@alefattorini
honestly… i don’t remember what i miss to finish the package, i’ll check it and will update the status soon. And, yes if ever will be finished/stable, the idea is to put it on netforge, but i must admit that lately in my short time available, ns7alpha has an high priority
@islipfd19
nice idea, if i ever finished the package i’ll ask you the script, tnx
Great idea! I’m thinking some type of trigger from arpwatch to fail2ban to blacklist the offending MAC/IP address and then a way to whitelist it after additional review.
I failed to mention that my shell script also sends notifications using the any of the mail apps; such as postfix or sendmail. As long as its configure properly of course. My shell script also has a mechanism to whitelist the MAC/IP address; CLI driven. Again, my script detects any unknown IP/MAC on the local network. At the heart of the script is nmap that performs a ping sweep of the network and grabs all the MAC addresses, compares them to a predefined list of MAC’s in it’s configuration file and the list of MAC’s obtained from the DHCP config file. When time permits I’ll upload it to github.
I don’t have a log, there may have been some confusion. I currently don’t use Fail2ban or arpwatch, the script I’m referring to is something that I designed and wrote. I believe it would be a “Nice to have” feature for both.
I left it too long, i remember that there was something i want to change/check but i don’t remember what…
so for now:
after install, the service is enabled and configured on all eth on green
it should work also with multiple eth
mail is sent by default to root
still to do:
implement a script to update ethercodes.dat using Sanitized IEEE OUI Date (oui.txt) (or put it in the file to separate rpm, or … honestly i’m not sure at the moment how to do but i would like to have it updated :))
a gui (???) if i will ever complete points 2 and 3
Though this isn’t part of nethserver, its suppose to assist with the ideas and I’m just replying to a post I placed a month ago.
So I finally got around to uploading my netsecure daemon to github for public use. I’ve named it netsecure for the moment, I may decide to change it in the future. It contains a daemon, configuration file and script itself at the heart of the program. It uses nmap and sendmail (or a similar program). Its purpose it to catch new/foreign mac addresses on your local network and add them to the local firewall and any other firewall (or shorewall) running on a different *nix box.
Any suggestions or questions are welcome, even bugs; I’ll help where I can.
that’s it… a quick and (probably) dirty fix for systemd with multiple eth… while centos do not support multple eth for arpwatch, the solution was to use a systemd template unit and instance it for the various eth.
The problem is that i can’t succeed to use services2adjust anymore…
(it looks for a arpwatch.service instead of arpwatch@ethX)
probably i need more time to study NethServer::Service and esmith::events
so for now, after a changes to eth config a signal-event nethserver-arpwatch-update
is needed
yes, i will do, but this is a quite specific module and not widely used today… not much useful without a gui for the report, well at least now there is a basic gui for the config…
as always tnx to master (@stephdl) as most of code was adapted from ddclient gui