Subversion Repositories ALCASAR

Rev

Rev 2278 | Rev 2394 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2278 Rev 2376
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-watchdog.sh 2278 2017-06-13 22:04:54Z richard $
2
# $Id: alcasar-watchdog.sh 2376 2017-08-16 18:46:50Z tom.houdayer $
3
 
3
 
4
# alcasar-watchdog.sh
4
# alcasar-watchdog.sh
5
# by Rexy
5
# by Rexy
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet
7
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet
Line 69... Line 69...
69
	if [ $LAN_DOWN -eq "0" ]
69
	if [ $LAN_DOWN -eq "0" ]
70
		then
70
		then
71
		IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
71
		IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
72
		arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
72
		arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
73
		if [ $arp_reply -eq "0" ]
73
		if [ $arp_reply -eq "0" ]
74
	       		then
74
			then
75
			LAN_DOWN="2"
75
			LAN_DOWN="2"
76
		fi
76
		fi
77
	fi
77
	fi
78
	# if LAN pb detected, users are warned
78
	# if LAN pb detected, users are warned
79
	if [ $LAN_DOWN != "0" ]
79
	if [ $LAN_DOWN != "0" ]
Line 114... Line 114...
114
			#We disconnect inactive user here :
114
			#We disconnect inactive user here :
115
			#We check if this is not an auth @MAC and if he is still connected
115
			#We check if this is not an auth @MAC and if he is still connected
116
			if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then
116
			if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then
117
				if [ -e $current_users_file ]; then
117
				if [ -e $current_users_file ]; then
118
					# We check if user @IP is in 'current_users.txt'
118
					# We check if user @IP is in 'current_users.txt'
119
					cmp_user_ok=$(cat $current_users_file | grep $active_ip | wc -w)
119
					cmp_user_ok=$(cat $current_users_file | grep "^$active_ip\$" -c)
120
					# If not we disconnect this user.
120
					# If not we disconnect this user.
121
					if [ $cmp_user_ok -eq 0 ]; then
121
					if [ $cmp_user_ok -eq 0 ]; then
122
						logger "alcasar-watchdog : $active_ip ($active_mac) can't be contact. We disconnects the user ($active_user)."
122
						logger "alcasar-watchdog : $active_ip ($active_mac) can't be contact. We disconnects the user ($active_user)."
123
						/usr/sbin/chilli_query logout $active_mac
123
						/usr/sbin/chilli_query logout $active_mac
-
 
124
					else
-
 
125
						# Remove the user's IP from 'current_users.txt'. Every user need to insert their @IP everytime to prove their connectivity.
-
 
126
						sed -i "/^$active_ip\$/d" $current_users_file
124
					fi
127
					fi
125
					# Remove the user's IP from 'current_users.txt'. Every user need to insert their @IP everytime to prove their connectivity.
-
 
126
					sed -i "/^$active_ip/d" $current_users_file
-
 
127
				else # "current_user.txt" does not exists. We disconnect every users.
128
				else # "current_user.txt" does not exists. We disconnect every users.
128
					logger "alcasar-watchdog : The file /var/tmp/havp/current_users.txt doen't' exist. We disconnects the user $active_user"
129
					logger "alcasar-watchdog : The file /var/tmp/havp/current_users.txt doen't' exist. We disconnects the user $active_user"
129
					/usr/sbin/chilli_query logout $active_mac
130
					/usr/sbin/chilli_query logout $active_mac
130
				fi
131
				fi
131
			fi
132
			fi
Line 133... Line 134...
133
			if [[ $(expr $active_session) -eq 1 ]]
134
			if [[ $(expr $active_session) -eq 1 ]]
134
			then
135
			then
135
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
136
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
136
				# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
137
				# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
137
				if [[ $(expr $arp_reply) -gt 1 ]]
138
				if [[ $(expr $arp_reply) -gt 1 ]]
138
	       				then 
139
					then 
139
					echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
140
					echo "$(date "+[%x-%X] : ")alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
140
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
141
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
141
					/usr/sbin/chilli_query logout $active_mac
142
					/usr/sbin/chilli_query logout $active_mac
142
					chmod 644 /var/Save/security/watchdog.log
143
					chmod 644 /var/Save/security/watchdog.log
143
				fi
144
				fi