@dz00te would you like to add it on our NethForge? @giacomo @davidep how can we move forward?
Iāve been watching this thread for some time, this package does something very similar to that of a shell script/daemon I wrote. But my shell script/daemon takes it a step further; when it recognizes a new device on the network (not within a open DHCP range) is adds the IP/MAC address to available linux firewalls on the network. This is the default setup, I can change the sensitivity to be strict it would add the IP/MAC address of a newly discovered device in the open DHCP range to the firewalls. The script must have sudo access of course because iptables command requires it, it also must be able to login to other linux boxes without a SSH password.
Adding IP addresses on Linux firewalls is relatively simple but finding a way to do this on NethServer was challenging. Instead I opted to use MAC addresses. In order to do that I needed to create a custom template for shorewall where the BLACKLIST option changed to āNEW,UNVALID,UNTRACKEDā so that I can dynamically add and remove the MACās.
The shell script/daemon consists of three files, a configuration file, daemon and shell commands itself. If anyone is interested in looking at the concept I can certainly upload it to github. It may take some time because Iād have to remove a number of personal settings.
2 Likes
@alefattorini
honestlyā¦ i donāt remember what i miss to finish the package, iāll check it and will update the status soon. And, yes if ever will be finished/stable, the idea is to put it on netforge, but i must admit that lately in my short time available, ns7alpha has an high priority 
@islipfd19
nice idea, if i ever finished the package iāll ask you the script, tnx 
Great idea! Iām thinking some type of trigger from arpwatch to fail2ban to blacklist the offending MAC/IP address and then a way to whitelist it after additional review.
I failed to mention that my shell script also sends notifications using the any of the mail apps; such as postfix or sendmail. As long as its configure properly of course. My shell script also has a mechanism to whitelist the MAC/IP address; CLI driven. Again, my script detects any unknown IP/MAC on the local network. At the heart of the script is nmap that performs a ping sweep of the network and grabs all the MAC addresses, compares them to a predefined list of MACās in itās configuration file and the list of MACās obtained from the DHCP config file. When time permits Iāll upload it to github.
When the author think the packages is finished, we can move it to the forge.
We can also give access directly to the forge
@islipfd19 please attach log, I have created an issue on Fail2ban so they could help to develop arpwatch log monitoring.
I donāt have a log, there may have been some confusion. I currently donāt use Fail2ban or arpwatch, the script Iām referring to is something that I designed and wrote. I believe it would be a āNice to haveā feature for both.
updated version on first postā¦
I left it too long, i remember that there was something i want to change/check but i donāt remember whatā¦ 
so for now:
- after install, the service is enabled and configured on all eth on green
- it should work also with multiple eth
- mail is sent by default to root
still to do:
- implement a script to update ethercodes.dat using Sanitized IEEE OUI Date (oui.txt) (or put it in the file to separate rpm, or ā¦ honestly iām not sure at the moment how to do but i would like to have it updated :))
- a gui (???) if i will ever complete points 2 and 3
and a lot of testing 
2 Likes
Though this isnāt part of nethserver, its suppose to assist with the ideas and Iām just replying to a post I placed a month ago.
So I finally got around to uploading my netsecure daemon to github for public use. Iāve named it netsecure for the moment, I may decide to change it in the future. It contains a daemon, configuration file and script itself at the heart of the program. It uses nmap and sendmail (or a similar program). Its purpose it to catch new/foreign mac addresses on your local network and add them to the local firewall and any other firewall (or shorewall) running on a different *nix box.
Any suggestions or questions are welcome, even bugs; Iāll help where I can.
1 Like
on ns7alpha2 (x86-64 and ARM)
yum install http://mirror.framassa.org/dz00test/nethserver-arpwatch-1.0.0-2.ns7.noarch.rpm
3 Likes
I think that no one uses this contrib (neither me 
)ā¦ but just for information, there are problems with multiple eth on NS7, iāll try to fix it
2 Likes
thatās itā¦ a quick and (probably) dirty fix for systemd with multiple ethā¦ while centos do not support multple eth for arpwatch, the solution was to use a systemd template unit and instance it for the various eth.
The problem is that i canāt succeed to use services2adjust anymoreā¦ 
(it looks for a arpwatch.service instead of arpwatch@ethX)
probably i need more time to study NethServer::Service and esmith::events 
so for now, after a changes to eth config a
signal-event nethserver-arpwatch-update
is needed
new link for tests on ns7
yum install http://mirror.framassa.org/dz00test/nethserver-arpwatch-1.0.0-3.ns7.noarch.rpm
edit:
added restart option to systemd unit templateā¦ maybe not a great solution but it seems to work. updated also the file on mirrorā¦
1 Like
You can now install it from nethforge-testing!
yum --enablerepo=nethforge-testing install nethserver-arpwatch
2 Likes
Donāt be sad like this module 
you should describe some interesting use scenarios to attract more users!
yes, i will do, but this is a quite specific module and not widely used todayā¦ not much useful without a gui for the report, well at least now there is a basic gui for the configā¦
as always tnx to master (@stephdl) as most of code was adapted from ddclient gui 
new link (only ns7)
http://mirror.framassa.org/dz00test/nethserver-arpwatch-1.0.0-4.ns7.noarch.rpm
3 Likes
this is what free software is supposed to be :), happy to contribute to that !
2 Likes
Hi Folks,
Sorry to bring this back from the dead.
This .rpm is no longer available.
This is a really neat project.
Does anyone kept the package?
Thanks,