[sniffer] autoconf d'arpwatch, sur dyson, special crans

Ignore-this: 273a6d04fd110d2c14a3c5b8679977e4 darcs-hash:20120512174644-3ca67-0f23dfe04102f93276501c57d8ddc251f05f13ac.gz
2012-05-12 19:46:44 +02:00 · 2012-05-12 19:46:44 +02:00 · 216f227f67
commit 216f227f67
parent 467bf7fd96
7 changed files with 56 additions and 2 deletions
--- a/Bundler/arpwatch.xml
+++ b/Bundler/arpwatch.xml
@ -0,0 +1,6 @@
+<Bundle name="arpwatch" version="2.0">
+  <Package name="arpwatch"/>
+  <Service name="arpwatch"/>
+  <ConfigFile name="/etc/default/arpwatch"/>
+  <ConfigFile name="/etc/arpwatch.conf"/>
+</Bundle>
--- a/Cfg/etc/default/arpwatch/arpwatch
+++ b/Cfg/etc/default/arpwatch/arpwatch
@ -0,0 +1,8 @@
+# Fichier gere par Bcfg2 (plugin Cfg)
+# Global options for arpwatch(8).
+
+# Debian: don't report bogons, don't use PROMISC.
+ARGS="-N -p -s /usr/scripts/surveillance/arpwatch_sendmail"
+
+# Debian: run as `arpwatch' user.  Empty this to run as root.
+RUNAS="arpwatch"
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -1156,11 +1156,15 @@

 <Group name="sniffer"
   comment="Le serveur qui surveille le réseau">
-    <Group name="non-free" /> <!-- Pour snmp-mibs-downloader -->
-    <!-- TODO : à implémenter -->
+   <Group name="arpwatch" />
 </Group>


+<Group name="arpwatch" comment="arpwatch special crans avec traçage des macs">
+    <Group name="non-free" /><!-- Pour snmp-mibs-downloader, pour interrogation switch -->
+    <Bundle name="arpwatch" />
+</Group>
+
  <!-- +====================+ -->
  <!-- | Groupes dynamiques | -->
  <!-- +====================+ -->
--- a/Python/etc/network/interfaces
+++ b/Python/etc/network/interfaces
@ -1,6 +1,7 @@
 # -*- coding: utf-8; mode: python -*-

 include("ip")
+include("arpwatch")

 info["owner"] = "root"
 info["group"] = "root"
@ -12,10 +13,13 @@ Les modifications locales sont a mettre dans le fichier /etc/network/interfaces.
 Voir http://wiki.crans.org/CransTechnique/Bcfg2/... pour plus d'explications.
 """)

+configured_ifaces=[]
+
 def dev(interface, mode, additionnals=[]):
    """Generation de la conf d'une interface:

    - additionnals contient des lignes a mettre en plus a la definition"""
+    configured_ifaces.append(interface)

    if mode == "pub":
        print """auto %(interface)s
@ -122,6 +126,17 @@ print """auto lo
 iface lo inet loopback
 """

+# Pour arpwatch, on surveille nos réseaux
+def otherlisteners():
+    print "#Interfaces d'ecoute restantes pour arpwatch "
+    for vlan in watched_vlans:
+        if vlan == 1:
+            iface = 'eth0'
+        else:
+            iface = 'eth0.%d' % vlan
+        if not iface in configured_ifaces:
+            dev(iface,'vide')
+
 def pubip6(If):
     return "2a01:240:fe3d:4:" + If_Mac[If]

--- a/Python/etc/sudoers
+++ b/Python/etc/sudoers
@ -59,3 +59,7 @@ if has("users"):
    @ALL        ALL=(respbats) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami
    @# Quotas
    @ALL        ALL=NOPASSWD:/usr/local/bin/quota.sh
+
+if has('arpwatch'):
+    @# arpwatch
+    @arpwatch   ALL=(arpwatch) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py
--- a/Rules/rules.xml
+++ b/Rules/rules.xml
@ -100,6 +100,8 @@
  <Service type="deb" name="munin-node" status="on"/>
  <Service type="deb" name="nagios-nrpe-server" status="on"/>

+  <Service type="deb" name="arpwatch" status="on"/>
+
  <Action name="link-munin-plugins" timing="post" when="modified" status="check"
 	  command="python /usr/scripts/munin/scripts/link_plugins.py -f" />

--- a/etc/python/arpwatch.py
+++ b/etc/python/arpwatch.py
@ -0,0 +1,15 @@
+# -*- mode: python; coding: utf-8 -*-
+#
+# Liste des vlans surveilles 
+# On surveille les réseaux du crans
+# 1: adherent
+# 2: adm
+# 3: wifi-crans
+## 4: wifi-ens -> c'est pas nos oignons
+## 6: gratuit -> plus utilisé
+# 7: accueil (utile ? Éviter que des gens s'en servent comme lan ?)
+# 9: isolement (utile ?)
+# 10: évènementiel
+# 21: appartements
+watched_vlans = [1,2,3,7,9,10,21]
+