WebSVN – ALCASAR – Diff – /scripts/alcasar-watchdog.sh


#!/bin/bash
# $Id: alcasar-watchdog.sh 3190 2024-04-07 22:35:03Z rexy $
 
# alcasar-watchdog.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé)
# - Il deconnecte les usagers dont les adresses MAC sont usurpées
#
# - This script tells users that Internet access is down
# - It logs out users whose PCs are quiet (their status tab is closed)
# - It logs out users whose MAC address is used by other systems (usurped)
 
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`			# EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`			# INTernal InterFace
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask |cut -d"/" -f1`
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
current_users_file="/tmp/current_users.txt"		# file containing active users with their "status.php" tab open
DIR_WEB="/var/www/html"
Index_Page="$DIR_WEB/index.php"
IPTABLES="/sbin/iptables"
TUNIF="tun0"							# listen device for chilli daemon
OLDIFS=$IFS
IFS=$'\n'
 
function lan_down_alert ()
# users are redirected on ALCASAR IP address if a LAN problem is detected
{
	case $LAN_DOWN in
	"1")
		logger -t alcasar-watchdog "$EXTIF (WAN card) link down"
		echo "$EXTIF (WAN card) link down"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page
		;;
	"2")
		logger -t alcasar-watchdog "can't contact the default router"
		echo "can't contact the default router"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
		;;
	"3")
		logger -t alcasar-watchdog "can't resolv DNS queries"
		echo "can't resolv DNS queries"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page
		;;
	esac
	net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
	if [ $net_pb = "0" ] # if previously up
		then
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page
		$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
	fi
}
 
function lan_test ()
# LAN connectiivity testing
{
	watchdog_process=`ps -C alcasar-watchdog.sh|wc -l`
	if [[ $(expr $watchdog_process) -gt 3 ]]
		then
		echo "ALCASAR watchdog is already running"
		exit 0
	fi
	# EXTIF testing
	LAN_DOWN="0"
	if [ `/sbin/ip link | grep $EXTIF|grep "NO-CARRIER" | wc -l` -eq "1" ]
		then
		LAN_DOWN="1"
	fi
	# Default GW testing
	if [ $LAN_DOWN -eq "0" ]
		then
		GW_EXIST=`/sbin/ip route list|grep ^default|wc -l`
		if [ $GW_EXIST -eq "0" ] # no GW defined !
			then
			systemctl restart network
		else
			if [ "$MULTIWAN" == "off" ] || [ "$MULTIWAN" == "Off" ]
				then
				IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
				arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
				if [ $arp_reply -eq "0" ]
					then
					LAN_DOWN="2"
				fi
			fi
		fi
	fi
	# DNS request testing (twice)
	if [ $LAN_DOWN -eq "0" ]
		then
			dns_reply=`/usr/bin/host -W1 www.free.fr|grep SERVFAIL|wc -l`
			if [ $dns_reply -eq "1" ]
				then
				dns_reply=`/usr/bin/host -W1 www.startpage.com|grep SERVFAIL|wc -l`
				if [ $dns_reply -eq "1" ]
					then LAN_DOWN="3"
				fi
			fi
	fi
	# if LAN pb detected, users are warned
	if [ $LAN_DOWN != "0" ]
		then
			lan_down_alert
	# else switch in normal mode
	else
		echo "Internet access is OK for now"
		net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
		if [ $net_pb != "0" ] # if already down
			then
			/bin/sed -i "s?^\$network_pb.*?\$network_pb = false;?g" $Index_Page
			$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
		fi
	fi
}
 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test | --disconnect-permanent-users}"
case $1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
	;;
	-lt | --lan_test)
		lan_test
		exit 0
	;;
	--disconnect-permanent-users)
		/bin/sed -i '/PERM/d' $current_users_file
		exit 0
	;;
	*)
		lan_test
		# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
		# process each equipment known by chilli
		for system in `/usr/sbin/chilli_query list | grep -v "0\.0\.0\.0"`
		do
			active_ip=`echo $system |cut -d" " -f2`
			active_session=`echo $system |cut -d" " -f5`
			active_mac=`echo $system | cut -d" " -f1`
			active_user=`echo $system |cut -d" " -f6`
			# We check if the user isn't an auth @MAC and if he is still connected
			if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then
				if [ -e $current_users_file ]; then
					# We check if user @IP is in 'current_users.txt'
					cmp_user_ok=$(cat $current_users_file | awk -F':' "\$1 == \"$active_ip\" {print \$2}")
					# If not we disconnect this user.
					if [ -z "$cmp_user_ok" ]; then
						logger -t alcasar-watchdog "$active_ip ($active_mac) doesn't contact ALCASAR any more. We disconnects the user ($active_user)."
						/usr/sbin/chilli_query logout $active_mac
					elif [ "$cmp_user_ok" == "TEMP" ]; then
						# Remove the user's IP from 'current_users.txt'. Every user status page need to insert their @IP everytime to prove their connectivity.
						# We don't disconnect when $cmp_user_ok == "PERM" (status page not needed)
						sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file
					fi
				else # "current_user.txt" does not exists. We disconnect every users.
					logger -t alcasar-watchdog "The file /tmp/current_users.txt doesn't' exist. We disconnects the user $active_user"
					/usr/sbin/chilli_query logout $active_mac
				fi
			fi
			# IP usurpation test : process only equipment with an authenticated user
			if [[ $(expr $active_session) -eq 1 ]]
			then
				arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
				# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
				if [[ $(expr $arp_reply) -gt 1 ]]
					then 
					echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log
					logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."
					/usr/sbin/chilli_query logout $active_mac
					chmod 644 /var/Save/security/watchdog.log
				fi
			fi
		done
	;;
esac
IFS=$OLDIFS
 

Rev 3008	Rev 3190
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-watchdog.sh 3008 2022-05-06 17:22:52Z rexy $`	2	`# $Id: alcasar-watchdog.sh 3190 2024-04-07 22:35:03Z rexy $`
3		3
4	`# alcasar-watchdog.sh`	4	`# alcasar-watchdog.sh`
5	`# by Rexy`	5	`# by Rexy`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet`	7	`# - Ce script prévient les usagers de l'indisponibilité de l'accès Internet`
8	`# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé)`	8	`# - Il déconnecte les usagers dont les équipements réseau ne répondent plus (leur onglet 'status.php' a été fermé)`
9	`# - Il deconnecte les usagers dont les adresses MAC sont usurpées`	9	`# - Il deconnecte les usagers dont les adresses MAC sont usurpées`
10	`#`	10	`#`
11	`# - This script tells users that Internet access is down`	11	`# - This script tells users that Internet access is down`
12	`# - It logs out users whose PCs are quiet (their status tab is closed)`	12	`# - It logs out users whose PCs are quiet (their status tab is closed)`
13	`# - It logs out users whose MAC address is used by other systems (usurped)`	13	`# - It logs out users whose MAC address is used by other systems (usurped)`
14		14
15	`CONF_FILE="/usr/local/etc/alcasar.conf"`	15	`CONF_FILE="/usr/local/etc/alcasar.conf"`
16	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2` # EXTernal InterFace	16	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2` # EXTernal InterFace
17	INTIF=`grep ^INTIF= $CONF_FILE\|cut -d"=" -f2` # INTernal InterFace	17	INTIF=`grep ^INTIF= $CONF_FILE\|cut -d"=" -f2` # INTernal InterFace
18	private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	18	private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
19	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`	19	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`
20	PRIVATE_IP=`echo $private_ip_mask \|cut -d"/" -f1`	20	PRIVATE_IP=`echo $private_ip_mask \|cut -d"/" -f1`
21	`PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}`	21	`PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}`
22	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE\|cut -d"=" -f2`	22	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE\|cut -d"=" -f2`
23	`current_users_file="/tmp/current_users.txt" # file containing active users with their "status.php" tab open`	23	`current_users_file="/tmp/current_users.txt" # file containing active users with their "status.php" tab open`
24	`DIR_WEB="/var/www/html"`	24	`DIR_WEB="/var/www/html"`
25	`Index_Page="$DIR_WEB/index.php"`	25	`Index_Page="$DIR_WEB/index.php"`
26	`IPTABLES="/sbin/iptables"`	26	`IPTABLES="/sbin/iptables"`
27	`TUNIF="tun0" # listen device for chilli daemon`	27	`TUNIF="tun0" # listen device for chilli daemon`
28	`OLDIFS=$IFS`	28	`OLDIFS=$IFS`
29	`IFS=$'\n'`	29	`IFS=$'\n'`
30		30
31	`function lan_down_alert ()`	31	`function lan_down_alert ()`
32	`# users are redirected on ALCASAR IP address if a LAN problem is detected`	32	`# users are redirected on ALCASAR IP address if a LAN problem is detected`
33	`{`	33	`{`
34	`case $LAN_DOWN in`	34	`case $LAN_DOWN in`
35	`"1")`	35	`"1")`
36	`logger -t alcasar-watchdog "$EXTIF (WAN card) link down"`	36	`logger -t alcasar-watchdog "$EXTIF (WAN card) link down"`
37	`echo "$EXTIF (WAN card) link down"`	37	`echo "$EXTIF (WAN card) link down"`
38	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page`	38	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page`
39	`;;`	39	`;;`
40	`"2")`	40	`"2")`
41	`logger -t alcasar-watchdog "can't contact the default router"`	41	`logger -t alcasar-watchdog "can't contact the default router"`
42	`echo "can't contact the default router"`	42	`echo "can't contact the default router"`
43	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`	43	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`
44	`;;`	44	`;;`
45	`"3")`	45	`"3")`
46	`logger -t alcasar-watchdog "can't resolv DNS queries"`	46	`logger -t alcasar-watchdog "can't resolv DNS queries"`
47	`echo "can't resolv DNS queries"`	47	`echo "can't resolv DNS queries"`
48	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page`	48	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't resolv DNS queries\";?g" $Index_Page`
49	`;;`	49	`;;`
50	`esac`	50	`esac`
51	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`	51	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`
52	`if [ $net_pb = "0" ] # if previously up`	52	`if [ $net_pb = "0" ] # if previously up`
53	`then`	53	`then`
54	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page`	54	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page`
55	`$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`	55	`$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`
56	`fi`	56	`fi`
57	`}`	57	`}`
58		58
59	`function lan_test ()`	59	`function lan_test ()`
60	`# LAN connectiivity testing`	60	`# LAN connectiivity testing`
61	`{`	61	`{`
62	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`	62	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`
63	`if [[ $(expr $watchdog_process) -gt 3 ]]`	63	`if [[ $(expr $watchdog_process) -gt 3 ]]`
64	`then`	64	`then`
65	`echo "ALCASAR watchdog is already running"`	65	`echo "ALCASAR watchdog is already running"`
66	`exit 0`	66	`exit 0`
67	`fi`	67	`fi`
68	`# EXTIF testing`	68	`# EXTIF testing`
69	`LAN_DOWN="0"`	69	`LAN_DOWN="0"`
70	if [ `/sbin/ip link \| grep $EXTIF\|grep "NO-CARRIER" \| wc -l` -eq "1" ]	70	if [ `/sbin/ip link \| grep $EXTIF\|grep "NO-CARRIER" \| wc -l` -eq "1" ]
71	`then`	71	`then`
72	`LAN_DOWN="1"`	72	`LAN_DOWN="1"`
73	`fi`	73	`fi`
74	`# Default GW testing`	74	`# Default GW testing`
75	`if [ $LAN_DOWN -eq "0" ]`	75	`if [ $LAN_DOWN -eq "0" ]`
76	`then`	76	`then`
77	GW_EXIST=`/sbin/ip route list\|grep ^default\|wc -l`	77	GW_EXIST=`/sbin/ip route list\|grep ^default\|wc -l`
78	`if [ $GW_EXIST -eq "0" ] # no GW defined !`	78	`if [ $GW_EXIST -eq "0" ] # no GW defined !`
79	`then`	79	`then`
80	`systemctl restart network`	80	`systemctl restart network`
81	`else`	81	`else`
82	`if [ "$MULTIWAN" == "off" ] \|\| [ "$MULTIWAN" == "Off" ]`	82	`if [ "$MULTIWAN" == "off" ] \|\| [ "$MULTIWAN" == "Off" ]`
83	`then`	83	`then`
84	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`	84	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`
85	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`	85	arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`
86	`if [ $arp_reply -eq "0" ]`	86	`if [ $arp_reply -eq "0" ]`
87	`then`	87	`then`
88	`LAN_DOWN="2"`	88	`LAN_DOWN="2"`
89	`fi`	89	`fi`
90	`fi`	90	`fi`
91	`fi`	91	`fi`
92	`fi`	92	`fi`
93	`# DNS request testing (twice)`	93	`# DNS request testing (twice)`
94	`if [ $LAN_DOWN -eq "0" ]`	94	`if [ $LAN_DOWN -eq "0" ]`
95	`then`	95	`then`
96	dns_reply=`/usr/bin/host -W1 www.free.fr\|grep SERVFAIL\|wc -l`	96	dns_reply=`/usr/bin/host -W1 www.free.fr\|grep SERVFAIL\|wc -l`
97	`if [ $dns_reply -eq "1" ]`	97	`if [ $dns_reply -eq "1" ]`
98	`then`	98	`then`
99	dns_reply=`/usr/bin/host -W1 www.startpage.com\|grep SERVFAIL\|wc -l`	99	dns_reply=`/usr/bin/host -W1 www.startpage.com\|grep SERVFAIL\|wc -l`
100	`if [ $dns_reply -eq "1" ]`	100	`if [ $dns_reply -eq "1" ]`
101	`then LAN_DOWN="3"`	101	`then LAN_DOWN="3"`
102	`fi`	102	`fi`
103	`fi`	103	`fi`
104	`fi`	104	`fi`
105	`# if LAN pb detected, users are warned`	105	`# if LAN pb detected, users are warned`
106	`if [ $LAN_DOWN != "0" ]`	106	`if [ $LAN_DOWN != "0" ]`
107	`then`	107	`then`
108	`lan_down_alert`	108	`lan_down_alert`
109	`# else switch in normal mode`	109	`# else switch in normal mode`
110	`else`	110	`else`
111	`echo "Internet access is OK for now"`	111	`echo "Internet access is OK for now"`
112	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`	112	net_pb=`grep "network_pb = true;" $Index_Page\|wc -l`
113	`if [ $net_pb != "0" ] # if already down`	113	`if [ $net_pb != "0" ] # if already down`
114	`then`	114	`then`
115	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = false;?g" $Index_Page`	115	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = false;?g" $Index_Page`
116	`$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`	116	`$IPTABLES -D PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56`
117	`fi`	117	`fi`
118	`fi`	118	`fi`
119	`}`	119	`}`
120		120
121	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test \| --disconnect-permanent-users}"`	121	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test \| --disconnect-permanent-users}"`
122	`case $1 in`	122	`case $1 in`
123	`-\? \| -h* \| --h*)`	123	`-\? \| -h* \| --h*)`
124	`echo "$usage"`	124	`echo "$usage"`
125	`exit 0`	125	`exit 0`
126	`;;`	126	`;;`
127	`-lt \| --lan_test)`	127	`-lt \| --lan_test)`
128	`lan_test`	128	`lan_test`
129	`exit 0`	129	`exit 0`
130	`;;`	130	`;;`
131	`--disconnect-permanent-users)`	131	`--disconnect-permanent-users)`
132	`/bin/sed -i '/PERM/d' $current_users_file`	132	`/bin/sed -i '/PERM/d' $current_users_file`
133	`exit 0`	133	`exit 0`
134	`;;`	134	`;;`
135	`*)`	135	`*)`
136	`lan_test`	136	`lan_test`
137	`# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)`	137	`# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)`
138	`# process each equipment known by chilli`	138	`# process each equipment known by chilli`
139	for system in `/usr/sbin/chilli_query list \| grep -v "0\.0\.0\.0"`	139	for system in `/usr/sbin/chilli_query list \| grep -v "0\.0\.0\.0"`
140	`do`	140	`do`
141	active_ip=`echo $system \|cut -d" " -f2`	141	active_ip=`echo $system \|cut -d" " -f2`
142	active_session=`echo $system \|cut -d" " -f5`	142	active_session=`echo $system \|cut -d" " -f5`
143	active_mac=`echo $system \| cut -d" " -f1`	143	active_mac=`echo $system \| cut -d" " -f1`
144	active_user=`echo $system \|cut -d" " -f6`	144	active_user=`echo $system \|cut -d" " -f6`
145	`# We check if the user isn't an auth @MAC and if he is still connected`	145	`# We check if the user isn't an auth @MAC and if he is still connected`
146	`if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then`	146	`if [ "$active_user" != "$active_mac" ] && [ $(expr $active_session) -eq 1 ]; then`
147	`if [ -e $current_users_file ]; then`	147	`if [ -e $current_users_file ]; then`
148	`# We check if user @IP is in 'current_users.txt'`	148	`# We check if user @IP is in 'current_users.txt'`
149	`cmp_user_ok=$(cat $current_users_file \| awk -F':' "\$1 == \"$active_ip\" {print \$2}")`	149	`cmp_user_ok=$(cat $current_users_file \| awk -F':' "\$1 == \"$active_ip\" {print \$2}")`
150	`# If not we disconnect this user.`	150	`# If not we disconnect this user.`
151	`if [ -z "$cmp_user_ok" ]; then`	151	`if [ -z "$cmp_user_ok" ]; then`
152	`logger -t alcasar-watchdog "$active_ip ($active_mac) doesn't contact ALCASAR any more. We disconnects the user ($active_user)."`	152	`logger -t alcasar-watchdog "$active_ip ($active_mac) doesn't contact ALCASAR any more. We disconnects the user ($active_user)."`
153	`/usr/sbin/chilli_query logout $active_mac`	153	`/usr/sbin/chilli_query logout $active_mac`
154	`elif [ "$cmp_user_ok" == "TEMP" ]; then`	154	`elif [ "$cmp_user_ok" == "TEMP" ]; then`
155	`# Remove the user's IP from 'current_users.txt'. Every user status page need to insert their @IP everytime to prove their connectivity.`	155	`# Remove the user's IP from 'current_users.txt'. Every user status page need to insert their @IP everytime to prove their connectivity.`
156	`# We don't disconnect when $cmp_user_ok == "PERM" (status page not needed)`	156	`# We don't disconnect when $cmp_user_ok == "PERM" (status page not needed)`
157	`sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file`	157	`sed -i "/^$active_ip:$cmp_user_ok\$/d" $current_users_file`
158	`fi`	158	`fi`
159	`else # "current_user.txt" does not exists. We disconnect every users.`	159	`else # "current_user.txt" does not exists. We disconnect every users.`
160	`logger -t alcasar-watchdog "The file /tmp/current_users.txt doesn't' exist. We disconnects the user $active_user"`	160	`logger -t alcasar-watchdog "The file /tmp/current_users.txt doesn't' exist. We disconnects the user $active_user"`
161	`/usr/sbin/chilli_query logout $active_mac`	161	`/usr/sbin/chilli_query logout $active_mac`
162	`fi`	162	`fi`
163	`fi`	163	`fi`
164	`# IP usurpation test : process only equipment with an authenticated user`	164	`# IP usurpation test : process only equipment with an authenticated user`
165	`if [[ $(expr $active_session) -eq 1 ]]`	165	`if [[ $(expr $active_session) -eq 1 ]]`
166	`then`	166	`then`
167	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip\|grep -c "Unicast reply"`	167	arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip\|grep -c "Unicast reply"`
168	`# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.`	168	`# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.`
169	`if [[ $(expr $arp_reply) -gt 1 ]]`	169	`if [[ $(expr $arp_reply) -gt 1 ]]`
170	`then`	170	`then`
171	`echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log`	171	`echo "[$(date +"%Y-%m-%d %H:%M:%S")] : alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/security/watchdog.log`
172	`logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."`	172	`logger -t alcasar-watchdog "$active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)."`
173	`/usr/sbin/chilli_query logout $active_mac`	173	`/usr/sbin/chilli_query logout $active_mac`
174	`chmod 644 /var/Save/security/watchdog.log`	174	`chmod 644 /var/Save/security/watchdog.log`
175	`fi`	175	`fi`
176	`fi`	176	`fi`
177	`done`	177	`done`
178	`;;`	178	`;;`
179	`esac`	179	`esac`
180	`IFS=$OLDIFS`	180	`IFS=$OLDIFS`
181		181

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh – Rev 3008 → 3190