Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2514 → Rev 2516

/scripts/alcasar-watchdog-hl.sh
4,22 → 4,12
# alcasar-watchdog-hl.sh
# by 3abtux
# This script is distributed under the Gnu General Public License (GPL)
# - Ce script déconnecte les équipements réseau qui sont identifiés en 0.0.0.0
# - Ce script déconnecte les équipements réseau qui sont identifiés en 0.0.0.0 (lancé optionnellement par cron dans /etc/cron.d/alcasar-watchdog)
# - This script disconnects the network equipments which are identified in 0.0.0.0 (optionally run by cron in /etc/cron.d/alcasar-watchdog)
 
# - This script disconnects the network equipments which are identified in 0.0.0.0
 
 
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP="192.168.180.1"
 
OLDIFS=$IFS
IFS=$'\n'
 
 
usage="Usage: alcasar-watchdog-hl.sh "
case $1 in
-\? | -h* | --h*)
27,17 → 17,13
exit 0
;;
*)
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
# process each equipment known by chilli to check if IP address is usurped (with arping)
# searching for 0.0.0.0 IP
for system in `/usr/sbin/chilli_query list |grep "0\.0\.0\.0 dnat"`
do
active_mac=`echo $system | cut -d" " -f1`
# echo "$active_mac associe à 0.0.0.0"
# disconnect equipement is 0.0.0.0
echo "$(date "+[%x-%X] : ")alcasar-watchdog-hl : $active_mac is in bad lan. Alcasar release the equipment." >> /var/Save/security/watchdog-hl.log
echo "$(date "+[%x-%X] : ")alcasar-watchdog-hl : $active_mac has 0.0.0.0 IP address. Alcasar release the equipment." >> /var/Save/security/watchdog-hl.log
/usr/sbin/chilli_query dhcp-release $active_mac
done
# /usr/sbin/chilli_query list |grep "0\.0\.0\.0 dnat"
;;
esac
IFS=$OLDIFS
/scripts/alcasar-watchdog.sh
112,7 → 112,7
active_mac=`echo $system | cut -d" " -f1`
active_user=`echo $system |cut -d" " -f6`
# We disconnect inactive user here :
# We check if this is not an auth @MAC and if he is still connected
# We check if the user isn't an auth @MAC and if he is still connected
if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then
if [ -e $current_users_file ]; then
# We check if user @IP is in 'current_users.txt'