BASH   131

send-alert.sh

Guest on 5th September 2021 05:50:41 PM

  1. #!/bin/bash
  2.  
  3. # updated by WIPAT 2552-03-31
  4.  
  5. ADMIN_EMAIL="root@localhost"
  6. CC_EMAIL="root@localhost"
  7.  
  8. HOUR=$(date --date="-1 hour" "+%Y%m%d%H")
  9. TODAY=$(echo ${HOUR}|cut -b 1-8)
  10. MYFILE="/root/spoof/${TODAY}/${HOUR}"
  11. if [ ! -f "$MYFILE" ] ; then
  12.   exit
  13. fi
  14.  
  15. TEMP1="/tmp/send-alert-temp1.tmp.$$"
  16. TEMP2="/tmp/send-alert-temp2.tmp.$$"
  17. TEMP3="/tmp/send-alert-temp3.tmp.$$"
  18. TEMP4="/tmp/send-alert-temp4.tmp.$$"
  19.  
  20. CHECK_KEY="WARNING"
  21. CHECK_KEY2="SAME_IP"
  22. egrep "${CHECK_KEY}|${CHECK_KEY2}" ${MYFILE} > ${TEMP1}
  23. if [ -s ${TEMP1} ] ; then
  24.   MYSERVER=$(/sbin/ifconfig eth0|grep "inet addr"|cut -d':' -f 2|cut -d' ' -f 1)
  25.   echo "From: root@${MYSERVER}" > ${TEMP2}
  26.   echo "Content-Type: text/plain;charset=TIS-620" >> ${TEMP2}
  27.   echo "Content-Transfer-Encoding: 8bit" >> ${TEMP2}
  28.   echo "To: ${ADMIN_EMAIL}" >> ${TEMP2}
  29.   if [ -n "${CC_EMAIL}" ] ; then
  30.     echo "Cc: ${CC_EMAIL}" >> ${TEMP2}
  31.   fi
  32.   echo "Subject: ${HOUR} ARP-spoof alert ${MYSERVER}" >> ${TEMP2}
  33.   echo "" >> ${TEMP2}
  34.   cat ${TEMP1} >> ${TEMP2}
  35.   PCLOG="/root/log/${TODAY}/${HOUR}"
  36.   cut -d';' -f2,3,5,6  ${PCLOG}|sort|uniq > ${TEMP3}
  37.   cat /dev/null > ${TEMP4}
  38.   while read LINE ; do
  39.     IP=$(echo ${LINE}|cut -d';' -f 2)
  40.     MAC1=$(echo ${LINE}|cut -d';' -f 3)
  41.     MAC2=$(echo ${LINE}|cut -d';' -f 4)
  42.     if [ -n "$(egrep -i "(${IP};|${MAC1}|${MAC2})" ${TEMP3} 2>/dev/null)" ]; then
  43.      egrep -i "(${IP};|${MAC1}|${MAC2})" ${TEMP3} >> ${TEMP4}
  44.    fi
  45.  done < ${TEMP1}
  46.  sort ${TEMP4}|uniq >> ${TEMP2}
  47.  if [ -n "${ADMIN_EMAIL}" ] ; then
  48.    /usr/sbin/sendmail -t < ${TEMP2}
  49.  fi
  50. fi
  51.  
  52. rm -f ${TEMP1} ${TEMP2} ${TEMP3} ${TEMP4}

Raw Paste


Login or Register to edit or fork this paste. It's free.