diff --git a/Bundler/arpwatch.xml b/Bundler/arpwatch.xml
new file mode 100644
index 0000000..ba99f1f
--- /dev/null
+++ b/Bundler/arpwatch.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/Cfg/etc/default/arpwatch/arpwatch b/Cfg/etc/default/arpwatch/arpwatch
new file mode 100644
index 0000000..54c8eb7
--- /dev/null
+++ b/Cfg/etc/default/arpwatch/arpwatch
@@ -0,0 +1,8 @@
+# Fichier gere par Bcfg2 (plugin Cfg)
+# Global options for arpwatch(8).
+
+# Debian: don't report bogons, don't use PROMISC.
+ARGS="-N -p -s /usr/scripts/surveillance/arpwatch_sendmail"
+
+# Debian: run as `arpwatch' user. Empty this to run as root.
+RUNAS="arpwatch"
diff --git a/Metadata/groups.xml b/Metadata/groups.xml
index f16b26b..50d152a 100644
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@@ -1156,11 +1156,15 @@
-
-
+
+
+
+
+
+
diff --git a/Python/etc/network/interfaces b/Python/etc/network/interfaces
index 9f9916f..604084b 100644
--- a/Python/etc/network/interfaces
+++ b/Python/etc/network/interfaces
@@ -1,6 +1,7 @@
# -*- coding: utf-8; mode: python -*-
include("ip")
+include("arpwatch")
info["owner"] = "root"
info["group"] = "root"
@@ -12,10 +13,13 @@ Les modifications locales sont a mettre dans le fichier /etc/network/interfaces.
Voir http://wiki.crans.org/CransTechnique/Bcfg2/... pour plus d'explications.
""")
+configured_ifaces=[]
+
def dev(interface, mode, additionnals=[]):
"""Generation de la conf d'une interface:
- additionnals contient des lignes a mettre en plus a la definition"""
+ configured_ifaces.append(interface)
if mode == "pub":
print """auto %(interface)s
@@ -122,6 +126,17 @@ print """auto lo
iface lo inet loopback
"""
+# Pour arpwatch, on surveille nos réseaux
+def otherlisteners():
+ print "#Interfaces d'ecoute restantes pour arpwatch "
+ for vlan in watched_vlans:
+ if vlan == 1:
+ iface = 'eth0'
+ else:
+ iface = 'eth0.%d' % vlan
+ if not iface in configured_ifaces:
+ dev(iface,'vide')
+
def pubip6(If):
return "2a01:240:fe3d:4:" + If_Mac[If]
diff --git a/Python/etc/sudoers b/Python/etc/sudoers
index f3393d1..023eb30 100644
--- a/Python/etc/sudoers
+++ b/Python/etc/sudoers
@@ -59,3 +59,7 @@ if has("users"):
@ALL ALL=(respbats) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami
@# Quotas
@ALL ALL=NOPASSWD:/usr/local/bin/quota.sh
+
+if has('arpwatch'):
+ @# arpwatch
+ @arpwatch ALL=(arpwatch) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py
diff --git a/Rules/rules.xml b/Rules/rules.xml
index c2ab9e5..bece4b1 100644
--- a/Rules/rules.xml
+++ b/Rules/rules.xml
@@ -100,6 +100,8 @@
+
+
diff --git a/etc/python/arpwatch.py b/etc/python/arpwatch.py
new file mode 100644
index 0000000..a9ad90a
--- /dev/null
+++ b/etc/python/arpwatch.py
@@ -0,0 +1,15 @@
+# -*- mode: python; coding: utf-8 -*-
+#
+# Liste des vlans surveilles
+# On surveille les réseaux du crans
+# 1: adherent
+# 2: adm
+# 3: wifi-crans
+## 4: wifi-ens -> c'est pas nos oignons
+## 6: gratuit -> plus utilisé
+# 7: accueil (utile ? Éviter que des gens s'en servent comme lan ?)
+# 9: isolement (utile ?)
+# 10: évènementiel
+# 21: appartements
+watched_vlans = [1,2,3,7,9,10,21]
+