crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[arpwatch_sendmail] On ne trace les macs qu'en cas de flip flop sur une ip crans

Browse source
This commit is contained in:
Valentin Samir 2013-05-26 17:46:02 +02:00
parent b59d291c79
commit d6fb41aaf2
2 changed files with 25 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
gestion/config/config.py
View file

@ -156,6 +156,7 @@ NETs = { 'serveurs' : [ '138.231.136.0/24' ],
'accueil': ['10.51.0.0/16' ], 'accueil': ['10.51.0.0/16' ],
'isolement': ['10.52.0.0/16' ], 'isolement': ['10.52.0.0/16' ],
'personnel-ens': ['10.2.9.0/24' ], 'personnel-ens': ['10.2.9.0/24' ],
'evenementiel': ['10.231.137.0/24'],
'ens' : ['138.231.135.0/24'], 'ens' : ['138.231.135.0/24'],
'all' : [ '138.231.136.0/21', '138.231.144.0/21' ], 'all' : [ '138.231.136.0/21', '138.231.144.0/21' ],
'multicast' : ['239.0.0.0/8'], 'multicast' : ['239.0.0.0/8'],

33
surveillance/arpwatch_sendmail.py
View file

@ -8,21 +8,32 @@
import sys, os, re, smtplib import sys, os, re, smtplib
from commands import getstatusoutput from commands import getstatusoutput
sys.path.append('/usr/scripts/gestion')
sys.path.append('/usr/scripts/gestion/tools') sys.path.append('/usr/scripts/gestion/tools')
from locate_mac import trace_machine, format_mac, info_machine from locate_mac import trace_machine, format_mac, info_machine
from config import NETs
from iptools import AddrInNets
find_mac = re.compile(r'[0-9A-Fa-f]{1,2}(?::[0-9A-Fa-f]{1,2}){5}') find_mac = re.compile(r'[0-9A-Fa-f]{1,2}(?::[0-9A-Fa-f]{1,2}){5}')
find_ip = re.compile(r'[0-9]{1,3}(?:\.[0-9]{1,3}){3}')
arpwatched_net = NETs['all'] + NETs['adm'] + NETs['accueil'] + NETs['isolement'] + NETs['personnel-ens'] + NETs['evenementiel']
def get_machine(unformated_mac): def get_machine(unformated_mac):
mac = format_mac(unformated_mac) mac = format_mac(unformated_mac)
return u"\n" + info_machine(mac) + u"\n" + trace_machine(mac) return u"\n" + info_machine(mac) + u"\n" + trace_machine(mac)
def get_subject(headers_list):
for line in headers_list:
if line.lower().startswith('subject:'):
return line
return None
if __name__ == "__main__": if __name__ == "__main__":
texte = sys.stdin.read() #.decode('ISO-8859-15') texte = sys.stdin.read() #.decode('ISO-8859-15')
textes = texte.splitlines(True) textes = texte.splitlines(True)
i = textes.index(u'\n') i = textes.index(u'\n')
subject = get_subject(textes[:i])
textes[i-1:i-1] = [ textes[i-1:i-1] = [
u'MIME-Version: 1.0\n', u'MIME-Version: 1.0\n',
u'Content-Type: text/plain; charset=UTF-8\n', u'Content-Type: text/plain; charset=UTF-8\n',
@ -31,16 +42,20 @@ if __name__ == "__main__":
# On récupère les destinataires dans les arguments (très ad hoc) # On récupère les destinataires dans les arguments (très ad hoc)
recipients = sys.argv[2].split(',') recipients = sys.argv[2].split(',')
try : ip = set(find_ip.findall(texte)).pop()
except KeyError: ip = None
# On complète le message # On complète le message
try: if 'flip flop' in subject and ip is not None and AddrInNets(ip, arpwatched_net):
macs = find_mac.findall(texte) try:
for mac in macs: macs = find_mac.findall(texte)
textes.append(get_machine(mac)) for mac in macs:
except: textes.append(get_machine(mac))
# En cas d'exception, on envoie le traceback except:
import traceback # En cas d'exception, on envoie le traceback
textes.append(u'\n') import traceback
textes.append(u''.join(traceback.format_exception(sys.exc_type, sys.exc_value, sys.exc_traceback))) textes.append(u'\n')
textes.append(u''.join(traceback.format_exception(sys.exc_type, sys.exc_value, sys.exc_traceback)))
textes.append('\n-- \narpwatch_sendmail.py\n') textes.append('\n-- \narpwatch_sendmail.py\n')
smtp = smtplib.SMTP() smtp = smtplib.SMTP()