| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-watchdog.sh 790 2012-01-12 23:23:59Z richard $
|
2 |
# $Id: alcasar-watchdog.sh 840 2012-03-16 14:15:41Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-watchdog.sh
|
4 |
# alcasar-watchdog.sh
|
| 5 |
# by Rexy
|
5 |
# by Rexy
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 14... |
Line 14... |
| 14 |
# - PCs are quiet
|
14 |
# - PCs are quiet
|
| 15 |
# - MAC address are in used by other systems (usurped)
|
15 |
# - MAC address are in used by other systems (usurped)
|
| 16 |
|
16 |
|
| 17 |
EXTIF="eth0"
|
17 |
EXTIF="eth0"
|
| 18 |
INTIF="eth1"
|
18 |
INTIF="eth1"
|
| 19 |
macallowed_file="/usr/local/etc/alcasar-macallowed"
|
- |
|
| 20 |
conf_file="/usr/local/etc/alcasar.conf"
|
19 |
conf_file="/usr/local/etc/alcasar.conf"
|
| 21 |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
|
20 |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
|
| 22 |
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
|
21 |
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
|
| 23 |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
|
22 |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
|
| 24 |
tmp_file="/tmp/watchdog.txt"
|
23 |
tmp_file="/tmp/watchdog.txt"
|
| Line 102... |
Line 101... |
| 102 |
lan_test
|
101 |
lan_test
|
| 103 |
exit 0
|
102 |
exit 0
|
| 104 |
;;
|
103 |
;;
|
| 105 |
*)
|
104 |
*)
|
| 106 |
lan_test
|
105 |
lan_test
|
| 107 |
# lecture du fichier contenant les adresses IP des stations muettes
|
106 |
# read file that contains IP address of quiet equipments
|
| 108 |
if [ -e $tmp_file ]; then
|
107 |
if [ -e $tmp_file ]; then
|
| 109 |
cat $tmp_file | while read noresponse
|
108 |
cat $tmp_file | while read noresponse
|
| 110 |
do
|
109 |
do
|
| 111 |
noresponse_ip=`echo $noresponse | cut -d" " -f1`
|
110 |
noresponse_ip=`echo $noresponse | cut -d" " -f1`
|
| 112 |
noresponse_mac=`echo $noresponse | cut -d" " -f2`
|
111 |
noresponse_mac=`echo $noresponse | cut -d" " -f2`
|
| - |
|
112 |
noresponse_user=`echo $noresponse | cut -d" " -f3`
|
| 113 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep "Unicast reply"|wc -l`
|
113 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep "Unicast reply"|wc -l`
|
| 114 |
if [[ $(expr $arp_reply) -eq 0 ]]
|
114 |
if [[ $(expr $arp_reply) -eq 0 ]]
|
| 115 |
then
|
115 |
then
|
| 116 |
mac_allowed=`cat $macallowed_file |grep $noresponse_mac | wc -l`
|
- |
|
| 117 |
if [ $mac_allowed -eq 0 ]
|
- |
|
| 118 |
then
|
- |
|
| 119 |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."
|
116 |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponce_user)."
|
| 120 |
/usr/sbin/chilli_query logout $noresponse_mac
|
117 |
/usr/sbin/chilli_query logout $noresponse_mac
|
| 121 |
else
|
- |
|
| 122 |
logger "alcasar-watchdog $noresponse_ip ($noresponse_mac - macallowed) can't be contact. Alcasar release the IP address"
|
- |
|
| 123 |
/usr/sbin/chilli_query dhcp-release $noresponse_mac
|
118 |
/usr/sbin/chilli_query dhcp-release $noresponse_mac # release dhcp for mac_auth equipment
|
| 124 |
fi
|
- |
|
| 125 |
fi
|
119 |
fi
|
| 126 |
done
|
120 |
done
|
| 127 |
rm $tmp_file
|
121 |
rm $tmp_file
|
| 128 |
fi
|
122 |
fi
|
| 129 |
# on traite chaque équipements connus de chilli
|
123 |
# on traite chaque équipements connus de chilli
|
| 130 |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
|
124 |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
|
| 131 |
do
|
125 |
do
|
| 132 |
active_ip=`echo $system |cut -d" " -f2`
|
126 |
active_ip=`echo $system |cut -d" " -f2`
|
| 133 |
active_session=`echo $system |cut -d" " -f5`
|
127 |
active_session=`echo $system |cut -d" " -f5`
|
| 134 |
active_mac=`echo $system | cut -d" " -f1`
|
128 |
active_mac=`echo $system | cut -d" " -f1`
|
| - |
|
129 |
active_user=`echo $system |cut -d" " -f6`
|
| 135 |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
|
130 |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
|
| 136 |
if [[ $(expr $active_session) -eq 1 ]]
|
131 |
if [[ $(expr $active_session) -eq 1 ]]
|
| 137 |
then
|
132 |
then
|
| 138 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
|
133 |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
|
| 139 |
# on stocke les adresses IP des stations muettes
|
134 |
# on stocke les adresses IP des stations muettes
|
| 140 |
if [[ $(expr $arp_reply) -eq 0 ]]
|
135 |
if [[ $(expr $arp_reply) -eq 0 ]]
|
| 141 |
then
|
136 |
then
|
| 142 |
echo "$active_ip $active_mac" >> $tmp_file
|
137 |
echo "$active_ip $active_mac $active_user" >> $tmp_file
|
| 143 |
fi
|
138 |
fi
|
| 144 |
# on deconnecte l'usager d'une stations usurpée (@MAC)
|
139 |
# on deconnecte l'usager d'une stations usurpée (@MAC)
|
| 145 |
if [[ $(expr $arp_reply) -gt 2 ]]
|
140 |
if [[ $(expr $arp_reply) -gt 2 ]]
|
| 146 |
then
|
141 |
then
|
| - |
|
142 |
echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
|
| 147 |
logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."
|
143 |
logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
|
| 148 |
/usr/sbin/chilli_query logout $active_mac
|
144 |
/usr/sbin/chilli_query logout $active_mac
|
| 149 |
fi
|
145 |
fi
|
| 150 |
fi
|
146 |
fi
|
| 151 |
done
|
147 |
done
|
| 152 |
;;
|
148 |
;;
|