Package: arpalert Version: 2.0.5-1 Severity: wishlist Tags: patch Hi,
It would be nice if /usr/share/doc/arpalert/examples/scripts/contribs/send_alert.pl got installed as /usr/share/arpalert/send_alert.pl, and if using it would not require manually editing the script to fix the sender and receiver's email adress. I don't like to have to maintain extra code when I'm using packaged software. Anyway, this code does fix it: open(MAILNAME, "</etc/mailname") or die "can't open /etc/mailname"; $mailname = <MAILNAME>; chomp $mailname; $mail{From} = 'ARP Alert <arpalert@' . "$mailname>"; $mail{To} = 'root <root@' . "$mailname>"; . Attached is the complete script as I'm using it now; it also does a DNS lookup of the IP adress. Thanks, Bye, Joost -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-k7 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages arpalert depends on: ii adduser 3.102 Add and remove users and groups ii libc6 2.5-7 GNU C Library: Shared libraries ii libpcap0.8 0.9.5-1 System interface for user-level pa arpalert recommends no packages. -- no debconf information
#!/usr/bin/perl -w # Set # action on detect = "/path/to/send_alert.pl" # in /etc/arpalert/arpalert.conf to enable this script. # # This script is using Mail::Sendmail # Web site: http://alma.ch/perl/mail.html#Mail::Sendmail # # Arguments sent by ArpAlert are : # 1 : MAC Address # 2 : IP Address # 3 : supp (used with unathrq alert) # 4 : Type of alert (cf arpalert.conf) # use Mail::Sendmail; use Socket; # for inet_aton() # Intruder MAC address $intruder_MAC = $ARGV[0]; # Intruder IP address $intruder_IP = $ARGV[1]; # Alert Type $intruder_AlertType = $ARGV[3] or die "4 arguments needed"; open(MAILNAME, "</etc/mailname") or die "can't open /etc/mailname"; $mailname = <MAILNAME>; chomp $mailname; $mail{From} = 'ARP Alert <arpalert@' . "$mailname>"; # Separate multi receiver by coma (,) # $mail{To} = 'Mail 1 <[EMAIL PROTECTED]>, Mail 2 <[EMAIL PROTECTED]>'; $mail{To} = "root <root@" . "$mailname>"; # SMTP server / IP or DNS name # $server = 'smtp.domain.com'; $server = 'localhost'; if ($server) { $mail{Smtp} = $server; print "Server set to: $server\n"; } $iaddr = inet_aton($intruder_IP) || ""; $intruder_Name = gethostbyaddr($iaddr, AF_INET) || ""; # Subject $mail{Subject} = "[Warning] Intrusion Detection [Warning]"; # Body $mail{Message} = "/!\\ Intruder Detected /!\\\n\n"; $mail{Message} .= "Intrusion time stamp : " . Mail::Sendmail::time_to_date() . "\n\n"; $mail{Message} .= "Intruder FQDN : $intruder_Name\n"; $mail{Message} .= "Intruder IP Address : $intruder_IP\n"; $mail{Message} .= "Intruder MAC Address : $intruder_MAC\n"; $mail{Message} .= "Type of alert : $intruder_AlertType\n"; # Send Alert if (sendmail %mail) { print "content of \$Mail::Sendmail::log:\n$Mail::Sendmail::log\n"; if ($Mail::Sendmail::error) { print "content of \$Mail::Sendmail::error:\n$Mail::Sendmail::error\n"; } print "ok 2\n"; } else { print "\n!Error sending mail:\n$Mail::Sendmail::error\n"; print "not ok 2\n"; }
signature.asc
Description: Digital signature