DSCAlarm:Router:Scripts
Jump to navigation
Jump to search
Scripts
Start Up
S15serial
- Location: /etc/init.d/S15serial
- Purpose: To initialize /dev/tts/1 for serial communications with the DSC alarm panel (IT-100).
#!/bin/sh setserial /dev/tts/1 irq 3 stty -F /dev/tts/1 speed 9600 -parenb -parodd cs8 -hupcl -cstopb cread clocal -crtscts ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl ixon ixoff -iuclc -ixany -imaxbel -opost -olcuc -ocrnl -onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 -isig -icanon -iexten -echo -echoe -echok -echonl-noflsh -xcase -tostop -echoprt -echoctl -echoke
S55knockd
- Location: /etc/init.d/S55knockd
- Purpose: To block ssh unless the "special" knock sequence is used.
#!/bin/sh iptables -I input_rule --protocol tcp --dport 22 --jump DROP knockd -i br0 -d
S61datetime
- Location: /etc/init.d/S61datetime
- Purpose: Help keep data and time in sync.
#!/bin/sh # Date-Time by Frank Cardoza (Who needs NTP Client... blah!) rdate time.mit.edu & rdate tick.greyware.com & rdate utcnist.colorado.edu &
Config Files
knockd.conf
- Location: /etc/knockd.conf
- Purpose: Define the knock sequence and to launch the script that opens/closes the ssh port.
NOTE: The sequence needs to be changed to the TCP ports you want to use for the knock sequence.
[options]
logfile = /var/log/knockd.log
[openSSHALL]
sequence = 1,2,3
seq_timeout = 5
command = /sbin/flc/allowssh.sh
tcpflags = syn
[openSSH]
sequence = 1,2,4
seq_timeout = 5
command = /sbin/flc/allowssh.sh %IP%
tcpflags = syn
smb.conf
- Locaion: /etc/samba/smb.conf
- Purpose: To share files with rest of local network.
[global] syslog = 0 syslog only = yes workgroup = Mshome server string = Samba Server security = share encrypt passwords = yes guest account = nobody local master = yes name resolve order = lmhosts hosts bcast [tmp] comment = /tmp path = /tmp browseable = yes public = yes writeable = no [share] comment = share path = /mnt/disc0_1 browseable = yes public = yes writeable = no
Binaries
- TODO* Document DSC alarm binaries
Misc
allowssh.sh
- Locaion: /sbin/flc/allowssh.sh
- Purpose: To open the ssh port and close it again after 30 seconds.
#!/bin/sh if [ "$1" != "" ]; then echo Allowing SSH for $1... >> /tmp/ssh.log iptables -I input_rule -s $1 --protocol tcp --dport 22 --jump ACCEPT sleep 30 echo Closing SSH for $1... >> /tmp/ssh.log iptables -D input_rule -s $1 --protocol tcp --dport 22 --jump ACCEPT else echo Allowing SSH for ALL... >> /tmp/ssh.log iptables -I input_rule --protocol tcp --dport 22 --jump ACCEPT sleep 30 echo Closing SSH for ALL... >> /tmp/ssh.log iptables -D input_rule --protocol tcp --dport 22 --jump ACCEPT fi
arpXBox360.sh
- Locaion: /sbin/flc/arpXBox360.sh
- Purpose: Yes, I'm a meanie... get over it! My son kept playing the XBOX 360 when he was supposed to be doing school work. Sadly this script is the only thing that keeps him honest. Hopefully someday his word will carry more weight ;-).
#!/bin/sh
tResult=`arping -f xbox360 -I br0 -c 1`
tCount=`echo $tResult | grep "Received 0 reply" | wc -l`
if [ $tCount -eq 0 ]; then
tMAC=`echo $tResult | awk '{ print $12 }'`
tDateTime=`date`
echo "XBOX360: $tDateTime - $tMAC" >> /tmp/xbox360.log
echo 1 > /proc/diag/led/ses_orange
fi
tResult=`arping -f xbox -I br0 -c 1`
tCount=`echo $tResult | grep "Received 0 reply" | wc -l`
if [ $tCount -eq 0 ]; then
tMAC=`echo $tResult | awk '{ print $12 }'`
tDateTime=`date`
echo "XBOX1: $tDateTime - $tMAC" >> /tmp/xbox360.log
echo 1 > /proc/diag/led/ses_orange
fi
backup.sh
- Locaion: /sbin/flc/backup.sh
- Purpose: Moves the dsc.log file to a backup server while renaming it to maintain a history of logs.
#!/bin/sh rsync -av -e "ssh -i /sbin/flc/backup.key" /tmp/dsc.log siren@griffin:/share/alarm_logs/dsc.log.`date "+%Y_%m_%d"` echo "***Rotated on `date`***" > /tmp/dsc.log
checkarp.sh
- Location: /sbin/flc/checkarp.sh
- Purpose: Map out network. Mostly it was the beginnings of arpXBox360.sh.
#!/bin/sh
tIP=`nvram get lan_ipaddr | cut -f 1-3 -d .`
for tIPX in $(seq 1 254)
do
# echo $tIP$tIPX
tResult=`arping -f $tIP.$tIPX -I br0 -c 1`
tCount=`echo $tResult | grep "Received 0 reply" | wc -l`
if [ $tCount -eq 0 ]; then
tMAC=`echo $tResult | awk '{ print $12 }'`
echo "$tIP.$tIPX - $tMAC"
fi
done
checknetwork.sh
- Location: /sbin/flc/checkarp.sh
- Purpose: Map out network and to look for undocumented devices on the network. Derivative of checkarp.sh.
#!/bin/sh
tIP="192.168.0."
tFoundUnknowns=0
echo "Checking $tIP#" > /tmp/lastcheckarp.txt
echo "---------------------------------------------------------" >> /tmp/lastch
for tIPX in $(seq 1 254)
do
tResult=`arping -f $tIP$tIPX -I br0 -c 1`
tCount=`echo $tResult | grep "Received 0 reply" | wc -l`
if [ $tCount -eq 0 ]; then
# Grab the MAC and strip off the bracket characters
tMAC=`echo $tResult | awk '{ print $12 }' | sed -e 's/\[//' | sed -e 's/\]//
# Check the host file for both the IP and the MAC address
tIsKnown=`grep $tIP$tIPX /etc/hosts | grep -i $tMAC | wc -l`
if [ $tIsKnown -eq 0 ]; then
tFoundUnknowns=1
tLogMessage="$tIP$tIPX \t- $tMAC \t- ***UNKNOWN***"
else
tLogMessage="$tIP$tIPX \t- $tMAC"
fi
# Display and log message
echo -e "$tLogMessage"
echo -e "$tLogMessage" >> /tmp/lastcheckarp.txt
fi
done
# Email log if we have unknowns
if [ $tFoundUnknowns -eq 1 ]; then
echo -en "From: Orc <<from email address here>>\nTo: <name>\nSubject: Network
echo -en "Last network scan:\n" >> /tmp/.checknetwork.mail
echo "---------------------------------------------------------" >> /tmp/.chec
cat /tmp/lastcheckarp.txt >> /tmp/.checknetwork.mail
echo "---------------------------------------------------------" >> /tmp/.chec
cat /tmp/.checknetwork.mail | ssmtp <to email address here>
fi
emaillogs.sh
- Locaion: /sbin/flc/emaillogs.sh
- Purpose: To keep an eye on YOU$@#!
#!/bin/sh # LOOK FOR ANY DROPBEAR ATTEMPTS (BAD PASSWORD / NONEXISTENT USER) tCheckLogs=`logread | grep dropbear | grep attempt` tHostName=`uname -n` tEmailFrom="$tHostName@crancho.com" if [ "$tCheckLogs" != "" ]; then # SEND WARNING EMAIL echo From: $tHostName > /tmp/err.log echo To: Hayden Owens >> /tmp/err.log echo Subject: Log Error on `date "+%m/%d/%y %l:%M %p"` >> /tmp/err.log echo "" >> /tmp/err.log logread >> /tmp/err.log #OLD mini-sendmail# cat /tmp/err.log | sendmail -f$tEmailFrom -s<to mail server here> <to email address here> cat /tmp/err.log | ssmtp <to email address here> # CLEAR THE LOG FILE /etc/init.d/S01syslog restart fi
mail_alarm.sh
- Locaion: /sbin/flc/mail_alarm.sh
- Purpose: Let's me know when there is an intrusion
#!/bin/sh
zone=`expr $(tail /tmp/dsc.log | grep 609 | tail -1 | cut -c 5-6) + 0` zone_text=`grep zone_z$zone= /etc/dsczones.conf | cut -d \" -f 2`
echo -en "From: OK Alarm <<<MY_EMAIL_ADDY>>@windstream.net>\nSubject: Alarm Alert\n\n" > /tmp/.alarm.mail echo -en "Triggered in $zone_text\n" >> /tmp/.alarm.mail cat /tmp/.alarm.mail | ssmtp <<MY_PHONE_NUMBER>>@cingularme.com,<<MY_EMAIL_ADDY>>@windstream.net
scanwifi.sh
- Locaion: /sbin/flc/scanwifi.sh
- Purpose: Scans for WiFi routers / APs.
#!/bin/sh iwlist eth2 scanning
setip.sh
- Locaion: /sbin/flc/setip.sh
- Purpose: My own version of Dynamic DNS tracking.
<NOT AVAILABLE>
who.sh
- Locaion: /sbin/flc/who.sh
- Purpose: Replaces missing 'who' command to show whos logged in.
#!/bin/sh netstat 2>/dev/null | grep 22 echo ------------------------------------------------------------------------------- netstat -n 2>/dev/null | grep 22