Subversion Repositories ALCASAR

Rev

Rev 783 | Rev 786 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
672 richard 1 
#!/bin/bash
64 franck 2 
# $Id: alcasar-watchdog.sh 784 2011-12-18 14:33:56Z richard $
672 richard 3 
 
4 
# alcasar-watchdog.sh
5 
# by Richard REY
6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
308 richard 8 
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
9 
# il déconnecte les usagers dont
376 franck 10 
# - les équipements réseau ne répondent plus
1 root 11 
# - les adresses MAC sont usurpées
308 richard 12 
# This script tells users that Internet access is down
13 
# it logs out users whose
1 root 14 
# - PCs are quiet
15 
# - MAC address are in used by other systems (usurped)
672 richard 16 
 
308 richard 17 
EXTIF="eth0"
1 root 18 
INTIF="eth1"
19 
PRIVATE_IP="192.168.182.1"
20 
tmp_file="/tmp/watchdog.txt"
316 richard 21 
DIR_WEB="/var/www/html"
360 richard 22 
Index_Page="$DIR_WEB/index.php"
597 richard 23 
OLDIFS=$IFS
1 root 24 
IFS=$'\n'
308 richard 25 
 
783 richard 26 
function lan_down_alert ()
27 
# users are redirected on ALCASAR IP address if LAN Pb detected
308 richard 28 
{
783 richard 29 
	case $LAN_DOWN in
308 richard 30 
	"1")
31 
		logger "eth0 link down"
363 richard 32 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page
308 richard 33 
		;;
34 
	"2")
35 
		logger "can't contact the default router"
363 richard 36 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
308 richard 37 
		;;
38 
	esac
520 richard 39 
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
40 
	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
308 richard 41 
		then
360 richard 42 
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
520 richard 43 
		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
44 
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
308 richard 45 
		/etc/init.d/dnsmasq restart
46 
	fi
47 
}
48 
 
783 richard 49 
function lan_test ()
50 
# LAN connectiivity testing
51 
{
784 richard 52 
	watchdog_process=`ps -C alcasar-watchdog.sh|wc -l`
53 
	if [[ $(expr $watchdog_process) -gt 3 ]]
54 
		then
55 
		echo "ALCASAR watchdog is already running"
56 
		exit 0
57 
	fi
783 richard 58 
	# EXTIF testing
59 
	LAN_DOWN="0"
60 
	if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
61 
		then
62 
		LAN_DOWN="1"
308 richard 63 
	fi
783 richard 64 
	# Default GW testing
65 
	if [ $LAN_DOWN -eq "0" ]
308 richard 66 
		then
783 richard 67 
		IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
68 
		arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
69 
		if [ $arp_reply -eq "0" ]
70 
	       		then
71 
			LAN_DOWN="2"
72 
		fi
308 richard 73 
	fi
783 richard 74 
	# if LAN pb detected, users are warned
75 
	if [ $LAN_DOWN != "0" ]
76 
		then
77 
			lan_down_alert
78 
	# else switch in normal mode
79 
	else
80 
		net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
81 
		if [ $net_pb != "0" ]
82 
			then
83 
			/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page
84 
			/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf
85 
			/bin/sed -i "/^address=/d" /etc/dnsmasq.conf
86 
			/etc/init.d/dnsmasq restart
87 
		fi
88 
	fi
89 
}
90 
 
91 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"
92 
case $1 in
93 
	-\? | -h* | --h*)
94 
		echo "$usage"
95 
		exit 0
96 
		;;
97 
	-lt | --lan_test)
98 
		lan_test
99 
		exit 0
100 
		;;
101 
	*)
102 
		lan_test
1 root 103 
# lecture du fichier contenant les adresses IP des stations muettes
783 richard 104 
		if [ -e $tmp_file ]; then
105 
			cat $tmp_file | while read noresponse
106 
			do
107 
				noresponse_ip=`echo $noresponse | cut -d" " -f1`
108 
				noresponse_mac=`echo $noresponse | cut -d" " -f2`
109 
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2`
110 
				if [[ $(expr $arp_reply) -eq 0 ]]
111 
	       				then
112 
					logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."
113 
					/usr/sbin/chilli_query logout $noresponse_mac
114 
				fi
115 
			done
116 
			rm $tmp_file
1 root 117 
		fi
118 
# on traite chaque équipements connus de chilli
783 richard 119 
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
120 
		do
121 
			active_ip=`echo $system |cut -d" " -f2`
122 
			active_session=`echo $system |cut -d" " -f5`
123 
			active_mac=`echo $system | cut -d" " -f1`
109 richard 124 
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
783 richard 125 
			if [[ $(expr $active_session) -eq 1 ]]
126 
				then
127 
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
1 root 128 
# on stocke les adresses IP des stations muettes
783 richard 129 
				if [[ $(expr $arp_reply) -eq 0 ]]
130 
	       				then
131 
					echo "$active_ip $active_mac" >> $tmp_file
132 
				fi
1 root 133 
# on deconnecte l'usager d'une stations usurpée (@MAC)
783 richard 134 
				if [[ $(expr $arp_reply) -gt 2 ]]
135 
	       				then
136 
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."
137 
					/usr/sbin/chilli_query logout $active_mac
138 
				fi
139 
			fi
140 
		done
141 
		;;
142 
esac
597 richard 143 
IFS=$OLDIFS