Arch Linux
 

Scripts: monitor

De Wiki do Arch Linux Brasil

#!/bin/bash

#### Gera regras de dhcp/iptables/squid/hosts baseado em um arquivo de entradas
 
##	Autor:	Hugo Doria
##	E-mail: hugodoria@gmail.com
## 	Última alteração:	2008-19-05
## 	Depende de:
##		bash
##		

#

LOCK=/etc/monitor/lock           # Arquivo marcador de execucao do script
SQUID=/etc/squid/clientes        # Lista de ips com permissao de acesso ao squid
FIRE=/etc/rc.d/rc.firewall_mac   # Lista de associacao de ips e macs
DHCP=/etc/dhcpd.conf             # Arquivo de configuracao do dhcp
HOSTS=/etc/hosts	 	 # Arquivo de hosts
DNS=/etc/monitor/dns.txt
DNSREV=/etc/monitor/dnsrev.txt

mascara="255.255.255.0"

# Placas de rede do servidor
IF_INTERNA=eth0
IF_EXTERNA=eth1

cd /etc/monitor

pathmunge () {
  if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then
    PATH=$1:$PATH
  fi
}

pathmunge /bin
pathmunge /sbin
pathmunge /usr/bin
pathmunge /usr/local/bin

# Impede multiplas instancias
if [ -e $LOCK ]; then
  echo "`date '+%Y-%m-%d %H:%M'` Script esta rodando agora!"
  exit 1
fi
touch $LOCK

if [ ! -e clientes.tmp ]; then
  touch clientes.tmp
fi

# Gera lista de clientes sem comentarios ou linhas em branco
grep -v "^#" clientes | grep -v "^$" > clientes.tmp.new

# Executa o script somente se houve alteracao na lista de clientes
executar=`diff clientes.tmp clientes.tmp.new`
if [ "$executar" == "" ]; then
  rm -f clientes.tmp.new
  rm -f $LOCK
  echo "Nao executou. Arquivo clientes nao foi alterado desde a ultima execucao."
  exit 0
fi
rm -f clientes.tmp
mv clientes.tmp.new clientes.tmp

# Funcao para validar MAC
function validamac() {
  mac=$1
  invalido=0
  if [ "${#mac}" != 17 ]; then
    invalido=1
    if [ "${#mac}" == 0 ]; then
      invalido=2
    fi
  else
    for num in 0 1 3 4 6 7 9 10 12 13 15 16 #pula em 2 em 2 para pegar o separador
    do
      if [ `expr index 0123456789ABCDEF ${mac:$num:1}` == 0 ]; then
        invalido=1
      fi
    done
    for num in 2 5 8 11 14
    do
      if [ "${mac:$num:1}" != ":" ]; then
        invalido=1
      fi
    done
  fi
  return $invalido
}

# Limpa arquivos de controle
rm -f $SQUID # Ips com acesso liberado no squid
touch $SQUID
rm -f $FIRE  # Regras para liberar o MAC
touch $FIRE
cat header_dhcpd.conf > $DHCP # Regras para o dhcpd
echo "# NAO ALTERE ESTE ARQUIVO. Altere em /etc/monitor/clientes e execute monitor.sh" > $HOSTS
echo "127.0.0.1 localhost localhost.localdomain" >> $HOSTS

rm -f $DNS
rm -f $DNSREV

# Loop verificando lista de usuarios logados no chilli
cat clientes.tmp |
while read linha
do
  #####################################################################
  ########### Obtendo dados de cada cliente
  if [ "$indice" == "" ]; then
    indice_anterior=0
  else
    indice_anterior="$indice"
  fi
  indice=`echo $linha | awk -F '-' '{print $1}'`
  mac=`echo $linha | awk -F '-' '{print $2}' | tr a-z A-Z`
  processa=1

  # Valida indice
  if [ "$indice" -lt 1 -a "$indice" -gt 254 ]; then
    echo "`date '+%Y-%m-%d %H:%M'` Indice invalido na seguinte linha: $linha"
    echo "                         - Indice deve ter um valor entre 1 e 254"
    processa=0
  fi
  if [ "$indice" -lt "$indice_anterior" -o "$indice" == "$indice_anterior" ]; then
    echo "`date '+%Y-%m-%d %H:%M'` Indice repetido na seguinte linha: $linha"
    echo "                         - Indice deve seguir uma sequencia e nao deve ser repetido"
    processa=0
  fi
  # Valida MAC
  validamac $mac
  retorno_mac="$?"
  if [ "$retorno_mac" == 1 ]; then
    echo "`date '+%Y-%m-%d %H:%M'` MAC invalido na seguinte linha: $linha"
    echo "                         - MAC deve ter 6 pares com numeros ou letras e A a F separados por :"
    processa="0"
  fi
  # Linha vazia, somente com indice
  if [ "$retorno_mac" == 2 ]; then
    processa="0"
  fi

  # Processa linha com valores validos
  if [ "$processa" == "1" ]; then
    usuario=`echo $linha | awk -F '-' '{print $3}' | tr A-Z a-z`
    ip_rede="192.0.0.0"
    ip="192.0.0.$indice"

    #####################################################################
    ########### Inclui ip na lista de clientes do squid
    echo "$ip" >> $SQUID

    #####################################################################
    ########### Inclui ip e hostname na lista de hosts
    echo "$ip $usuario" >> $HOSTS

    #####################################################################
    ########### Inclui  hostname e ip no dns interno
    echo "$usuario  IN A $ip" >> $DNS
    echo "$indice  IN PTR $usuario." >> $DNSREV

    #####################################################################
    ########### Amarra MAC a IP pelo firewall
    echo "/sbin/iptables -t filter -A INPUT -i ${IF_INTERNA} -s ${ip} -m mac --mac-source ${mac} -j ACCEPT"          >> $FIRE
    echo "/sbin/iptables -t filter -A FORWARD -d 0/0 -s ${ip} -o ${IF_EXTERNA} -m mac --mac-source ${mac} -j ACCEPT" >> $FIRE

    #####################################################################
    ########### Gerando regra do dhcpd.conf
    echo ""                                          >> $DHCP
    echo "    host ${usuario} {"                     >> $DHCP
    echo "      hardware ethernet $mac;"             >> $DHCP
    echo "      fixed-address $ip;"                  >> $DHCP
    echo "      option host-name \"${usuario}\";"    >> $DHCP
    echo "    }"                                     >> $DHCP
  fi
done

# Recarrega regras do dhcpd
echo "   }" >> $DHCP
echo "}" >> $DHCP
/etc/init.d/dhcpd restart

# Recarrega regras do squid
#/etc/init.d/squid reload

# Recarrega regras do firewall
/etc/rc.d/rc.firewall

# Remove lock para proxima execucao
rm -f $LOCK

##############################################################################
###  FIM
Obtido em "http://wiki.archlinux-br.org/Scripts:_monitor"
Ferramentas pessoais
TOOLBOX
LANGUAGES