# IP usurpation test : process only equipment with an authenticated user
|
133 |
# IP usurpation test : process only equipment with an authenticated user
|
| 134 |
if [[ $(expr $active_session) -eq 1 ]]
|
134 |
if [[ $(expr $active_session) -eq 1 ]]
|
| Line 136... |
Line 136... |
| 136 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
|
136 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
|
| 137 |
# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
|
137 |
# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
|
| 138 |
if [[ $(expr $arp_reply) -gt 1 ]]
|
138 |
if [[ $(expr $arp_reply) -gt 1 ]]
|
| 139 |
then
|
139 |
then
|
| 140 |
echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
|
140 |
echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
|
| 141 |
logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
|
141 |
logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
|
| 142 |
/usr/sbin/chilli_query logout $active_mac
|
142 |
/usr/sbin/chilli_query logout $active_mac
|
| 143 |
chmod 644 /var/Save/security/watchdog.log
|
143 |
chmod 644 /var/Save/security/watchdog.log
|
| 144 |
fi
|
144 |
fi
|
| 145 |
fi
|
145 |
fi
|
| 146 |
done
|
146 |
done
|