Shell script to get email when unauthorized users on our network
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Shell script to get email when unauthorized users on our network
Hi..All,
I need a shell script to get an alert with email. when some unauthorized PCs/Laptopts are connected to our network. For that I am trying with commands but still I could not get success. I used fping because it gives the alive machines info within some seconds. I tried these below on ubuntu
"$/usr/bin/fping -g 192.168.0.1 192.168.0.10 -r 1 | grep -v unreachable | awk '{print $1}"
Above command gave the live machine's IP address. Next I tried
"$/usr/bin/fping -g 192.168.0.1 192.168.0.10 -r 1 | grep -v unreachable | awk '{print $1}' | while read output; do /usr/sbin/arp $output | grep -v Address | awk '{print $1 " " $3}' >> ip-mac.txt; done"
Above command made a list of all the live machine's IP with their MAC address.
Now I need a shell script to get their hostname also along with IP and MAC address when their MAC address is not matching with authorized MAC address which is stored in some file and then it should send email to us. Through that we can alert on our network and security.
So could anybody please guide me with your some examples that how can I make the shell script.
Last edited by ananthkadalur; 09-17-2011 at 05:36 AM.
Reason: Heading correction
Please use [code][/code] tags around your code, to preserve formatting and to improve readability.
I don't have much networking knowledge, so I'm not sure I can help you directly, but I can at least help you clean up your current code. In particular, you almost never need to use grep in combination with awk or sed, as both of the latter have the same kind of pattern-matching built-in.
I'd also break up that incredibly long pipe chain. I'd personally recommend saving the addresses into an array, assuming you're using bash or another shell that supports them. Then you can use a simple for loop to process them.
As for your next step, exactly where are you getting hung up? Do you need to know how to get the information you want, or how to match it to the file contents, or what? Please define your problem in more detail.
Finally, sending emails through scripts is a very common activity, and it should be easy for you to find examples of how to do it here or on the web. Just do some searching.
Last edited by David the H.; 09-17-2011 at 01:02 PM.
Reason: minor fix
Shell script to get email when unauthorized users on our network
Hi..This is realy super shell shell script. Could u please modify this shell script as by which hostname also will be saved in the ip-mac.txt file along with IP address and MAC address. Meanwhile I will be trying to send email alert when the MAC address are not matching with our LAN MAC address and I'll let you know if I am struggling in somewhere.
Quote:
Originally Posted by David the H.
Please use [code][/code] tags around your code, to preserve formatting and to improve readability.
I don't have much networking knowledge, so I'm not sure I can help you directly, but I can at least help you clean up your current code. In particular, you almost never need to use grep in combination with awk or sed, as both of the latter have the same kind of pattern-matching built-in.
I'd also break up that incredibly long pipe chain. I'd personally recommend saving the addresses into an array, assuming you're using bash or another shell that supports them. Then you can use a simple for loop to process them.
As for your next step, exactly where are you getting hung up? Do you need to know how to get the information you want, or how to match it to the file contents, or what? Please define your problem in more detail.
Finally, sending emails through scripts is a very common activity, and it should be easy for you to find examples of how to do it here or on the web. Just do some searching.
Shell script to get email when unauthorized users on our network
Could u plz show me the full line that how it should be
I added as below and executed the file.
echo -n "$host" arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
but nothing is there when I cat the ip-mac.txt file.
Then I modified as below and executed the file
echo -n "$host " >> ip-mac.txt | arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
But the content of the ip-mac.txt file is as below
192.168.0.1 192.168.0.2 192.168.0.2 08:00:27:c9:1d:cc
192.168.0.9 192.168.0.9 08:00:27:64:8f:40
I need hostname for example if my PC's hostname is Ananth then it should be Ananth not IP address.
#cat /etc/hostname
Ananth
So could u plz guide me how can we add hostname also in ip-mac.txt file.
Quote:
Originally Posted by David the H.
Just echo the host variable, without a newline, into the file before the arp command.
If you want the name of the machine that's running the script, just do a similar echo with the $HOSTNAME shell variable. Do it outside of the loop unless you want it more than once. If you need the hostname of one of the other machines then you'll have to figure out the command that gives it to you first.
I think you really need to study up some more on how scripts process commands. Try reading this guide straight through before you do anything else:
If you want the name of the machine that's running the script, just do a similar echo with the $HOSTNAME shell variable. Do it outside of the loop unless you want it more than once. If you need the hostname of one of the other machines then you'll have to figure out the command that gives it to you first.
I think you really need to study up some more on how scripts process commands. Try reading this guide straight through before you do anything else:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.