Grab the MAC addresses and if 3 exist from list...do not do
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Grab the MAC addresses and if 3 exist from list...do not do
We keep having a problem with IT people turning on us after years of service in various locations.
I want to tie the Alarm System & the Server together that if the alarm system is dead the server self-destructs. (Not a problem).
But I run into the problem of when NO one tells us the alarm system is deactivated due to some maintenance issue so at these times, we don't want the server in self-destruct mode.
arp |awk '{print $3}'
Gets a nice pretty list of MAC Addresses all around the building(s) even the DVR & copier(s).
If the first program comes back as "self-destruct" I need a program to run and looks to see if 3 of the MAC addresses in the building are still active from that "arp |awk '{print $3}'" list. (Just in case the idiot in charge didn't log or tell us what is going on remotely.)
If I understand this correctly then you would want to use the arping command. But this would only be true if the known IP addresses remain the same. Either that or arping the whole subnet and search for the known MAC address. Interesting concept but I can see a whole slew of problems with this concept for triggering a self destruct. More common is to have an obfuscated code in the server contact a remote server for a license key on a regular basis. Rather than using cron which can be easily traced down, have a script run the at command where the script reschedules itself with the at command. Food for thought anyways.
Joseph, I understand your concerns. 99 of the places we service only purchase new equipment from us so once a year or so we will need to cronjob a new list. Most of these people leave all the computers & copiers & printers on all the time; alarm system of course. If a total power outage they are mostly all back on before the server would run this program. Our thief always do on after hours Fridays; by Monday he has done his damage. Many of our clients are Comcast or Uverse... so we can't count of 95%+ uptime.
LIST1=`arp |awk '{print $3}'`
LIST2=`/var/log/imaginaryProgram (in plain view to anyone but a Linux expert)
Ah, a better understanding or arp to help explain. For some stupid reason I can not get the arp function to work on my test server, gah! Any case, arp by itself is cached information, not real time. You said you needed to know specifically if the connection was live online or not. This is where you would need to use the arping tools. Now personally, my experience with this was for locating two devices on the same network with the same IP. Wrong IP allocation, IP theft kind of thing. So with arping, you get a MAC address response from any IP address not local to the system running arping rather than an ICPM reply. At least as far as I know, you have to ping an IP address to get a MAC address response in real time. Other than that, I think the only method of getting active mac addresses would be to poll the network switch if it has that particular function in its management. I.E. High end managed switches. However even on managed switches, some models just give caches information with a delay time of around 10 ~ 30 minutes between updates.
So then it sounds like you need a conditional if statement to build your script with.
say x = some mac address
or x1 x2 x3 being multiple addresses
then have y be from what ever you are using to check if the mac address is present
!= meaning does not equal
self_destruct(){
#some command to self destruct
}
if [ $x != y ] then self_destruct; fi
or say you need all three in a row you need the and statement of &&
if [ $x1 != y ] && [ $x2 != y ] && [ $x3 != y ] then self_destruct; fi
or any one of three you need the or statement of ||
if [ $x1 != y ] || [ $x2 != y ] || [ $x3 != y ] then self_destruct; fi
I am not certain, is this what you are looking for?
Well you do not want it triggered because someone rebooted something or just one device got replaced, or a new device got added, so you need at least more than one trigger. Looks like this needs to have data files as well rather than raw variables. This will give you a raw idea but will need some tweaking I am sure.
So first you want to sort the data so that they are easier to parse.
Then compare the difference between the two. I think though this is a bit more than what I would want to try to use with the diff command and regex. Parse it with loops an grep is my personal choice in this matter.
Code:
TEST1=$(cat FILE1| wc -l)
TEST2=$(for i in $(cat FILE1) ; do grep $i FILE2 ; done |wc -l)
TEST3=$(for i in $(cat FILE2) ; do grep $i FILE1 ; done |wc -l)
THRESHOLD1=3
THRESHOLD2=(-3)
TEST3=$(echo "scale=10; $TEST1-$TEST2 " | bc -lq)
TEST4=$(echo "scale=10; $TEST1-$TEST3 " | bc -lq)
if [ $TEST3 >= $THRESHOLD1 ] || [ $TEST3 <= $THRESHOLD2 ] || [ $TEST4 >= $THRESHOLD1 ] || [ $TEST4 <= $THRESHOLD2 ]; then SELF_DESTRUCT; fi
Lets see if that gets you further along on this project.
Thanks you; this looks beyond my abilities at present but I will go grab some data Monday and give it a whirl. I think I am going to call my week DONE. I would not need this if I have 2 constants in each building. The alarm system is one for sure.
Any way to read a NON managed switch for any kind of useful info; I have lots of these in the buildings? I am going to Google now. Thanks again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.