WebSVN – ALCASAR – Diff – /scripts/alcasar-watchdog.sh


#!/bin/bash
# $Id: alcasar-watchdog.sh 3008 2022-05-06 17:22:52Z rexy $
 
# alcasar-watchdog.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé)
# - Il deconnecte les usagers dont les adresses MAC sont usurpées
#
# - This script tells users that Internet access is down
# - It logs out users whose PCs are quiet (their status tab is closed)
# - It logs out users whose MAC address is used by other systems (usurped)
 
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`			# EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`			# INTernal InterFace
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask |cut -d"/" -f1`
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
current_users_file="/tmp/current_users.txt"		# file containing active users with their "status.php" tab open
DIR_WEB="/var/www/html"
Index_Page="$DIR_WEB/index.php"
IPTABLES="/sbin/iptables"
TUNIF="tun0"							# listen device for chilli daemon
OLDIFS=$IFS
IFS=$'\n'
 
function lan_down_alert ()
# users are redirected on ALCASAR IP address if a LAN problem is detected
{
	case $LAN_DOWN in
	"1")
		logger -t alcasar-watchdog "$EXTIF (WAN card) link down"
		echo "$EXTIF (WAN card) link down"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page
		;;
	"2")
		logger -t alcasar-watchdog "can't contact the default router"
		echo "can't contact the default router"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
		;;
	"3")
		logger -t alcasar-watchdog "can't resolv DNS queries"
		echo "can't resolv DNS queries"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page
		;;
	esac
	net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
	if [ $net_pb = "0" ] # if previously up
		then
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page
		$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
	fi
}
 
function lan_test ()
# LAN connectiivity testing
{
	watchdog_process=`ps -C alcasar-watchdog.sh|wc -l`
	if [[ $(expr $watchdog_process) -gt 3 ]]
		then
		echo "ALCASAR watchdog is already running"
		exit 0
	fi
	# EXTIF testing
	LAN_DOWN="0"
	if [ `/sbin/ip link | grep $EXTIF|grep "NO-CARRIER" | wc -l` -eq "1" ]
		then
		LAN_DOWN="1"
	fi
	# Default GW testing
	if [ $LAN_DOWN -eq "0" ]
		then
		GW_EXIST=`/sbin/ip route list|grep ^default|wc -l`
		if [ $GW_EXIST -eq "0" ] # no GW defined !
			then
			systemctl restart network
		else
			if [ "$MULTIWAN" == "off" ] || [ "$MULTIWAN" == "Off" ]
 
 
				then
				IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
				arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
				if [ $arp_reply -eq "0" ]
					then
					LAN_DOWN="2"
				fi
			fi
		fi
	fi
	# DNS request testing (twice)
	if [ $LAN_DOWN -eq "0" ]
		then
			dns_reply=`/usr/bin/host -W1 www.free.fr|grep SERVFAIL|wc -l`
			if [ $dns_reply -eq "1" ]
				then
				dns_reply=`/usr/bin/host -W1 www.startpage.com|grep SERVFAIL|wc -l`
				if [ $dns_reply -eq "1" ]
					then LAN_DOWN="3"
				fi
			fi
	fi
	# if LAN pb detected, users are warned
	if [ $LAN_DOWN != "0" ]
		then
			lan_down_alert
	# else switch in normal mode
	else
		echo "Internet access is OK for now"
		net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
		if [ $net_pb != "0" ] # if already down
			then
			/bin/sed -i "s?^\$network_pb.*?\$network_pb = false;?g" $Index_Page
			$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
		fi
	fi
}
 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test | --disconnect-permanent-users}"
case $1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
	;;
	-lt | --lan_test)
		lan_test
		exit 0
	;;
	--disconnect-permanent-users)
		/bin/sed -i '/PERM/d' $current_users_file
		exit 0
	;;
	*)
		lan_test
		# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
		# process each equipment known by chilli
		for system in `/usr/sbin/chilli_query list | grep -v "0\.0\.0\.0"`
		do
			active_ip=`echo $system |cut -d" " -f2`
			active_session=`echo $system |cut -d" " -f5`
			active_mac=`echo $system | cut -d" " -f1`
			active_user=`echo $system |cut -d" " -f6`
			# We check if the user isn't an auth @MAC and if he is still connected
			if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then
				if [ -e $current_users_file ]; then
					# We check if user @IP is in 'current_users.txt'
					cmp_user_ok=$(cat $current_users_file | awk -F':' "\$1 == \"$active_ip\" {print \$2}")
					# If not we disconnect this user.
					if [ -z "$cmp_user_ok" ]; then
						logger -t alcasar-watchdog "$active_ip ($active_mac) doesn't contact ALCASAR any more. We disconnects the user ($active_user)."
						/usr/sbin/chilli_query logout $active_mac
					elif [ "$cmp_user_ok" == "TEMP" ]; then
						# Remove the user's IP from 'current_users.txt'. Every user status page need to insert their @IP everytime to prove their connectivity.
						# We don't disconnect when $cmp_user_ok == "PERM" (status page not needed)
						sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file
					fi
				else # "current_user.txt" does not exists. We disconnect every users.
					logger -t alcasar-watchdog "The file /tmp/current_users.txt doesn't' exist. We disconnects the user $active_user"
					/usr/sbin/chilli_query logout $active_mac
				fi
			fi
			# IP usurpation test : process only equipment with an authenticated user
			if [[ $(expr $active_session) -eq 1 ]]
			then
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
				# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
				if [[ $(expr $arp_reply) -gt 1 ]]
					then 
					echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
					logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
					/usr/sbin/chilli_query logout $active_mac
					chmod 644 /var/Save/security/watchdog.log
				fi
			fi
		done
	;;
esac
IFS=$OLDIFS
 

Rev 2967	Rev 3008
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-watchdog.sh 2967 2021-07-08 09:47:39Z rexy $`	2	`# $Id: alcasar-watchdog.sh 3008 2022-05-06 17:22:52Z rexy $`
3		3
4	`# alcasar-watchdog.sh`	4	`# alcasar-watchdog.sh`
5	`# by Rexy`	5	`# by Rexy`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet`	7	`# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet`
8	`# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé)`	8	`# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé)`
9	`# - Il deconnecte les usagers dont les adresses MAC sont usurpées`	9	`# - Il deconnecte les usagers dont les adresses MAC sont usurpées`
10	`#`	10	`#`
11	`# - This script tells users that Internet access is down`	11	`# - This script tells users that Internet access is down`
12	`# - It logs out users whose PCs are quiet (their status tab is closed)`	12	`# - It logs out users whose PCs are quiet (their status tab is closed)`
13	`# - It logs out users whose MAC address is used by other systems (usurped)`	13	`# - It logs out users whose MAC address is used by other systems (usurped)`
14		14
15	`CONF_FILE="/usr/local/etc/alcasar.conf"`	15	`CONF_FILE="/usr/local/etc/alcasar.conf"`
16	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2` # EXTernal InterFace	16	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2` # EXTernal InterFace
17	INTIF=`grep ^INTIF= $CONF_FILE\|cut -d"=" -f2` # INTernal InterFace	17	INTIF=`grep ^INTIF= $CONF_FILE\|cut -d"=" -f2` # INTernal InterFace
18	private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	18	private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
19	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`	19	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`
20	PRIVATE_IP=`echo $private_ip_mask \|cut -d"/" -f1`	20	PRIVATE_IP=`echo $private_ip_mask \|cut -d"/" -f1`
21	`PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}`	21	`PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}`
-		22	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE\|cut -d"=" -f2`
22	`current_users_file="/tmp/current_users.txt" # file containing active users with their "status.php" tab open`	23	`current_users_file="/tmp/current_users.txt" # file containing active users with their "status.php" tab open`
23	`DIR_WEB="/var/www/html"`	24	`DIR_WEB="/var/www/html"`
24	`Index_Page="$DIR_WEB/index.php"`	25	`Index_Page="$DIR_WEB/index.php"`
25	`IPTABLES="/sbin/iptables"`	26	`IPTABLES="/sbin/iptables"`
26	`TUNIF="tun0" # listen device for chilli daemon`	27	`TUNIF="tun0" # listen device for chilli daemon`
27	`OLDIFS=$IFS`	28	`OLDIFS=$IFS`
28	`IFS=$'\n'`	29	`IFS=$'\n'`
29		30
30	`function lan_down_alert ()`	31	`function lan_down_alert ()`
31	`# users are redirected on ALCASAR IP address if a LAN problem is detected`	32	`# users are redirected on ALCASAR IP address if a LAN problem is detected`
32	`{`	33	`{`
33	`case $LAN_DOWN in`	34	`case $LAN_DOWN in`
34	`"1")`	35	`"1")`
35	`logger -t alcasar-watchdog "$EXTIF (WAN card) link down"`	36	`logger -t alcasar-watchdog "$EXTIF (WAN card) link down"`
36	`echo "$EXTIF (WAN card) link down"`	37	`echo "$EXTIF (WAN card) link down"`
37	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page`	38	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page`
38	`;;`	39	`;;`
39	`"2")`	40	`"2")`
40	`logger -t alcasar-watchdog "can't contact the default router"`	41	`logger -t alcasar-watchdog "can't contact the default router"`
41	`echo "can't contact the default router"`	42	`echo "can't contact the default router"`
42	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`	43	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`
43	`;;`	44	`;;`
44	`"3")`	45	`"3")`
45	`logger -t alcasar-watchdog "can't resolv DNS queries"`	46	`logger -t alcasar-watchdog "can't resolv DNS queries"`
46	`echo "can't resolv DNS queries"`	47	`echo "can't resolv DNS queries"`
47	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page`	48	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page`
48	`;;`	49	`;;`
49	`esac`	50	`esac`
50	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`	51	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`
51	`if [ $net_pb = "0" ] # user alert (only the first time)`	52	`if [ $net_pb = "0" ] # if previously up`
52	`then`	53	`then`
53	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page`	54	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page`
54	`$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`	55	`$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`
55	`fi`	56	`fi`
56	`}`	57	`}`
57		58
58	`function lan_test ()`	59	`function lan_test ()`
59	`# LAN connectiivity testing`	60	`# LAN connectiivity testing`
60	`{`	61	`{`
61	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`	62	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`
62	`if [[ $(expr $watchdog_process) -gt 3 ]]`	63	`if [[ $(expr $watchdog_process) -gt 3 ]]`
63	`then`	64	`then`
64	`echo "ALCASAR watchdog is already running"`	65	`echo "ALCASAR watchdog is already running"`
65	`exit 0`	66	`exit 0`
66	`fi`	67	`fi`
67	`# EXTIF testing`	68	`# EXTIF testing`
68	`LAN_DOWN="0"`	69	`LAN_DOWN="0"`
69	if [ `/sbin/ip link \| grep $EXTIF\|grep "NO-CARRIER" \| wc -l` -eq "1" ]	70	if [ `/sbin/ip link \| grep $EXTIF\|grep "NO-CARRIER" \| wc -l` -eq "1" ]
70	`then`	71	`then`
71	`LAN_DOWN="1"`	72	`LAN_DOWN="1"`
72	`fi`	73	`fi`
73	`# Default GW testing`	74	`# Default GW testing`
74	`if [ $LAN_DOWN -eq "0" ]`	75	`if [ $LAN_DOWN -eq "0" ]`
75	`then`	76	`then`
76	GW_EXIST=`/sbin/ip route list\|grep ^default\|wc -l`	77	GW_EXIST=`/sbin/ip route list\|grep ^default\|wc -l`
77	`if [ $GW_EXIST -eq "0" ] # no GW defined !`	78	`if [ $GW_EXIST -eq "0" ] # no GW defined !`
78	`then`	79	`then`
79	`systemctl restart network`	80	`systemctl restart network`
80	`else`	81	`else`
81	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`	82	`if [ "$MULTIWAN" == "off" ] \|\| [ "$MULTIWAN" == "Off" ]`
82	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`	-
83	`if [ $arp_reply -eq "0" ]`	-
84	`then`	83	`then`
-		84	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`
-		85	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`
-		86	`if [ $arp_reply -eq "0" ]`
-		87	`then`
85	`LAN_DOWN="2"`	88	`LAN_DOWN="2"`
-		89	`fi`
86	`fi`	90	`fi`
87	`fi`	91	`fi`
88	`fi`	92	`fi`
89	`# DNS request testing (twice)`	93	`# DNS request testing (twice)`
90	`if [ $LAN_DOWN -eq "0" ]`	94	`if [ $LAN_DOWN -eq "0" ]`
91	`then`	95	`then`
92	dns_reply=`/usr/bin/host -W1 www.free.fr\|grep SERVFAIL\|wc -l`	96	dns_reply=`/usr/bin/host -W1 www.free.fr\|grep SERVFAIL\|wc -l`
93	`if [ $dns_reply -eq "1" ]`	97	`if [ $dns_reply -eq "1" ]`
94	`then`	98	`then`
95	dns_reply=`/usr/bin/host -W1 www.startpage.com\|grep SERVFAIL\|wc -l`	99	dns_reply=`/usr/bin/host -W1 www.startpage.com\|grep SERVFAIL\|wc -l`
96	`if [ $dns_reply -eq "1" ]`	100	`if [ $dns_reply -eq "1" ]`
97	`then LAN_DOWN="3"`	101	`then LAN_DOWN="3"`
98	`fi`	102	`fi`
99	`fi`	103	`fi`
100	`fi`	104	`fi`
101	`# if LAN pb detected, users are warned`	105	`# if LAN pb detected, users are warned`
102	`if [ $LAN_DOWN != "0" ]`	106	`if [ $LAN_DOWN != "0" ]`
103	`then`	107	`then`
104	`lan_down_alert`	108	`lan_down_alert`
105	`# else switch in normal mode`	109	`# else switch in normal mode`
106	`else`	110	`else`
107	`echo "Internet access is OK for now"`	111	`echo "Internet access is OK for now"`
108	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`	112	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`
109	`if [ $net_pb != "0" ]`	113	`if [ $net_pb != "0" ] # if already down`
110	`then`	114	`then`
111	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = false;?g" $Index_Page`	115	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = false;?g" $Index_Page`
112	`$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`	116	`$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`
113	`fi`	117	`fi`
114	`fi`	118	`fi`
115	`}`	119	`}`
116		120
117	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test \| --disconnect-permanent-users}"`	121	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test \| --disconnect-permanent-users}"`
118	`case $1 in`	122	`case $1 in`
119	`-\? \| -h* \| --h*)`	123	`-\? \| -h* \| --h*)`
120	`echo "$usage"`	124	`echo "$usage"`
121	`exit 0`	125	`exit 0`
122	`;;`	126	`;;`
123	`-lt \| --lan_test)`	127	`-lt \| --lan_test)`
124	`lan_test`	128	`lan_test`
125	`exit 0`	129	`exit 0`
126	`;;`	130	`;;`
127	`--disconnect-permanent-users)`	131	`--disconnect-permanent-users)`
128	`/bin/sed -i '/PERM/d' $current_users_file`	132	`/bin/sed -i '/PERM/d' $current_users_file`
129	`exit 0`	133	`exit 0`
130	`;;`	134	`;;`
131	`*)`	135	`*)`
132	`lan_test`	136	`lan_test`
133	`# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)`	137	`# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)`
134	`# process each equipment known by chilli`	138	`# process each equipment known by chilli`
135	for system in `/usr/sbin/chilli_query list \| grep -v "0\.0\.0\.0"`	139	for system in `/usr/sbin/chilli_query list \| grep -v "0\.0\.0\.0"`
136	`do`	140	`do`
137	active_ip=`echo $system \|cut -d" " -f2`	141	active_ip=`echo $system \|cut -d" " -f2`
138	active_session=`echo $system \|cut -d" " -f5`	142	active_session=`echo $system \|cut -d" " -f5`
139	active_mac=`echo $system \| cut -d" " -f1`	143	active_mac=`echo $system \| cut -d" " -f1`
140	active_user=`echo $system \|cut -d" " -f6`	144	active_user=`echo $system \|cut -d" " -f6`
141	`# We check if the user isn't an auth @MAC and if he is still connected`	145	`# We check if the user isn't an auth @MAC and if he is still connected`
142	`if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then`	146	`if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then`
143	`if [ -e $current_users_file ]; then`	147	`if [ -e $current_users_file ]; then`
144	`# We check if user @IP is in 'current_users.txt'`	148	`# We check if user @IP is in 'current_users.txt'`
145	`cmp_user_ok=$(cat $current_users_file \| awk -F':' "\$1 == \"$active_ip\" {print \$2}")`	149	`cmp_user_ok=$(cat $current_users_file \| awk -F':' "\$1 == \"$active_ip\" {print \$2}")`
146	`# If not we disconnect this user.`	150	`# If not we disconnect this user.`
147	`if [ -z "$cmp_user_ok" ]; then`	151	`if [ -z "$cmp_user_ok" ]; then`
148	`logger -t alcasar-watchdog "$active_ip ($active_mac) doesn't contact ALCASAR any more. We disconnects the user ($active_user)."`	152	`logger -t alcasar-watchdog "$active_ip ($active_mac) doesn't contact ALCASAR any more. We disconnects the user ($active_user)."`
149	`/usr/sbin/chilli_query logout $active_mac`	153	`/usr/sbin/chilli_query logout $active_mac`
150	`elif [ "$cmp_user_ok" == "TEMP" ]; then`	154	`elif [ "$cmp_user_ok" == "TEMP" ]; then`
151	`# Remove the user's IP from 'current_users.txt'. Every user status page need to insert their @IP everytime to prove their connectivity.`	155	`# Remove the user's IP from 'current_users.txt'. Every user status page need to insert their @IP everytime to prove their connectivity.`
152	`# We don't disconnect when $cmp_user_ok == "PERM" (status page not needed)`	156	`# We don't disconnect when $cmp_user_ok == "PERM" (status page not needed)`
153	`sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file`	157	`sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file`
154	`fi`	158	`fi`
155	`else # "current_user.txt" does not exists. We disconnect every users.`	159	`else # "current_user.txt" does not exists. We disconnect every users.`
156	`logger -t alcasar-watchdog "The file /tmp/current_users.txt doesn't' exist. We disconnects the user $active_user"`	160	`logger -t alcasar-watchdog "The file /tmp/current_users.txt doesn't' exist. We disconnects the user $active_user"`
157	`/usr/sbin/chilli_query logout $active_mac`	161	`/usr/sbin/chilli_query logout $active_mac`
158	`fi`	162	`fi`
159	`fi`	163	`fi`
160	`# IP usurpation test : process only equipment with an authenticated user`	164	`# IP usurpation test : process only equipment with an authenticated user`
161	`if [[ $(expr $active_session) -eq 1 ]]`	165	`if [[ $(expr $active_session) -eq 1 ]]`
162	`then`	166	`then`
163	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip\|grep -c "Unicast reply"`	167	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip\|grep -c "Unicast reply"`
164	`# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.`	168	`# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.`
165	`if [[ $(expr $arp_reply) -gt 1 ]]`	169	`if [[ $(expr $arp_reply) -gt 1 ]]`
166	`then`	170	`then`
167	`echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log`	171	`echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log`
168	`logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."`	172	`logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."`
169	`/usr/sbin/chilli_query logout $active_mac`	173	`/usr/sbin/chilli_query logout $active_mac`
170	`chmod 644 /var/Save/security/watchdog.log`	174	`chmod 644 /var/Save/security/watchdog.log`
171	`fi`	175	`fi`
172	`fi`	176	`fi`
173	`done`	177	`done`
174	`;;`	178	`;;`
175	`esac`	179	`esac`
176	`IFS=$OLDIFS`	180	`IFS=$OLDIFS`
177		181

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh @ 2981 – Rev 2967 → 3008