Subversion Repositories ALCASAR

Rev

Rev 771 | Rev 784 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 771 Rev 783
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-watchdog.sh 771 2011-11-16 21:20:42Z richard $
 2 
# $Id: alcasar-watchdog.sh 783 2011-12-17 14:24:08Z richard $
3 
 
 3 
 
4 
# alcasar-watchdog.sh
 4 
# alcasar-watchdog.sh
5 
# by Richard REY
 5 
# by Richard REY
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
Line 21... Line 21...
21 
DIR_WEB="/var/www/html"
 21 
DIR_WEB="/var/www/html"
22 
Index_Page="$DIR_WEB/index.php"
 22 
Index_Page="$DIR_WEB/index.php"
23 
OLDIFS=$IFS
 23 
OLDIFS=$IFS
24 
IFS=$'\n'
 24 
IFS=$'\n'
25 
 
 25 
 
26 
# Fonction appelée si un Pb de connectivité Internet
 - 
 
27 
# On fait pointer les usagers sur l'adresse locale
 - 
 
28 
function ext_down_alert ()
 26 
function lan_down_alert ()
- 
 
 27 
# users are redirected on ALCASAR IP address if LAN Pb detected
29 
{
 28 
{
30 
	case $EXT_DOWN in
 29 
	case $LAN_DOWN in
31 
	"1")
 30 
	"1")
32 
		logger "eth0 link down"
 31 
		logger "eth0 link down"
33 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page
 32 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page
34 
		;;
 33 
		;;
35 
	"2")
 34 
	"2")
36 
		logger "can't contact the default router"
 35 
		logger "can't contact the default router"
37 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
 36 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
38 
		;;
 37 
		;;
39 
	"3")
 - 
 
40 
		logger "can't contact the Internet DNS"
 - 
 
41 
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the Internet DNS\";?g" $Index_Page
 - 
 
42 
		;;
 - 
 
43 
	esac
 38 
	esac
44 
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
 39 
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
45 
	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
 40 
	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
46 
		then
 41 
		then
47 
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
 42 
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
Line 49... Line 44...
49 
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
 44 
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
50 
		/etc/init.d/dnsmasq restart
 45 
		/etc/init.d/dnsmasq restart
51 
	fi
 46 
	fi
52 
}
 47 
}
53 
 
 48 
 
- 
 
 49 
function lan_test ()
54 
# On teste la connectivité réseau
 50 
# LAN connectiivity testing
- 
 
 51 
{
55 
# On teste l'état d'EXTIF
 52 
	# EXTIF testing
56 
EXT_DOWN="0"
 53 
	LAN_DOWN="0"
57 
if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
 54 
	if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
58 
	then
 - 
 
59 
	EXT_DOWN="1"
 - 
 
60 
fi
 - 
 
61 
# si EXTIF ok, on teste la connectivité vers le routeur par défaut (Box FAI)
 - 
 
62 
if [ $EXT_DOWN -eq "0" ]
 - 
 
63 
	then
 55 
		then
64 
	IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
 - 
 
65 
	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
 - 
 
66 
	if [ $arp_reply -eq "0" ]
 - 
 
67 
	       	then
 - 
 
68 
		EXT_DOWN="2"
 56 
		LAN_DOWN="1"
69 
	fi
 57 
	fi
70 
fi
 - 
 
71 
# si routeur OK, on teste la connectivité vers les DNS externes
 - 
 
72 
# + tard (EXT_DOWN=3)
 58 
	# Default GW testing
73 
# si Pb réseau, on avertit les usagers
 - 
 
74 
if [ $EXT_DOWN != "0" ]
 59 
	if [ $LAN_DOWN -eq "0" ]
75 
	then
 - 
 
76 
		ext_down_alert
 - 
 
77 
	else
 - 
 
78 
# sinon, le cas échéant, on rebascule en mode normal
 - 
 
79 
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
 - 
 
80 
	if [ $net_pb != "0" ]
 - 
 
81 
		then
 60 
		then
- 
 
 61 
		IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
- 
 
 62 
		arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
- 
 
 63 
		if [ $arp_reply -eq "0" ]
- 
 
 64 
	       		then
- 
 
 65 
			LAN_DOWN="2"
- 
 
 66 
		fi
- 
 
 67 
	fi
- 
 
 68 
	# if LAN pb detected, users are warned
- 
 
 69 
	if [ $LAN_DOWN != "0" ]
- 
 
 70 
		then
- 
 
 71 
			lan_down_alert
- 
 
 72 
	# else switch in normal mode
- 
 
 73 
	else
- 
 
 74 
		net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
- 
 
 75 
		if [ $net_pb != "0" ]
- 
 
 76 
			then
82 
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page
 77 
			/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page
83 
		/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf
 78 
			/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf
84 
		/bin/sed -i "/^address=/d" /etc/dnsmasq.conf
 79 
			/bin/sed -i "/^address=/d" /etc/dnsmasq.conf
85 
		/etc/init.d/dnsmasq restart
 80 
			/etc/init.d/dnsmasq restart
- 
 
 81 
		fi
86 
	fi
 82 
	fi
87 
fi
 83 
}
- 
 
 84 
 
- 
 
 85 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"
- 
 
 86 
case $1 in
- 
 
 87 
	-\? | -h* | --h*)
- 
 
 88 
		echo "$usage"
- 
 
 89 
		exit 0
- 
 
 90 
		;;
- 
 
 91 
	-lt | --lan_test)
- 
 
 92 
		lan_test
- 
 
 93 
		exit 0
- 
 
 94 
		;;
- 
 
 95 
	*)
- 
 
 96 
		lan_test
88 
# lecture du fichier contenant les adresses IP des stations muettes
 97 
# lecture du fichier contenant les adresses IP des stations muettes
89 
if [ -e $tmp_file ]; then
 98 
		if [ -e $tmp_file ]; then
90 
	cat $tmp_file | while read noresponse
 99 
			cat $tmp_file | while read noresponse
91 
	do
 100 
			do
92 
		noresponse_ip=`echo $noresponse | cut -d" " -f1`
 101 
				noresponse_ip=`echo $noresponse | cut -d" " -f1`
93 
		noresponse_mac=`echo $noresponse | cut -d" " -f2`
 102 
				noresponse_mac=`echo $noresponse | cut -d" " -f2`
94 
		arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2`
 103 
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2`
95 
		if [[ $(expr $arp_reply) -eq 0 ]]
 104 
				if [[ $(expr $arp_reply) -eq 0 ]]
96 
	       	then
 105 
	       				then
97 
			logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."
 106 
					logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."
98 
			/usr/sbin/chilli_query logout $noresponse_mac
 107 
					/usr/sbin/chilli_query logout $noresponse_mac
- 
 
 108 
				fi
- 
 
 109 
			done
- 
 
 110 
			rm $tmp_file
99 
		fi
 111 
		fi
100 
	done
 - 
 
101 
	rm $tmp_file
 - 
 
102 
fi
 - 
 
103 
# on traite chaque équipements connus de chilli
 112 
# on traite chaque équipements connus de chilli
104 
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
 113 
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
105 
do
 114 
		do
106 
	active_ip=`echo $system |cut -d" " -f2`
 115 
			active_ip=`echo $system |cut -d" " -f2`
107 
	active_session=`echo $system |cut -d" " -f5`
 116 
			active_session=`echo $system |cut -d" " -f5`
108 
	active_mac=`echo $system | cut -d" " -f1`
 117 
			active_mac=`echo $system | cut -d" " -f1`
109 
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
 118 
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
110 
if [[ $(expr $active_session) -eq 1 ]]
 119 
			if [[ $(expr $active_session) -eq 1 ]]
111 
	then
 120 
				then
112 
	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
 121 
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
113 
# on stocke les adresses IP des stations muettes
 122 
# on stocke les adresses IP des stations muettes
114 
	if [[ $(expr $arp_reply) -eq 0 ]]
 123 
				if [[ $(expr $arp_reply) -eq 0 ]]
115 
	       	then
 124 
	       				then
116 
			echo "$active_ip $active_mac" >> $tmp_file
 125 
					echo "$active_ip $active_mac" >> $tmp_file
117 
	fi
 126 
				fi
118 
# on deconnecte l'usager d'une stations usurpée (@MAC)
 127 
# on deconnecte l'usager d'une stations usurpée (@MAC)
119 
	if [[ $(expr $arp_reply) -gt 2 ]]
 128 
				if [[ $(expr $arp_reply) -gt 2 ]]
120 
	       	then
 129 
	       				then
121 
			logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."
 130 
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."
122 
			/usr/sbin/chilli_query logout $active_mac
 131 
					/usr/sbin/chilli_query logout $active_mac
123 
	fi
 132 
				fi
124 
fi
 133 
			fi
125 
done
 134 
		done
- 
 
 135 
		;;
- 
 
 136 
esac
126 
IFS=$OLDIFS
 137 
IFS=$OLDIFS