Grab the MAC addresses and if 3 exist from list...do not do
We keep having a problem with IT people turning on us after years of service in various locations.
I want to tie the Alarm System & the Server together that if the alarm system is dead the server self-destructs. (Not a problem). But I run into the problem of when NO one tells us the alarm system is deactivated due to some maintenance issue so at these times, we don't want the server in self-destruct mode. arp |awk '{print $3}' Gets a nice pretty list of MAC Addresses all around the building(s) even the DVR & copier(s). If the first program comes back as "self-destruct" I need a program to run and looks to see if 3 of the MAC addresses in the building are still active from that "arp |awk '{print $3}'" list. (Just in case the idiot in charge didn't log or tell us what is going on remotely.) Thanks to all in advanced. |
If I understand this correctly then you would want to use the arping command. But this would only be true if the known IP addresses remain the same. Either that or arping the whole subnet and search for the known MAC address. Interesting concept but I can see a whole slew of problems with this concept for triggering a self destruct. More common is to have an obfuscated code in the server contact a remote server for a license key on a regular basis. Rather than using cron which can be easily traced down, have a script run the at command where the script reschedules itself with the at command. Food for thought anyways.
|
Joseph, I understand your concerns. 99 of the places we service only purchase new equipment from us so once a year or so we will need to cronjob a new list. Most of these people leave all the computers & copiers & printers on all the time; alarm system of course. If a total power outage they are mostly all back on before the server would run this program. Our thief always do on after hours Fridays; by Monday he has done his damage. Many of our clients are Comcast or Uverse... so we can't count of 95%+ uptime.
LIST1=`arp |awk '{print $3}'` LIST2=`/var/log/imaginaryProgram (in plain view to anyone but a Linux expert) |
"Rather than using cron which can be easily traced down, have a script run the at command where the script reschedules itself with the at command."
Okay I am interested in this? I attach "secret programs" in common executed programs and some in plain view in Cron. I would love to know how to put one of my secret programs in Squid that on the 1000th spawning it would execute. But I like any new way to hide stuff! |
Ah, a better understanding or arp to help explain. For some stupid reason I can not get the arp function to work on my test server, gah! Any case, arp by itself is cached information, not real time. You said you needed to know specifically if the connection was live online or not. This is where you would need to use the arping tools. Now personally, my experience with this was for locating two devices on the same network with the same IP. Wrong IP allocation, IP theft kind of thing. So with arping, you get a MAC address response from any IP address not local to the system running arping rather than an ICPM reply. At least as far as I know, you have to ping an IP address to get a MAC address response in real time. Other than that, I think the only method of getting active mac addresses would be to poll the network switch if it has that particular function in its management. I.E. High end managed switches. However even on managed switches, some models just give caches information with a delay time of around 10 ~ 30 minutes between updates.
|
I didn't know ARP was on a delay but even then this would be fine the IT person is driving the server to his house and returning it Sunday.
|
This is what ARP output looks like
HWaddress 00:22:2D:32:06:EE 94:DE:80:2B:F9:80 00:22:2D:32:06:EE etc. without the smiley face I guess (colon D ) is smiley. |
So then it sounds like you need a conditional if statement to build your script with.
say x = some mac address or x1 x2 x3 being multiple addresses then have y be from what ever you are using to check if the mac address is present != meaning does not equal self_destruct(){ #some command to self destruct } if [ $x != y ] then self_destruct; fi or say you need all three in a row you need the and statement of && if [ $x1 != y ] && [ $x2 != y ] && [ $x3 != y ] then self_destruct; fi or any one of three you need the or statement of || if [ $x1 != y ] || [ $x2 != y ] || [ $x3 != y ] then self_destruct; fi I am not certain, is this what you are looking for? |
I think I need a little more crunching.
Maybe I need to state this differently. LIST1= this would be from ARP like below (but a few months old): HWaddress 00:22:2D:32:06:EE 94:3E:80:2B:F9:80 00:22:2D:32:06:EE & 5-20 more MACs. LIST2 would be the current output of ARP. I need to compare LIST1 to LIST2 if they contain at least 3 matches... then NO self destruct. |
Well you do not want it triggered because someone rebooted something or just one device got replaced, or a new device got added, so you need at least more than one trigger. Looks like this needs to have data files as well rather than raw variables. This will give you a raw idea but will need some tweaking I am sure.
So first you want to sort the data so that they are easier to parse. cat FILE1 | sort > FILE3 cat FILE2 | sort > FILE4 rm FILE1 FILE2 mv FILE3 FILE1 mv FILE4 FILE2 That kind of thing, you get the idea. FILE1 old data FILE2 new data Then compare the difference between the two. I think though this is a bit more than what I would want to try to use with the diff command and regex. Parse it with loops an grep is my personal choice in this matter. Code:
|
Thanks you; this looks beyond my abilities at present but I will go grab some data Monday and give it a whirl. I think I am going to call my week DONE. I would not need this if I have 2 constants in each building. The alarm system is one for sure.
Any way to read a NON managed switch for any kind of useful info; I have lots of these in the buildings? I am going to Google now. Thanks again. |
Quote:
|
All times are GMT -5. The time now is 04:49 PM. |