| Line 2... |
Line 2... |
| 2 |
# $Id: alcasar-watchdog-hl/sh 2113 2017-01-08 22:43:26Z richard $
|
2 |
# $Id: alcasar-watchdog-hl/sh 2113 2017-01-08 22:43:26Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-watchdog-hl.sh
|
4 |
# alcasar-watchdog-hl.sh
|
| 5 |
# by 3abtux
|
5 |
# by 3abtux
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# - Ce script déconnecte les équipements réseau qui sont identifiés en 0.0.0.0
|
7 |
# - Ce script déconnecte les équipements réseau qui sont identifiés en 0.0.0.0 (lancé optionnellement par cron dans /etc/cron.d/alcasar-watchdog)
|
| 8 |
|
- |
|
| 9 |
# - This script disconnects the network equipments which are identified in 0.0.0.0
|
8 |
# - This script disconnects the network equipments which are identified in 0.0.0.0 (optionally run by cron in /etc/cron.d/alcasar-watchdog)
|
| 10 |
|
- |
|
| 11 |
|
- |
|
| 12 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
- |
|
| 13 |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
|
- |
|
| 14 |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
|
- |
|
| 15 |
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
|
- |
|
| 16 |
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
|
- |
|
| 17 |
PRIVATE_IP="192.168.180.1"
|
- |
|
| 18 |
|
9 |
|
| 19 |
OLDIFS=$IFS
|
10 |
OLDIFS=$IFS
|
| 20 |
IFS=$'\n'
|
11 |
IFS=$'\n'
|
| 21 |
|
12 |
|
| 22 |
|
- |
|
| 23 |
usage="Usage: alcasar-watchdog-hl.sh "
|
13 |
usage="Usage: alcasar-watchdog-hl.sh "
|
| 24 |
case $1 in
|
14 |
case $1 in
|
| 25 |
-\? | -h* | --h*)
|
15 |
-\? | -h* | --h*)
|
| 26 |
echo "$usage"
|
16 |
echo "$usage"
|
| 27 |
exit 0
|
17 |
exit 0
|
| 28 |
;;
|
18 |
;;
|
| 29 |
*)
|
19 |
*)
|
| 30 |
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
|
- |
|
| 31 |
# process each equipment known by chilli to check if IP address is usurped (with arping)
|
20 |
# searching for 0.0.0.0 IP
|
| 32 |
for system in `/usr/sbin/chilli_query list |grep "0\.0\.0\.0 dnat"`
|
21 |
for system in `/usr/sbin/chilli_query list |grep "0\.0\.0\.0 dnat"`
|
| 33 |
do
|
22 |
do
|
| 34 |
active_mac=`echo $system | cut -d" " -f1`
|
23 |
active_mac=`echo $system | cut -d" " -f1`
|
| 35 |
# echo "$active_mac associe à 0.0.0.0"
|
- |
|
| 36 |
# disconnect equipement is 0.0.0.0
|
- |
|
| 37 |
echo "$(date "+[%x-%X] : ")alcasar-watchdog-hl : $active_mac is in bad lan. Alcasar release the equipment." >> /var/Save/security/watchdog-hl.log
|
24 |
echo "$(date "+[%x-%X] : ")alcasar-watchdog-hl : $active_mac has 0.0.0.0 IP address. Alcasar release the equipment." >> /var/Save/security/watchdog-hl.log
|
| 38 |
/usr/sbin/chilli_query dhcp-release $active_mac
|
25 |
/usr/sbin/chilli_query dhcp-release $active_mac
|
| 39 |
done
|
26 |
done
|
| 40 |
# /usr/sbin/chilli_query list |grep "0\.0\.0\.0 dnat"
|
- |
|
| 41 |
;;
|
27 |
;;
|
| 42 |
esac
|
28 |
esac
|
| 43 |
IFS=$OLDIFS
|
29 |
IFS=$OLDIFS
|