Bug#427759: arpalert: please install send_alert.pl with sane defaults

Wed, 06 Jun 2007 00:28:50 -0700 

Package: arpalert
Version: 2.0.5-1
Severity: wishlist
Tags: patch

Hi,

It would be nice if
/usr/share/doc/arpalert/examples/scripts/contribs/send_alert.pl got
installed as /usr/share/arpalert/send_alert.pl, and if using it would
not require manually editing the script to fix the sender and receiver's
email adress.  I don't like to have to maintain extra code when I'm
using packaged software.

Anyway, this code does fix it:

 open(MAILNAME, "</etc/mailname") or die "can't open /etc/mailname";
 $mailname = <MAILNAME>;
 chomp $mailname;
 $mail{From} = 'ARP Alert <arpalert@' . "$mailname>";
 $mail{To}   = 'root <root@' . "$mailname>";

.

Attached is the complete script as I'm using it now; it also does a DNS
lookup of the IP adress.

Thanks, Bye,

Joost

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-k7 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages arpalert depends on:
ii  adduser                       3.102      Add and remove users and groups
ii  libc6                         2.5-7      GNU C Library: Shared libraries
ii  libpcap0.8                    0.9.5-1    System interface for user-level pa

arpalert recommends no packages.

-- no debconf information

#!/usr/bin/perl -w

# Set
#  action on detect = "/path/to/send_alert.pl"
# in /etc/arpalert/arpalert.conf to enable this script.

#
# This script is using Mail::Sendmail
# Web site: http://alma.ch/perl/mail.html#Mail::Sendmail
#
# Arguments sent by ArpAlert are :
# 1 : MAC Address
# 2 : IP Address
# 3 : supp (used with unathrq alert)
# 4 : Type of alert (cf arpalert.conf)
#

use Mail::Sendmail;
use Socket; # for inet_aton()

# Intruder MAC address
$intruder_MAC = $ARGV[0];

# Intruder IP address
$intruder_IP = $ARGV[1];

# Alert Type
$intruder_AlertType = $ARGV[3] or die "4 arguments needed";

open(MAILNAME, "</etc/mailname") or die "can't open /etc/mailname";
$mailname = <MAILNAME>;
chomp $mailname;

$mail{From} = 'ARP Alert <arpalert@' . "$mailname>";

# Separate multi receiver by coma (,)
# $mail{To}   = 'Mail 1 <[EMAIL PROTECTED]>, Mail 2 <[EMAIL PROTECTED]>';
$mail{To}   = "root <root@" . "$mailname>";

# SMTP server / IP or DNS name
# $server = 'smtp.domain.com';
$server = 'localhost';

if ($server) {
        $mail{Smtp} = $server;
        print "Server set to: $server\n";
}

$iaddr = inet_aton($intruder_IP) || "";
$intruder_Name = gethostbyaddr($iaddr, AF_INET) || "";

# Subject
$mail{Subject} = "[Warning] Intrusion Detection [Warning]";

# Body
$mail{Message} = "/!\\ Intruder Detected /!\\\n\n";
$mail{Message} .= "Intrusion time stamp : " . Mail::Sendmail::time_to_date() . 
"\n\n";
$mail{Message} .= "Intruder FQDN : $intruder_Name\n";
$mail{Message} .= "Intruder IP Address : $intruder_IP\n";
$mail{Message} .= "Intruder MAC Address : $intruder_MAC\n";
$mail{Message} .= "Type of alert : $intruder_AlertType\n";

# Send Alert
if (sendmail %mail) {
        print "content of \$Mail::Sendmail::log:\n$Mail::Sendmail::log\n";
        if ($Mail::Sendmail::error) {
                print "content of 
\$Mail::Sendmail::error:\n$Mail::Sendmail::error\n";
        }
        print "ok 2\n";
}
else {
        print "\n!Error sending mail:\n$Mail::Sendmail::error\n";
        print "not ok 2\n";
}

Attachment: signature.asc
Description: Digital signature

Reply via email to