WebSVN – ALCASAR – Diff – /scripts/alcasar-watchdog.sh


#!/bin/bash
# $Id: alcasar-watchdog.sh 784 2011-12-18 14:33:56Z richard $
 
# alcasar-watchdog.sh
# by Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# il déconnecte les usagers dont
# - les équipements réseau ne répondent plus
# - les adresses MAC sont usurpées
# This script tells users that Internet access is down
# it logs out users whose 
# - PCs are quiet
# - MAC address are in used by other systems (usurped)
 
EXTIF="eth0"
INTIF="eth1"
PRIVATE_IP="192.168.182.1"
tmp_file="/tmp/watchdog.txt"
DIR_WEB="/var/www/html"
Index_Page="$DIR_WEB/index.php"
OLDIFS=$IFS
IFS=$'\n'
 
function lan_down_alert ()
# users are redirected on ALCASAR IP address if LAN Pb detected
{
	case $LAN_DOWN in
	"1")
		logger "eth0 link down"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page
		;;
	"2")
		logger "can't contact the default router"
		/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page
		;;
	esac
	net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
	if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
		then
		/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
		/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
		/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf
		/etc/init.d/dnsmasq restart
	fi
}
 
function lan_test ()
# LAN connectiivity testing
{
	watchdog_process=`ps -C alcasar-watchdog.sh|wc -l`
	if [[ $(expr $watchdog_process) -gt 3 ]]
		then
		echo "ALCASAR watchdog is already running"
		exit 0
	fi
	# EXTIF testing
	LAN_DOWN="0"
	if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
		then
		LAN_DOWN="1"
	fi
	# Default GW testing
	if [ $LAN_DOWN -eq "0" ]
		then
		IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
		arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
		if [ $arp_reply -eq "0" ]
	       		then
			LAN_DOWN="2"
		fi
	fi
	# if LAN pb detected, users are warned
	if [ $LAN_DOWN != "0" ]
		then
			lan_down_alert
	# else switch in normal mode
	else
		net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
		if [ $net_pb != "0" ]
			then
			/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page
			/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf
			/bin/sed -i "/^address=/d" /etc/dnsmasq.conf
			/etc/init.d/dnsmasq restart
		fi
	fi
}
 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"
case $1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-lt | --lan_test)
		lan_test
		exit 0
		;;
	*)
		lan_test
# lecture du fichier contenant les adresses IP des stations muettes
		if [ -e $tmp_file ]; then
			cat $tmp_file | while read noresponse
			do
				noresponse_ip=`echo $noresponse | cut -d" " -f1`
				noresponse_mac=`echo $noresponse | cut -d" " -f2`
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip|grep response|cut -d" " -f2`
				if [[ $(expr $arp_reply) -eq 0 ]]
	       				then
					logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."
					/usr/sbin/chilli_query logout $noresponse_mac
				fi
			done
			rm $tmp_file
		fi
# on traite chaque équipements connus de chilli
		for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
		do
			active_ip=`echo $system |cut -d" " -f2`
			active_session=`echo $system |cut -d" " -f5`
			active_mac=`echo $system | cut -d" " -f1`
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
			if [[ $(expr $active_session) -eq 1 ]]
				then
				arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
# on stocke les adresses IP des stations muettes
				if [[ $(expr $arp_reply) -eq 0 ]]
	       				then
					echo "$active_ip $active_mac" >> $tmp_file
				fi
# on deconnecte l'usager d'une stations usurpée (@MAC)
				if [[ $(expr $arp_reply) -gt 2 ]]
	       				then
					logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."
					/usr/sbin/chilli_query logout $active_mac
				fi
			fi
		done
		;;
esac	
IFS=$OLDIFS
 

Rev 783	Rev 784
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-watchdog.sh 783 2011-12-17 14:24:08Z richard $`	2	`# $Id: alcasar-watchdog.sh 784 2011-12-18 14:33:56Z richard $`
3		3
4	`# alcasar-watchdog.sh`	4	`# alcasar-watchdog.sh`
5	`# by Richard REY`	5	`# by Richard REY`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
8	`# Ce script prévient les usagers de l'indisponibilité de l'accès Internet`	8	`# Ce script prévient les usagers de l'indisponibilité de l'accès Internet`
9	`# il déconnecte les usagers dont`	9	`# il déconnecte les usagers dont`
10	`# - les équipements réseau ne répondent plus`	10	`# - les équipements réseau ne répondent plus`
11	`# - les adresses MAC sont usurpées`	11	`# - les adresses MAC sont usurpées`
12	`# This script tells users that Internet access is down`	12	`# This script tells users that Internet access is down`
13	`# it logs out users whose`	13	`# it logs out users whose`
14	`# - PCs are quiet`	14	`# - PCs are quiet`
15	`# - MAC address are in used by other systems (usurped)`	15	`# - MAC address are in used by other systems (usurped)`
16		16
17	`EXTIF="eth0"`	17	`EXTIF="eth0"`
18	`INTIF="eth1"`	18	`INTIF="eth1"`
19	`PRIVATE_IP="192.168.182.1"`	19	`PRIVATE_IP="192.168.182.1"`
20	`tmp_file="/tmp/watchdog.txt"`	20	`tmp_file="/tmp/watchdog.txt"`
21	`DIR_WEB="/var/www/html"`	21	`DIR_WEB="/var/www/html"`
22	`Index_Page="$DIR_WEB/index.php"`	22	`Index_Page="$DIR_WEB/index.php"`
23	`OLDIFS=$IFS`	23	`OLDIFS=$IFS`
24	`IFS=$'\n'`	24	`IFS=$'\n'`
25		25
26	`function lan_down_alert ()`	26	`function lan_down_alert ()`
27	`# users are redirected on ALCASAR IP address if LAN Pb detected`	27	`# users are redirected on ALCASAR IP address if LAN Pb detected`
28	`{`	28	`{`
29	`case $LAN_DOWN in`	29	`case $LAN_DOWN in`
30	`"1")`	30	`"1")`
31	`logger "eth0 link down"`	31	`logger "eth0 link down"`
32	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page`	32	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page`
33	`;;`	33	`;;`
34	`"2")`	34	`"2")`
35	`logger "can't contact the default router"`	35	`logger "can't contact the default router"`
36	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`	36	`/bin/sed -i "s?diagnostic =.*?diagnostic = \"can't contact the default router\";?g" $Index_Page`
37	`;;`	37	`;;`
38	`esac`	38	`esac`
39	net_pb=`cat /etc/dnsmasq.conf\|grep "address=/#/"\|wc -l`	39	net_pb=`cat /etc/dnsmasq.conf\|grep "address=/#/"\|wc -l`
40	`if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).`	40	`if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).`
41	`then`	41	`then`
42	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page`	42	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page`
43	`/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf`	43	`/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf`
44	`/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf`	44	`/bin/sed -i "1i\address=\/#\/$PRIVATE_IP" /etc/dnsmasq.conf`
45	`/etc/init.d/dnsmasq restart`	45	`/etc/init.d/dnsmasq restart`
46	`fi`	46	`fi`
47	`}`	47	`}`
48		48
49	`function lan_test ()`	49	`function lan_test ()`
50	`# LAN connectiivity testing`	50	`# LAN connectiivity testing`
51	`{`	51	`{`
-		52	watchdog_process=`ps -C alcasar-watchdog.sh\|wc -l`
-		53	`if [[ $(expr $watchdog_process) -gt 3 ]]`
-		54	`then`
-		55	`echo "ALCASAR watchdog is already running"`
-		56	`exit 0`
-		57	`fi`
52	`# EXTIF testing`	58	`# EXTIF testing`
53	`LAN_DOWN="0"`	59	`LAN_DOWN="0"`
54	if [ "`/usr/sbin/ethtool $EXTIF\|grep Link\|cut -d' ' -f3`" != "yes" ]	60	if [ "`/usr/sbin/ethtool $EXTIF\|grep Link\|cut -d' ' -f3`" != "yes" ]
55	`then`	61	`then`
56	`LAN_DOWN="1"`	62	`LAN_DOWN="1"`
57	`fi`	63	`fi`
58	`# Default GW testing`	64	`# Default GW testing`
59	`if [ $LAN_DOWN -eq "0" ]`	65	`if [ $LAN_DOWN -eq "0" ]`
60	`then`	66	`then`
61	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`	67	IP_GW=`/sbin/ip route list\|grep ^default\|cut -d" " -f3`
62	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`	68	arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW\|grep response\|cut -d" " -f2`
63	`if [ $arp_reply -eq "0" ]`	69	`if [ $arp_reply -eq "0" ]`
64	`then`	70	`then`
65	`LAN_DOWN="2"`	71	`LAN_DOWN="2"`
66	`fi`	72	`fi`
67	`fi`	73	`fi`
68	`# if LAN pb detected, users are warned`	74	`# if LAN pb detected, users are warned`
69	`if [ $LAN_DOWN != "0" ]`	75	`if [ $LAN_DOWN != "0" ]`
70	`then`	76	`then`
71	`lan_down_alert`	77	`lan_down_alert`
72	`# else switch in normal mode`	78	`# else switch in normal mode`
73	`else`	79	`else`
74	net_pb=`cat /etc/dnsmasq.conf\|grep "address=/#/"\|wc -l`	80	net_pb=`cat /etc/dnsmasq.conf\|grep "address=/#/"\|wc -l`
75	`if [ $net_pb != "0" ]`	81	`if [ $net_pb != "0" ]`
76	`then`	82	`then`
77	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page`	83	`/bin/sed -i "s?^\$network_pb.*?\$network_pb = False;?g" $Index_Page`
78	`/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf`	84	`/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq-blackhole.conf`
79	`/bin/sed -i "/^address=/d" /etc/dnsmasq.conf`	85	`/bin/sed -i "/^address=/d" /etc/dnsmasq.conf`
80	`/etc/init.d/dnsmasq restart`	86	`/etc/init.d/dnsmasq restart`
81	`fi`	87	`fi`
82	`fi`	88	`fi`
83	`}`	89	`}`
84		90
85	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"`	91	`usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"`
86	`case $1 in`	92	`case $1 in`
87	`-\? \| -h* \| --h*)`	93	`-\? \| -h* \| --h*)`
88	`echo "$usage"`	94	`echo "$usage"`
89	`exit 0`	95	`exit 0`
90	`;;`	96	`;;`
91	`-lt \| --lan_test)`	97	`-lt \| --lan_test)`
92	`lan_test`	98	`lan_test`
93	`exit 0`	99	`exit 0`
94	`;;`	100	`;;`
95	`*)`	101	`*)`
96	`lan_test`	102	`lan_test`
97	`# lecture du fichier contenant les adresses IP des stations muettes`	103	`# lecture du fichier contenant les adresses IP des stations muettes`
98	`if [ -e $tmp_file ]; then`	104	`if [ -e $tmp_file ]; then`
99	`cat $tmp_file \| while read noresponse`	105	`cat $tmp_file \| while read noresponse`
100	`do`	106	`do`
101	noresponse_ip=`echo $noresponse \| cut -d" " -f1`	107	noresponse_ip=`echo $noresponse \| cut -d" " -f1`
102	noresponse_mac=`echo $noresponse \| cut -d" " -f2`	108	noresponse_mac=`echo $noresponse \| cut -d" " -f2`
103	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip\|grep response\|cut -d" " -f2`	109	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $noresponse_ip\|grep response\|cut -d" " -f2`
104	`if [[ $(expr $arp_reply) -eq 0 ]]`	110	`if [[ $(expr $arp_reply) -eq 0 ]]`
105	`then`	111	`then`
106	`logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."`	112	`logger "alcasar-watchdog $noresponse_ip ($noresponse_mac) can't be contact. Alcasar disconnects the user."`
107	`/usr/sbin/chilli_query logout $noresponse_mac`	113	`/usr/sbin/chilli_query logout $noresponse_mac`
108	`fi`	114	`fi`
109	`done`	115	`done`
110	`rm $tmp_file`	116	`rm $tmp_file`
111	`fi`	117	`fi`
112	`# on traite chaque équipements connus de chilli`	118	`# on traite chaque équipements connus de chilli`
113	for system in `/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0"`	119	for system in `/usr/sbin/chilli_query list \|grep -v "\.0\.0\.0"`
114	`do`	120	`do`
115	active_ip=`echo $system \|cut -d" " -f2`	121	active_ip=`echo $system \|cut -d" " -f2`
116	active_session=`echo $system \|cut -d" " -f5`	122	active_session=`echo $system \|cut -d" " -f5`
117	active_mac=`echo $system \| cut -d" " -f1`	123	active_mac=`echo $system \| cut -d" " -f1`
118	`# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)`	124	`# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)`
119	`if [[ $(expr $active_session) -eq 1 ]]`	125	`if [[ $(expr $active_session) -eq 1 ]]`
120	`then`	126	`then`
121	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip\|grep "Unicast reply"\|wc -l`	127	arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip\|grep "Unicast reply"\|wc -l`
122	`# on stocke les adresses IP des stations muettes`	128	`# on stocke les adresses IP des stations muettes`
123	`if [[ $(expr $arp_reply) -eq 0 ]]`	129	`if [[ $(expr $arp_reply) -eq 0 ]]`
124	`then`	130	`then`
125	`echo "$active_ip $active_mac" >> $tmp_file`	131	`echo "$active_ip $active_mac" >> $tmp_file`
126	`fi`	132	`fi`
127	`# on deconnecte l'usager d'une stations usurpée (@MAC)`	133	`# on deconnecte l'usager d'une stations usurpée (@MAC)`
128	`if [[ $(expr $arp_reply) -gt 2 ]]`	134	`if [[ $(expr $arp_reply) -gt 2 ]]`
129	`then`	135	`then`
130	`logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."`	136	`logger "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user."`
131	`/usr/sbin/chilli_query logout $active_mac`	137	`/usr/sbin/chilli_query logout $active_mac`
132	`fi`	138	`fi`
133	`fi`	139	`fi`
134	`done`	140	`done`
135	`;;`	141	`;;`
136	`esac`	142	`esac`
137	`IFS=$OLDIFS`	143	`IFS=$OLDIFS`
138		144

Subversion Repositories ALCASAR

(root)/scripts/alcasar-watchdog.sh @ 2682 – Rev 783 → 784