WebSVN – ALCASAR – Blame – /scripts/alcasar-watchdog.sh

Rev	Author	Line No.	Line
672	richard	1	#!/bin/bash
64	franck	2	# $Id: alcasar-watchdog.sh 790 2012-01-12 23:23:59Z richard $
672	richard	3
		4	# alcasar-watchdog.sh
790	richard	5	# by Rexy
672	richard	6	# This script is distributed under the Gnu General Public License (GPL)
		7
308	richard	8	# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
		9	# il déconnecte les usagers dont
376	franck	10	# - les équipements réseau ne répondent plus
1	root	11	# - les adresses MAC sont usurpées
308	richard	12	# This script tells users that Internet access is down
		13	# it logs out users whose
1	root	14	# - PCs are quiet
		15	# - MAC address are in used by other systems (usurped)
672	richard	16
308	richard	17	EXTIF="eth0"
1	root	18	INTIF="eth1"
786	richard	19	macallowed_file="/usr/local/etc/alcasar-macallowed"
		20	conf_file="/usr/local/etc/alcasar.conf"
		21	private_ip_mask=`grep PRIVATE_IP= $conf_file\|cut -d"=" -f2`
		22	private_ip_mask=${private_ip_mask:=192.168.182.1/24}
		23	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address
1	root	24	tmp_file="/tmp/watchdog.txt"
316	richard	25	DIR_WEB="/var/www/html"
360	richard	26	Index_Page="$DIR_WEB/index.php"
597	richard	27	OLDIFS=$IFS
1	root	28	IFS=$'\n'
308	richard	29
783	richard	30	function lan_down_alert ()
		31	# users are redirected on ALCASAR IP address if LAN Pb detected
308	richard	32	{
783	richard	33	case $LAN_DOWN in
308	richard	34	"1")
		35	logger "eth0 link down"
363	richard	36	/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page
308	richard	37	;;
		38	"2")
		39	logger "can't contact the default router"
363	richard	40	/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
308	richard	41	;;
		42	esac
520	richard	43	net_pb=`cat /etc/dnsmasq.conf\|grep "address=/#/"\|wc -l`
		44	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
308	richard	45	then
360	richard	46	/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
520	richard	47	/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
		48	/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
308	richard	49	/etc/init.d/dnsmasq restart
		50	fi
		51	}
		52
783	richard	53	function lan_test ()
		54	# LAN connectiivity testing
		55	{
784	richard	56	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`
		57	if [[ $(expr $watchdog_process) -gt 3 ]]
		58	then
		59	echo "ALCASAR watchdog is already running"
		60	exit 0
		61	fi
783	richard	62	# EXTIF testing
		63	LAN_DOWN="0"
		64	if [ "`/usr/sbin/ethtool $EXTIF\|grep Link\|cut -d' ' -f3`" != "yes" ]
		65	then
		66	LAN_DOWN="1"
308	richard	67	fi
783	richard	68	# Default GW testing
		69	if [ $LAN_DOWN -eq "0" ]
308	richard	70	then
783	richard	71	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`
		72	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`
		73	if [ $arp_reply -eq "0" ]
		74	then
		75	LAN_DOWN="2"
		76	fi
308	richard	77	fi
783	richard	78	# if LAN pb detected, users are warned
		79	if [ $LAN_DOWN != "0" ]
		80	then
		81	lan_down_alert
		82	# else switch in normal mode
		83	else
		84	net_pb=`cat /etc/dnsmasq.conf\|grep "address=/#/"\|wc -l`
		85	if [ $net_pb != "0" ]
		86	then
		87	/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page
		88	/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf
		89	/bin/sed -i "/^address=/d" /etc/dnsmasq.conf
		90	/etc/init.d/dnsmasq restart
		91	fi
		92	fi
		93	}
		94
		95	usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"
		96	case $1 in
		97	-\? \| -h* \| --h*)
		98	echo "$usage"
		99	exit 0
		100	;;
		101	-lt \| --lan_test)
		102	lan_test
		103	exit 0
		104	;;
		105	*)
		106	lan_test
1	root	107	# lecture du fichier contenant les adresses IP des stations muettes
783	richard	108	if [ -e $tmp_file ]; then
		109	cat $tmp_file \| while read noresponse
		110	do
		111	noresponse_ip=`echo $noresponse \| cut -d" " -f1`
		112	noresponse_mac=`echo $noresponse \| cut -d" " -f2`
787	richard	113	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip\|grep "Unicast reply"\|wc -l`
783	richard	114	if [[ $(expr $arp_reply) -eq 0 ]]
		115	then
786	richard	116	mac_allowed=`cat $macallowed_file \|grep $noresponse_mac \| wc -l`
		117	if [ $mac_allowed -eq 0 ]
		118	then
		119	logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."
		120	/usr/sbin/chilli_query logout $noresponse_mac
		121	else
		122	logger "alcasar-watchdog $noresponse_ip ($noresponse_mac - macallowed) can't be contact. Alcasar release the IP address"
		123	/usr/sbin/chilli_query dhcp-release $noresponse_mac
		124	fi
783	richard	125	fi
		126	done
		127	rm $tmp_file
1	root	128	fi
		129	# on traite chaque équipements connus de chilli
783	richard	130	for system in `/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0"`
		131	do
		132	active_ip=`echo $system \|cut -d" " -f2`
		133	active_session=`echo $system \|cut -d" " -f5`
		134	active_mac=`echo $system \| cut -d" " -f1`
109	richard	135	# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
783	richard	136	if [[ $(expr $active_session) -eq 1 ]]
		137	then
		138	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip\|grep "Unicast reply"\|wc -l`
1	root	139	# on stocke les adresses IP des stations muettes
783	richard	140	if [[ $(expr $arp_reply) -eq 0 ]]
		141	then
		142	echo "$active_ip $active_mac" >> $tmp_file
		143	fi
1	root	144	# on deconnecte l'usager d'une stations usurpée (@MAC)
783	richard	145	if [[ $(expr $arp_reply) -gt 2 ]]
		146	then
		147	logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."
		148	/usr/sbin/chilli_query logout $active_mac
		149	fi
		150	fi
		151	done
		152	;;
		153	esac
597	richard	154	IFS=$OLDIFS

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh @ 2864 – Rev 790