WebSVN – ALCASAR – Diff – /scripts/alcasar-watchdog.sh

 #!/bin/bash
-# $Id: alcasar-watchdog.sh 1139 2013-06-28 04:30:02Z franck $
+# $Id: alcasar-watchdog.sh 1154 2013-07-15 14:27:10Z crox53 $
 # alcasar-watchdog.sh
 # by Rexy
 # This script is distributed under the Gnu General Public License (GPL)
 # Ce script prévient les usagers de l'indisponibilité de l'accès Internet
 # il déconnecte les usagers dont
 # - les équipements réseau ne répondent plus
 # - les adresses MAC sont usurpées
 # This script tells users that Internet access is down
 # it logs out users whose
 # - PCs are quiet
-# - MAC address is used by other systems (usurped)
+# - MAC address are in used by other systems (usurped)
 EXTIF="eth0"
 INTIF="eth1"
 conf_file="/usr/local/etc/alcasar.conf"
 private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
 private_ip_mask=${private_ip_mask:=192.168.182.1/24}
-PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
+PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
-PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
 tmp_file="/tmp/watchdog.txt"
 DIR_WEB="/var/www/html"
 Index_Page="$DIR_WEB/index.php"
 OLDIFS=$IFS
 IFS=$'\n'
 function lan_down_alert ()
-# users are redirected on ALCASAR IP address if a LAN problem is detected
+# users are redirected on ALCASAR IP address if LAN Pb detected
+{
 	case $LAN_DOWN in
 	"1")
 		logger "eth0 link down"
 		echo "eth0 is down"
 		echo "can't contact the default router"
 		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
 		;;
 	esac
 	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
-	if [ $net_pb = "0" ] # user alert
+	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
 		then
 		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
 		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
 		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
 		/etc/init.d/dnsmasq restart
 					/usr/sbin/chilli_query dhcp-release $noresponse_mac  # release dhcp for mac_auth equipment
 				fi
 			done
 			rm $tmp_file
 		fi
-# process each equipment known by chilli
+# on traite chaque équipements connus de chilli
 		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
 		do
 			active_ip=`echo $system |cut -d" " -f2`
 			active_session=`echo $system |cut -d" " -f5`
 			active_mac=`echo $system | cut -d" " -f1`
 			active_user=`echo $system |cut -d" " -f6`
-# process only equipment with an authenticated user
+# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
 			if [[ $(expr $active_session) -eq 1 ]]
-			then
+				then
 				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
-# store @IP of quiet equipments
+# on stocke les adresses IP des stations muettes
 				if [[ $(expr $arp_reply) -eq 0 ]]
 	       				then
-					PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$'
-					if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments
-					then
-						echo "$active_ip $active_mac $active_user" >> $tmp_file
+					echo "$active_ip $active_mac $active_user" >> $tmp_file
-					fi
 				fi
-# disconnect users whose equipement is usurped (@MAC)
+# on deconnecte l'usager d'une stations usurpée (@MAC)
 				if [[ $(expr $arp_reply) -gt 2 ]]
 	       				then
 					echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
 					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
 					/usr/sbin/chilli_query logout $active_mac

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh – Rev 1139 → 1154