| 6,11 → 6,11 |
|---|
| # This script is distributed under the Gnu General Public License (GPL) |
| # Ce script prévient les usagers de l'indisponibilité de l'accès Internet |
| # il déconnecte les usagers dont |
| # - les équipements réseau ne répondent plus |
| # - les équipements réseau ne répondent plus ( si la fenetre status.php a été fermé. Les autorisations par adresse mac sont laissé de côté) |
| # - les adresses MAC sont usurpées |
| # This script tells users that Internet access is down |
| # it logs out users whose |
| # - PCs are quiet |
| # - PCs are quiet (it means that status.php has been closed. We put aside @MAC Authorization ) |
| # - MAC address is used by other systems (usurped) |
| |
| CONF_FILE="/usr/local/etc/alcasar.conf" |
| 21,6 → 21,7 |
|---|
| PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
| PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
| tmp_file="/tmp/watchdog.txt" |
| tmp_users_file="/tmp/current_users.txt" |
| DIR_WEB="/var/www/html" |
| Index_Page="$DIR_WEB/index.php" |
| IPTABLES="/sbin/iptables" |
| 104,7 → 105,7 |
|---|
| ;; |
| *) |
| lan_test |
| # read file that contains IP address of quiet equipments |
| # read file that contains IP address of user who are not in $tmp_users_file (its means that status.php has been closed) |
| if [ -e $tmp_file ]; then |
| cat $tmp_file | while read noresponse |
| do |
| 111,21 → 112,59 |
|---|
| noresponse_ip=`echo $noresponse | cut -d" " -f1` |
| noresponse_mac=`echo $noresponse | cut -d" " -f2` |
| noresponse_user=`echo $noresponse | cut -d" " -f3` |
| arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep "Unicast reply"|wc -l` |
| if [[ $(expr $arp_reply) -eq 0 ]] |
| then |
| #on vide les ip inactifs de l'ipset not_auth_yet |
| ipset del not_auth_yet $noresponse_ip |
| logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)." |
| /usr/sbin/chilli_query logout $noresponse_mac |
| if [[ $noresponse_user == $noresponse_mac ]] # for @mac auth equipments, we must remove the arp entry |
| then /usr/sbin/chilli_query dhcp-release $noresponse_mac |
| data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $noresponse_ip) |
| if [ $(echo $data_users | wc -l) -eq 1 ] #if it still connected ... |
| then |
| if [[ $noresponse_user == $noresponse_mac ]] #we let @mac auth equipments connected |
| then |
| #/usr/sbin/chilli_query dhcp-release $noresponse_mac # for @mac auth equipments, we must remove the arp entry |
| echo "MAC authentification : $noresponse_mac (keep on connection)" |
| else #we disconnect user because status.php has been closed |
| logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user ($noresponse_user)." |
| echo "Disconnect : $noresponse_ip $noresponse_mac $noresponse_user" |
| /usr/sbin/chilli_query logout $noresponse_mac |
| fi |
| fi |
| |
| done |
| rm $tmp_file |
| if [ -e $tmp_users_file ]; then |
| rm $tmp_users_file |
| fi |
| |
| fi |
| # process each equipment known by chilli |
| |
| #this temporary file contains every 'user IP address' which are connected to ALCASAR (status.php still open) |
| if [ -e $tmp_users_file ]; then |
| |
| for ip_user in $(cat $tmp_users_file) |
| do |
| #Check if user is still connected |
| data_user=$(/usr/sbin/chilli_query list | grep -v "\.0\.0\.0" | awk '$5 == 1' | grep $ip_user) |
| if [ $(echo $data_users | wc -l) -eq 0 ] #if user not in the file $tmp_users_file (it means that status.php has been closed) |
| then |
| #save info in tmp_file |
| active_ip=`echo $data_user |cut -d" " -f2` |
| active_mac=`echo $data_user | cut -d" " -f1` |
| active_user=`echo $data_user |cut -d" " -f6` |
| |
| echo "$active_ip $active_mac $active_user" >> $tmp_file #save info for next time, user will be disconnected. |
| fi |
| done |
| rm $tmp_users_file |
| else |
| for system in $(/usr/sbin/chilli_query list |grep -v "\.0\.0\.0" | awk '$5 == 1') |
| do |
| #disconnect all users |
| active_ip=`echo $system |cut -d" " -f2` |
| active_mac=`echo $system | cut -d" " -f1` |
| active_user=`echo $system |cut -d" " -f6` |
| echo "$active_ip $active_mac $active_user" >> $tmp_file |
| done |
| fi |
| |
| |
| # process each equipment known by chilli to check if any equipment is usurped (@MAC) |
| for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
| do |
| active_ip=`echo $system |cut -d" " -f2` |
| 132,17 → 171,11 |
|---|
| active_session=`echo $system |cut -d" " -f5` |
| active_mac=`echo $system | cut -d" " -f1` |
| active_user=`echo $system |cut -d" " -f6` |
| # process only equipment with an authenticated user |
| # process only equipment with an authenticated user |
| if [[ $(expr $active_session) -eq 1 ]] |
| then |
| arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
| # store @IP of quiet equipments |
| if [[ $(expr $arp_reply) -eq 0 ]] |
| then |
| echo "$active_ip $active_mac $active_user" >> $tmp_file |
| |
| fi |
| # disconnect users whose equipement is usurped (@MAC) |
| # disconnect users whose equipement is usurped (@MAC). For example, if there are 2 same @MAC it will make 3 lines in output. |
| if [[ $(expr $arp_reply) -gt 2 ]] |
| then |
| echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log |