LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-17-2011, 06:27 AM   #1
ananthkadalur
Member
 
Registered: Mar 2011
Posts: 38

Rep: Reputation: 0
Shell script to get email when unauthorized users on our network


Hi..All,
I need a shell script to get an alert with email. when some unauthorized PCs/Laptopts are connected to our network. For that I am trying with commands but still I could not get success. I used fping because it gives the alive machines info within some seconds. I tried these below on ubuntu
"$/usr/bin/fping -g 192.168.0.1 192.168.0.10 -r 1 | grep -v unreachable | awk '{print $1}"
Above command gave the live machine's IP address. Next I tried

"$/usr/bin/fping -g 192.168.0.1 192.168.0.10 -r 1 | grep -v unreachable | awk '{print $1}' | while read output; do /usr/sbin/arp $output | grep -v Address | awk '{print $1 " " $3}' >> ip-mac.txt; done"
Above command made a list of all the live machine's IP with their MAC address.

Now I need a shell script to get their hostname also along with IP and MAC address when their MAC address is not matching with authorized MAC address which is stored in some file and then it should send email to us. Through that we can alert on our network and security.
So could anybody please guide me with your some examples that how can I make the shell script.

Last edited by ananthkadalur; 09-17-2011 at 06:36 AM. Reason: Heading correction
 
Old 09-17-2011, 01:57 PM   #2
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
Please use [code][/code] tags around your code, to preserve formatting and to improve readability.

I don't have much networking knowledge, so I'm not sure I can help you directly, but I can at least help you clean up your current code. In particular, you almost never need to use grep in combination with awk or sed, as both of the latter have the same kind of pattern-matching built-in.

I'd also break up that incredibly long pipe chain. I'd personally recommend saving the addresses into an array, assuming you're using bash or another shell that supports them. Then you can use a simple for loop to process them.

Code:
#!/bin/bash

hostlist=( $( fping -r 1 -g 192.168.0.1 192.168.0.10 | awk '( $0 !~ /unreach/ ) { print $1 }' ) )

for host in "${hostlist[@]}"; do

     arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt

done
As for your next step, exactly where are you getting hung up? Do you need to know how to get the information you want, or how to match it to the file contents, or what? Please define your problem in more detail.

Finally, sending emails through scripts is a very common activity, and it should be easy for you to find examples of how to do it here or on the web. Just do some searching.

Last edited by David the H.; 09-17-2011 at 02:02 PM. Reason: minor fix
 
Old 09-18-2011, 01:52 AM   #3
ananthkadalur
Member
 
Registered: Mar 2011
Posts: 38

Original Poster
Rep: Reputation: 0
Shell script to get email when unauthorized users on our network

Hi..This is realy super shell shell script. Could u please modify this shell script as by which hostname also will be saved in the ip-mac.txt file along with IP address and MAC address. Meanwhile I will be trying to send email alert when the MAC address are not matching with our LAN MAC address and I'll let you know if I am struggling in somewhere.


Quote:
Originally Posted by David the H. View Post
Please use [code][/code] tags around your code, to preserve formatting and to improve readability.

I don't have much networking knowledge, so I'm not sure I can help you directly, but I can at least help you clean up your current code. In particular, you almost never need to use grep in combination with awk or sed, as both of the latter have the same kind of pattern-matching built-in.

I'd also break up that incredibly long pipe chain. I'd personally recommend saving the addresses into an array, assuming you're using bash or another shell that supports them. Then you can use a simple for loop to process them.

Code:
#!/bin/bash

hostlist=( $( fping -r 1 -g 192.168.0.1 192.168.0.10 | awk '( $0 !~ /unreach/ ) { print $1 }' ) )

for host in "${hostlist[@]}"; do

     arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt

done
As for your next step, exactly where are you getting hung up? Do you need to know how to get the information you want, or how to match it to the file contents, or what? Please define your problem in more detail.

Finally, sending emails through scripts is a very common activity, and it should be easy for you to find examples of how to do it here or on the web. Just do some searching.
 
Old 09-18-2011, 04:00 AM   #4
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
Just echo the host variable, without a newline, into the file before the arp command.
Code:
echo -n "$host " >> ip-mac.txt
 
1 members found this post helpful.
Old 09-18-2011, 04:44 AM   #5
ananthkadalur
Member
 
Registered: Mar 2011
Posts: 38

Original Poster
Rep: Reputation: 0
Shell script to get email when unauthorized users on our network

Could u plz show me the full line that how it should be
I added as below and executed the file.
echo -n "$host" arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
but nothing is there when I cat the ip-mac.txt file.

Then I modified as below and executed the file
echo -n "$host " >> ip-mac.txt | arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
But the content of the ip-mac.txt file is as below
192.168.0.1 192.168.0.2 192.168.0.2 08:00:27:c9:1d:cc
192.168.0.9 192.168.0.9 08:00:27:64:8f:40

I need hostname for example if my PC's hostname is Ananth then it should be Ananth not IP address.
#cat /etc/hostname
Ananth

So could u plz guide me how can we add hostname also in ip-mac.txt file.


Quote:
Originally Posted by David the H. View Post
Just echo the host variable, without a newline, into the file before the arp command.
Code:
echo -n "$host " >> ip-mac.txt
 
Old 09-19-2011, 12:53 PM   #6
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
Commands don't read from both stdin and a file at the same time. I said run the echo before the arp command, not pipe it into it. Separate commands.

The first one adds the contents of $host to the file without a newline at the end, which makes the second command add its output to the same line.

Code:
echo -n "$host " >> ip-mac.txt
arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
If you want the name of the machine that's running the script, just do a similar echo with the $HOSTNAME shell variable. Do it outside of the loop unless you want it more than once. If you need the hostname of one of the other machines then you'll have to figure out the command that gives it to you first.


I think you really need to study up some more on how scripts process commands. Try reading this guide straight through before you do anything else:

http://mywiki.wooledge.org/BashGuide

And again, please use [code][/code] tags around your code, to preserve formatting and to improve readability.

Last edited by David the H.; 09-19-2011 at 12:57 PM. Reason: minor edits
 
2 members found this post helpful.
Old 09-20-2011, 12:57 AM   #7
ananthkadalur
Member
 
Registered: Mar 2011
Posts: 38

Original Poster
Rep: Reputation: 0
Shell script to get email when unauthorized users on our network

Sir, Thank you very much and thanks for providing some more guidense on bash.

Quote:
Originally Posted by David the H. View Post
Commands don't read from both stdin and a file at the same time. I said run the echo before the arp command, not pipe it into it. Separate commands.

The first one adds the contents of $host to the file without a newline at the end, which makes the second command add its output to the same line.

Code:
echo -n "$host " >> ip-mac.txt
arp "$host" | awk '( NR != 1 ) { print $1,$3 }' >>ip-mac.txt
If you want the name of the machine that's running the script, just do a similar echo with the $HOSTNAME shell variable. Do it outside of the loop unless you want it more than once. If you need the hostname of one of the other machines then you'll have to figure out the command that gives it to you first.


I think you really need to study up some more on how scripts process commands. Try reading this guide straight through before you do anything else:

http://mywiki.wooledge.org/BashGuide

And again, please use [code][/code] tags around your code, to preserve formatting and to improve readability.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
two mac address of one machine av.dubey Linux - Newbie 1 11-28-2008 04:21 AM
How to find an IP address from the MAC address of a remote machine ? jitz Linux - General 3 01-03-2006 08:55 AM
How to find IP address of a machine if I know their MAC Address dysenteryduke Linux - Networking 13 09-12-2005 11:21 AM
how to get ip address, broadcast address, mac address of a machine sumeshstar Programming 2 03-12-2005 05:33 AM
Shell script for insert ip address into an ordered list of IPs inTrouble? Linux - Newbie 2 10-27-2003 03:21 AM


All times are GMT -5. The time now is 12:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration