Commit 7560f05a authored by Vincent Le gallic's avatar Vincent Le gallic

[arpwatch] On n'envoie pas de mail pour les évènement inintéressants.

parent cb58f8f6
...@@ -5,4 +5,4 @@ ...@@ -5,4 +5,4 @@
/etc/init.d/netacct-crans-sixxs2 restart /etc/init.d/netacct-crans-sixxs2 restart
/etc/init.d/firewall6 restart /etc/init.d/firewall6 restart
/usr/sbin/monit monitor netacct-crans-sixxs2 #/usr/sbin/monit monitor netacct-crans-sixxs2
...@@ -361,7 +361,7 @@ def ressuscite(adh, oldmachine): ...@@ -361,7 +361,7 @@ def ressuscite(adh, oldmachine):
except EnvironmentError, c: err += c.args[0] + '\n' except EnvironmentError, c: err += c.args[0] + '\n'
elif len(c.args)>1 and c.args[1] == 3 and isadm: elif len(c.args)>1 and c.args[1] == 3 and isadm:
# Mac douteuse # Mac douteuse
no, res = dlg.yesno(text=u"L\'adresse MAC ne correspond à aucun constructeur, continuer ?", no = dlg.yesno(text=u"L\'adresse MAC ne correspond à aucun constructeur, continuer ?",
title=u"Adresse MAC") title=u"Adresse MAC")
if not no: if not no:
try: machine.mac(str(oldmachine.mac()), 1) try: machine.mac(str(oldmachine.mac()), 1)
......
...@@ -76,8 +76,7 @@ COMMANDES = { ...@@ -76,8 +76,7 @@ COMMANDES = {
'/etc/init.d/postfix restart', '/etc/init.d/postfix restart',
], ],
'komaz': [ 'komaz': [
'/etc/init.d/aiccu restart', '/usr/bin/monit start netacct-crans-sixxs2',
'/usr/bin/monit monitor netacct-crans-sixxs2',
], ],
}.get(HOSTNAME, []) }.get(HOSTNAME, [])
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Ajout d'un whos et d'un tracage aux mails d'arpwatch # Ajout d'un whos et d'un tracage aux mails d'arpwatch
# Auteurs : Stéphane Glondu, Cyril Cohen, Daniel STAN, Valentin Samir # Auteurs : Stéphane Glondu, Cyril Cohen, Daniel STAN, Valentin Samir, Vincent Le Gallic
# Licence : GPLv2 # Licence : GPLv2
from __future__ import print_function from __future__ import print_function
...@@ -14,7 +14,7 @@ import common ...@@ -14,7 +14,7 @@ import common
sys.path.append('/usr/scripts') sys.path.append('/usr/scripts')
from gestion.tools.locate_mac import trace_machine, format_mac, info_machine from gestion.tools.locate_mac import trace_machine, format_mac, info_machine
from gestion.config import NETs import gestion.config
from gestion.iptools import AddrInNets from gestion.iptools import AddrInNets
from utils.sendmail import sendmail from utils.sendmail import sendmail
...@@ -26,7 +26,14 @@ if not recipients: ...@@ -26,7 +26,14 @@ if not recipients:
find_mac = re.compile(r'[0-9A-Fa-f]{1,2}(?::[0-9A-Fa-f]{1,2}){5}') find_mac = re.compile(r'[0-9A-Fa-f]{1,2}(?::[0-9A-Fa-f]{1,2}){5}')
find_ip = re.compile(r'[0-9]{1,3}(?:\.[0-9]{1,3}){3}') find_ip = re.compile(r'[0-9]{1,3}(?:\.[0-9]{1,3}){3}')
arpwatched_net = NETs['all'] + NETs['adm'] + NETs['accueil'] + NETs['isolement'] + NETs['personnel-ens'] + NETs['evenementiel'] #: Regexp pour matcher l'interface.
#: Ne matche pas toutes les interface (si un jour eth1 poppe),
#: Mais de toutes façons on ne drope que des interfaces qu'on a réussi à identifier
find_iface = re.compile(r'eth0(?:\.[0-9]+)?')
arpwatched_nets = sum([gestion.config.NETs[nom] for nom in ['all', 'adm', 'accueil', 'isolement', 'personnel-ens', 'evenementiel']], [])
#: VLANS dont on ignore les "new station"/"new activity" *si elles ont une ip correspondant au vlan*
ignored_vlans = ['accueil', 'wifi']
def get_machine(unformated_mac): def get_machine(unformated_mac):
"""Renvoie les informations sur la machine à partir de sa mac""" """Renvoie les informations sur la machine à partir de sa mac"""
...@@ -39,6 +46,37 @@ def get_subject(headers_list): ...@@ -39,6 +46,37 @@ def get_subject(headers_list):
return line[9:].strip() return line[9:].strip()
return None return None
def drop_report(subject, ip):
"""Détermine à partir du ``subject`` du mail
si il n'est pas nécessaire d'envoyer une notification pour cet évènement.
Renvoie ``True`` si il faut le dropper.
"""
# On récupère l'interface et l'ip dans le sujet
ifaces = find_iface.findall(subject)
iface = ifaces[0] if ifaces else None
if not iface is None:
# On détermine le vlan
vlans = re.findall(r"\.([^\.]*)$", iface)
try:
vlan = int(vlans[0]) if vlans else None
except ValueError:
vlan = None
ips = find_ip.findall(subject)
ip = ips[0] if ips else None
#print("%r, %r" % (ip, iface))
#print(arpwatched_nets)
if u"new station" in subject or "new activity" in subject:
if not vlan is None:
vlannames = [k for (k,v) in gestion.config.vlans.iteritems() if v == vlan]
#print("vlannames : %r" % vlannames)
if vlannames and vlannames[0] in ignored_vlans:
#print("%r in %r ?" % (ip, gestion.config.NETs[vlannames[0]]))
if AddrInNets(ip, gestion.config.NETs[vlannames[0]]):
# On ignore les new station dont l'IP est sur le bon vlan
return True
return False
def report(texte, fallback=False): def report(texte, fallback=False):
"""Envoi d'un rapport""" """Envoi d'un rapport"""
textes = texte.splitlines(True) textes = texte.splitlines(True)
...@@ -59,8 +97,8 @@ def report(texte, fallback=False): ...@@ -59,8 +97,8 @@ def report(texte, fallback=False):
ip = set(find_ip.findall(texte)).pop() ip = set(find_ip.findall(texte)).pop()
except KeyError: except KeyError:
ip = None ip = None
# On complète le message # On complète le message seulement en cas de flip flop
if u'flip flop' in subject and ip is not None and AddrInNets(ip, arpwatched_net): if u'flip flop' in subject and ip is not None and AddrInNets(ip, arpwatched_nets):
try: try:
macs = find_mac.findall(texte) macs = find_mac.findall(texte)
for mac in macs: for mac in macs:
...@@ -75,7 +113,7 @@ def report(texte, fallback=False): ...@@ -75,7 +113,7 @@ def report(texte, fallback=False):
textes.append(u'\n-- \narpwatch_sendmail.py\n') textes.append(u'\n-- \narpwatch_sendmail.py\n')
out = ''.join(textes) out = ''.join(textes)
if recipients: if recipients and not drop_report():
sendmail(u"arpwatch@crans.org", recipients, subject, out, sendmail(u"arpwatch@crans.org", recipients, subject, out,
more_headers = { more_headers = {
'X-Mailer': __file__, 'X-Mailer': __file__,
......
...@@ -128,10 +128,10 @@ class CASAuth(BaseAuth): ...@@ -128,10 +128,10 @@ class CASAuth(BaseAuth):
session_service.destroy_session(request, session) session_service.destroy_session(request, session)
# authenticated user # authenticated user
if not force and user_obj and user_obj.valid: #if not force and user_obj and user_obj.valid:
if self.action == action: # if self.action == action:
request.http_redirect(url) # request.http_redirect(url)
return user_obj, True # return user_obj, True
if self.ticket_path and request.method == 'POST': if self.ticket_path and request.method == 'POST':
logoutRequest=request.form.get('logoutRequest', None) logoutRequest=request.form.get('logoutRequest', None)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment