I've got a script who looks for change of a MAC-address on
LAN cards of my clients and put it in a fail if there is a
change.
Firts I made static ARP table in /etc/ehters it looks like this
-------------
mac address hostname
mac address hostname
-------------
Afer this make arp -s -f
and this is the script
##############################
#!/usr/bin/perl
# catching the info for the MAC addresses
$ipmc = `/sbin/arp -n | grep ether`;
@ipmc = split("\n", $ipmc);
foreach $str (@ipmc) {
s/\t/ /g;
@strng = split(" ", $str);
$ip_mac{$strng[0]} = $strng[2];
}
# Read the file withe the static MAC addresses
$ipmc = `cat /etc/ethers`;
@ipmc = split("\n", $ipmc);
foreach $str (@ipmc) {
($mac_def, $ip_def) = split("\t", $str);
$ip_fix{$ip_def} = $mac_def;
$ipfixip{$mac_def} = $ip_def;
}
# Check if there is a difference withe the static ones
# and the real MAC addresses
$set_err = 0;
foreach $ip (sort keys %ip_mac) {
if ($ip_mac{$ip} ne $ip_fix{$ip}) {
$ip_lamer{$ip} = $ip_mac{$ip};
$set_err = 1;
}
}
# Put it in a fail
if ($set_err ne 0) {
$dttoday = `date`;
chop($dttoday);
open (BADUSER, ">>/var/httpd/html/private/badusers");
foreach $ip (sort keys %ip_lamer) {
$madmac = $ip_fix{$ip};
print (BADUSER
"$dttoday\t$ipfixip{$madmac}\t$ip_lamer{$ip}\t$ip\n");
print "Defined lame user.\n $dttoday\nFrom:
$ipfixip{$madmac}\nMAC:$ip_lamer{$ip}\nTo: $ip\n";
}
close BADUSER;
}
####################################################
That is it.
Sorry 4 my broken english
For me seems everything to be Ok but it's not working :<
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
