Shell script to get email when unauthorized users on our network

ananthkadalur · 09-17-2011, 05:27 AM

Hi..All,
I need a shell script to get an alert with email. when some unauthorized PCs/Laptopts are connected to our network. For that I am trying with commands but still I could not get success. I used fping because it gives the alive machines info within some seconds. I tried these below on ubuntu
"$/usr/bin/fping -g 192.168.0.1 192.168.0.10 -r 1 | grep -v unreachable | awk '{print $1}"
Above command gave the live machine's IP address. Next I tried

"$/usr/bin/fping -g 192.168.0.1 192.168.0.10 -r 1 | grep -v unreachable | awk '{print $1}' | while read output; do /usr/sbin/arp $output | grep -v Address | awk '{print $1 " " $3}' >> ip-mac.txt; done"
Above command made a list of all the live machine's IP with their MAC address.

Now I need a shell script to get their hostname also along with IP and MAC address when their MAC address is not matching with authorized MAC address which is stored in some file and then it should send email to us. Through that we can alert on our network and security.
So could anybody please guide me with your some examples that how can I make the shell script.

David the H. · 09-17-2011, 12:57 PM

Please use [code][/code] tags around your code, to preserve formatting and to improve readability.

I don't have much networking knowledge, so I'm not sure I can help you directly, but I can at least help you clean up your current code. In particular, you almost never need to use grep in combination with awk or sed, as both of the latter have the same kind of pattern-matching built-in.

I'd also break up that incredibly long pipe chain. I'd personally recommend saving the addresses into an array, assuming you're using bash or another shell that supports them. Then you can use a simple for loop to process them.

Code:

#!/bin/bash

hostlist=( $( fping -r 1 -g 192.168.0.1 192.168.0.10 | awk '( $0 !~ /unreach/ ) { print $1 }' ) )

for host in "${hostlist[@]}"; do

     arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt

done

As for your next step, exactly where are you getting hung up? Do you need to know how to get the information you want, or how to match it to the file contents, or what? Please define your problem in more detail.

Finally, sending emails through scripts is a very common activity, and it should be easy for you to find examples of how to do it here or on the web. Just do some searching.

ananthkadalur · 09-18-2011, 12:52 AM

Hi..This is realy super shell shell script. Could u please modify this shell script as by which hostname also will be saved in the ip-mac.txt file along with IP address and MAC address. Meanwhile I will be trying to send email alert when the MAC address are not matching with our LAN MAC address and I'll let you know if I am struggling in somewhere.

Quote:

Originally Posted by David the H.

Please use [code][/code] tags around your code, to preserve formatting and to improve readability.

I don't have much networking knowledge, so I'm not sure I can help you directly, but I can at least help you clean up your current code. In particular, you almost never need to use grep in combination with awk or sed, as both of the latter have the same kind of pattern-matching built-in.

I'd also break up that incredibly long pipe chain. I'd personally recommend saving the addresses into an array, assuming you're using bash or another shell that supports them. Then you can use a simple for loop to process them.

Code:

#!/bin/bash

hostlist=( $( fping -r 1 -g 192.168.0.1 192.168.0.10 | awk '( $0 !~ /unreach/ ) { print $1 }' ) )

for host in "${hostlist[@]}"; do

     arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt

done

As for your next step, exactly where are you getting hung up? Do you need to know how to get the information you want, or how to match it to the file contents, or what? Please define your problem in more detail.

Finally, sending emails through scripts is a very common activity, and it should be easy for you to find examples of how to do it here or on the web. Just do some searching.

David the H. · 09-18-2011, 03:00 AM

Just echo the host variable, without a newline, into the file before the arp command.

Code:

echo -n "$host " >> ip-mac.txt

ananthkadalur · 09-18-2011, 03:44 AM

Could u plz show me the full line that how it should be
I added as below and executed the file.
echo -n "$host" arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
but nothing is there when I cat the ip-mac.txt file.

Then I modified as below and executed the file
echo -n "$host " >> ip-mac.txt | arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
But the content of the ip-mac.txt file is as below
192.168.0.1 192.168.0.2 192.168.0.2 08:00:27:c9:1d:cc
192.168.0.9 192.168.0.9 08:00:27:64:8f:40

I need hostname for example if my PC's hostname is Ananth then it should be Ananth not IP address.
#cat /etc/hostname
Ananth

So could u plz guide me how can we add hostname also in ip-mac.txt file.

Quote:

Originally Posted by David the H.

Just echo the host variable, without a newline, into the file before the arp command.

Code:

echo -n "$host " >> ip-mac.txt

David the H. · 09-19-2011, 11:53 AM

Commands don't read from both stdin and a file at the same time. I said run the echo before the arp command, not pipe it into it. Separate commands.

The first one adds the contents of $host to the file without a newline at the end, which makes the second command add its output to the same line.

Code:

echo -n "$host " >> ip-mac.txt
arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt

If you want the name of the machine that's running the script, just do a similar echo with the $HOSTNAME shell variable. Do it outside of the loop unless you want it more than once. If you need the hostname of one of the other machines then you'll have to figure out the command that gives it to you first.

I think you really need to study up some more on how scripts process commands. Try reading this guide straight through before you do anything else:

http://mywiki.wooledge.org/BashGuide

And again, please use [code][/code] tags around your code, to preserve formatting and to improve readability.

ananthkadalur · 09-19-2011, 11:57 PM

Sir, Thank you very much and thanks for providing some more guidense on bash.

Quote:

Originally Posted by David the H.

Commands don't read from both stdin and a file at the same time. I said run the echo before the arp command, not pipe it into it. Separate commands.

The first one adds the contents of $host to the file without a newline at the end, which makes the second command add its output to the same line.

Code:

echo -n "$host " >> ip-mac.txt
arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt

If you want the name of the machine that's running the script, just do a similar echo with the $HOSTNAME shell variable. Do it outside of the loop unless you want it more than once. If you need the hostname of one of the other machines then you'll have to figure out the command that gives it to you first.

I think you really need to study up some more on how scripts process commands. Try reading this guide straight through before you do anything else:

http://mywiki.wooledge.org/BashGuide

And again, please use [code][/code] tags around your code, to preserve formatting and to improve readability.