Subversion Repositories ALCASAR

Rev

Rev 1154 | Rev 1165 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 1154 Rev 1157
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-watchdog.sh 1154 2013-07-15 14:27:10Z crox53 $
2
# $Id: alcasar-watchdog.sh 1157 2013-07-16 10:48:11Z stephane $
3
 
3
 
4
# alcasar-watchdog.sh
4
# alcasar-watchdog.sh
5
# by Rexy
5
# by Rexy
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
-
 
8
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
7
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
9
# il déconnecte les usagers dont
8
# il déconnecte les usagers dont
10
# - les équipements réseau ne répondent plus
9
# - les équipements réseau ne répondent plus
11
# - les adresses MAC sont usurpées
10
# - les adresses MAC sont usurpées
12
# This script tells users that Internet access is down
11
# This script tells users that Internet access is down
13
# it logs out users whose 
12
# it logs out users whose 
14
# - PCs are quiet
13
# - PCs are quiet
15
# - MAC address are in used by other systems (usurped)
14
# - MAC address is used by other systems (usurped)
16
 
15
 
17
EXTIF="eth0"
16
EXTIF="eth0"
18
INTIF="eth1"
17
INTIF="eth1"
19
conf_file="/usr/local/etc/alcasar.conf"
18
conf_file="/usr/local/etc/alcasar.conf"
20
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
19
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
21
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
20
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
22
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
21
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1`      # @ip du portail (côté LAN)
-
 
22
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
23
tmp_file="/tmp/watchdog.txt"
23
tmp_file="/tmp/watchdog.txt"
24
DIR_WEB="/var/www/html"
24
DIR_WEB="/var/www/html"
25
Index_Page="$DIR_WEB/index.php"
25
Index_Page="$DIR_WEB/index.php"
26
OLDIFS=$IFS
26
OLDIFS=$IFS
27
IFS=$'\n'
27
IFS=$'\n'
28
 
28
 
29
function lan_down_alert ()
29
function lan_down_alert ()
30
# users are redirected on ALCASAR IP address if LAN Pb detected
30
# users are redirected on ALCASAR IP address if a LAN problem is detected
31
{
31
{
32
	case $LAN_DOWN in
32
	case $LAN_DOWN in
33
	"1")
33
	"1")
34
		logger "eth0 link down"
34
		logger "eth0 link down"
35
		echo "eth0 is down"
35
		echo "eth0 is down"
Line 40... Line 40...
40
		echo "can't contact the default router"
40
		echo "can't contact the default router"
41
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
41
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
42
		;;
42
		;;
43
	esac
43
	esac
44
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
44
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
45
	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
45
	if [ $net_pb = "0" ] # user alert
46
		then
46
		then
47
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
47
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
48
		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
48
		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
49
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
49
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
50
		/etc/init.d/dnsmasq restart
50
		/etc/init.d/dnsmasq restart
Line 121... Line 121...
121
					/usr/sbin/chilli_query dhcp-release $noresponse_mac  # release dhcp for mac_auth equipment 
121
					/usr/sbin/chilli_query dhcp-release $noresponse_mac  # release dhcp for mac_auth equipment 
122
				fi
122
				fi
123
			done
123
			done
124
			rm $tmp_file
124
			rm $tmp_file
125
		fi
125
		fi
126
# on traite chaque équipements connus de chilli
126
# process each equipment known by chilli
127
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
127
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
128
		do
128
		do
129
			active_ip=`echo $system |cut -d" " -f2`
129
			active_ip=`echo $system |cut -d" " -f2`
130
			active_session=`echo $system |cut -d" " -f5`
130
			active_session=`echo $system |cut -d" " -f5`
131
			active_mac=`echo $system | cut -d" " -f1`
131
			active_mac=`echo $system | cut -d" " -f1`
132
			active_user=`echo $system |cut -d" " -f6`
132
			active_user=`echo $system |cut -d" " -f6`
133
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
133
# process only equipment with an authenticated user
134
			if [[ $(expr $active_session) -eq 1 ]]
134
			if [[ $(expr $active_session) -eq 1 ]]
135
				then
135
			then
136
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
136
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
137
# on stocke les adresses IP des stations muettes
137
# store @IP of quiet equipments
138
				if [[ $(expr $arp_reply) -eq 0 ]]
138
				if [[ $(expr $arp_reply) -eq 0 ]]
139
	       				then
139
	       				then
-
 
140
					PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$'
-
 
141
					if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments
-
 
142
					then
140
					echo "$active_ip $active_mac $active_user" >> $tmp_file
143
						echo "$active_ip $active_mac $active_user" >> $tmp_file
141
				fi
144
					fi
-
 
145
				fi
142
# on deconnecte l'usager d'une stations usurpée (@MAC)
146
# disconnect users whose equipement is usurped (@MAC)
143
				if [[ $(expr $arp_reply) -gt 2 ]]
147
				if [[ $(expr $arp_reply) -gt 2 ]]
144
	       				then
148
	       				then
145
					echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
149
					echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
146
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
150
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
147
					/usr/sbin/chilli_query logout $active_mac
151
					/usr/sbin/chilli_query logout $active_mac