From 7560f05a1e67bd59f2fc71f197e07d3a2706a62b Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Mon, 28 Oct 2013 20:14:23 +0100 Subject: [PATCH] =?UTF-8?q?[arpwatch]=20On=20n'envoie=20pas=20de=20mail=20?= =?UTF-8?q?pour=20les=20=C3=A9v=C3=A8nement=20inint=C3=A9ressants.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- firewall/aiccu_postup | 2 +- gestion/ressuscite.py | 2 +- secours/secours.py | 3 +- surveillance/arpwatch/report.py | 50 +++++++++++++++++++++++++++++---- wiki/auth/cas.py | 8 +++--- 5 files changed, 51 insertions(+), 14 deletions(-) diff --git a/firewall/aiccu_postup b/firewall/aiccu_postup index 8e77aa41..42379947 100755 --- a/firewall/aiccu_postup +++ b/firewall/aiccu_postup @@ -5,4 +5,4 @@ /etc/init.d/netacct-crans-sixxs2 restart /etc/init.d/firewall6 restart -/usr/sbin/monit monitor netacct-crans-sixxs2 +#/usr/sbin/monit monitor netacct-crans-sixxs2 diff --git a/gestion/ressuscite.py b/gestion/ressuscite.py index 37a13a18..3af0c616 100755 --- a/gestion/ressuscite.py +++ b/gestion/ressuscite.py @@ -361,7 +361,7 @@ def ressuscite(adh, oldmachine): except EnvironmentError, c: err += c.args[0] + '\n' elif len(c.args)>1 and c.args[1] == 3 and isadm: # Mac douteuse - no, res = dlg.yesno(text=u"L\'adresse MAC ne correspond à aucun constructeur, continuer ?", + no = dlg.yesno(text=u"L\'adresse MAC ne correspond à aucun constructeur, continuer ?", title=u"Adresse MAC") if not no: try: machine.mac(str(oldmachine.mac()), 1) diff --git a/secours/secours.py b/secours/secours.py index fd72ab76..31d0259b 100755 --- a/secours/secours.py +++ b/secours/secours.py @@ -76,8 +76,7 @@ COMMANDES = { '/etc/init.d/postfix restart', ], 'komaz': [ - '/etc/init.d/aiccu restart', - '/usr/bin/monit monitor netacct-crans-sixxs2', + '/usr/bin/monit start netacct-crans-sixxs2', ], }.get(HOSTNAME, []) diff --git a/surveillance/arpwatch/report.py b/surveillance/arpwatch/report.py index 06451e07..b5e0964f 100755 --- a/surveillance/arpwatch/report.py +++ b/surveillance/arpwatch/report.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- # Ajout d'un whos et d'un tracage aux mails d'arpwatch -# Auteurs : Stéphane Glondu, Cyril Cohen, Daniel STAN, Valentin Samir +# Auteurs : Stéphane Glondu, Cyril Cohen, Daniel STAN, Valentin Samir, Vincent Le Gallic # Licence : GPLv2 from __future__ import print_function @@ -14,7 +14,7 @@ import common sys.path.append('/usr/scripts') from gestion.tools.locate_mac import trace_machine, format_mac, info_machine -from gestion.config import NETs +import gestion.config from gestion.iptools import AddrInNets from utils.sendmail import sendmail @@ -26,7 +26,14 @@ if not recipients: find_mac = re.compile(r'[0-9A-Fa-f]{1,2}(?::[0-9A-Fa-f]{1,2}){5}') find_ip = re.compile(r'[0-9]{1,3}(?:\.[0-9]{1,3}){3}') -arpwatched_net = NETs['all'] + NETs['adm'] + NETs['accueil'] + NETs['isolement'] + NETs['personnel-ens'] + NETs['evenementiel'] +#: Regexp pour matcher l'interface. +#: Ne matche pas toutes les interface (si un jour eth1 poppe), +#: Mais de toutes façons on ne drope que des interfaces qu'on a réussi à identifier +find_iface = re.compile(r'eth0(?:\.[0-9]+)?') +arpwatched_nets = sum([gestion.config.NETs[nom] for nom in ['all', 'adm', 'accueil', 'isolement', 'personnel-ens', 'evenementiel']], []) + +#: VLANS dont on ignore les "new station"/"new activity" *si elles ont une ip correspondant au vlan* +ignored_vlans = ['accueil', 'wifi'] def get_machine(unformated_mac): """Renvoie les informations sur la machine à partir de sa mac""" @@ -39,6 +46,37 @@ def get_subject(headers_list): return line[9:].strip() return None +def drop_report(subject, ip): + """Détermine à partir du ``subject`` du mail + si il n'est pas nécessaire d'envoyer une notification pour cet évènement. + + Renvoie ``True`` si il faut le dropper. + """ + # On récupère l'interface et l'ip dans le sujet + ifaces = find_iface.findall(subject) + iface = ifaces[0] if ifaces else None + if not iface is None: + # On détermine le vlan + vlans = re.findall(r"\.([^\.]*)$", iface) + try: + vlan = int(vlans[0]) if vlans else None + except ValueError: + vlan = None + ips = find_ip.findall(subject) + ip = ips[0] if ips else None + #print("%r, %r" % (ip, iface)) + #print(arpwatched_nets) + if u"new station" in subject or "new activity" in subject: + if not vlan is None: + vlannames = [k for (k,v) in gestion.config.vlans.iteritems() if v == vlan] + #print("vlannames : %r" % vlannames) + if vlannames and vlannames[0] in ignored_vlans: + #print("%r in %r ?" % (ip, gestion.config.NETs[vlannames[0]])) + if AddrInNets(ip, gestion.config.NETs[vlannames[0]]): + # On ignore les new station dont l'IP est sur le bon vlan + return True + return False + def report(texte, fallback=False): """Envoi d'un rapport""" textes = texte.splitlines(True) @@ -59,8 +97,8 @@ def report(texte, fallback=False): ip = set(find_ip.findall(texte)).pop() except KeyError: ip = None - # On complète le message - if u'flip flop' in subject and ip is not None and AddrInNets(ip, arpwatched_net): + # On complète le message seulement en cas de flip flop + if u'flip flop' in subject and ip is not None and AddrInNets(ip, arpwatched_nets): try: macs = find_mac.findall(texte) for mac in macs: @@ -75,7 +113,7 @@ def report(texte, fallback=False): textes.append(u'\n-- \narpwatch_sendmail.py\n') out = ''.join(textes) - if recipients: + if recipients and not drop_report(): sendmail(u"arpwatch@crans.org", recipients, subject, out, more_headers = { 'X-Mailer': __file__, diff --git a/wiki/auth/cas.py b/wiki/auth/cas.py index 5ab2ec93..e1b02d93 100644 --- a/wiki/auth/cas.py +++ b/wiki/auth/cas.py @@ -128,10 +128,10 @@ class CASAuth(BaseAuth): session_service.destroy_session(request, session) # authenticated user - if not force and user_obj and user_obj.valid: - if self.action == action: - request.http_redirect(url) - return user_obj, True + #if not force and user_obj and user_obj.valid: + # if self.action == action: + # request.http_redirect(url) + # return user_obj, True if self.ticket_path and request.method == 'POST': logoutRequest=request.form.get('logoutRequest', None)