1 | 2 | simandl | #! /bin/bash |
2 | | | # Firewall nove generace pro Czela Debian 3.0 |
3 | | | # Autor: Mirek Slugen |
4 | | | # Spoluatori: Michal Perlik, Michal Vondracek, Jan Chmelensky |
5 | | | # Vytvoreno: 06.11.2006 |
6 | | | # Naposledy zmeneno: 17.09.2007 |
7 | | | # Tento skript muzete volne sirit a upravovat. |
8 | | | |
9 | | | # interni promenne tykajici se pouze account |
10 | | | ACCOUNT_DIR="/var/log/account" |
11 | | | ACCOUNT_COMPRESSION="yes" |
12 | | | |
13 | | | # kazdych 120 ($INTERVAL) vterin bude graf ocekavat nova data |
14 | | | INTERVAL="120" |
15 | | | |
16 | | | # MaximĂĄlnĂ doba ÄekĂĄnĂ na novĂĄ data, po pĹekroÄenĂ bude ÄasovĂ˝ Ăşsek oznaÄen unknown |
17 | | | INTERVAL_0="$(($INTERVAL * 2))" |
18 | | | |
19 | | | # den - nechame kazdy vzorek (720*1*120) = (24*60*60) |
20 | | | # tyden - nechame kazdy 7. vzorek (1260*4*120) = (7*24*60*60) |
21 | | | # mesic - nechame kazdy 31. vzorek (2232*10*120) = (31*24*60*60) |
22 | | | # rok - nechame kazdy 365. vzorek (4380*60*120) = (365*24*60*60) |
23 | | | INTERVAL_1="1:$(((24 * 60 * 60) / ($INTERVAL * 1)))" |
24 | | | INTERVAL_2="7:$(((7 * 24 * 60 * 60) / ($INTERVAL * 7)))" |
25 | | | INTERVAL_3="31:$(((31 * 24 * 60 * 60) / ($INTERVAL * 31)))" |
26 | | | INTERVAL_4="365:$(((365 * 24 * 60 * 60) / ($INTERVAL * 365)))" |
27 | | | |
28 | | | RO="no" |
29 | | | |
30 | | | account_create_dir() { |
31 | | | # VytvoĹĂme adresĂĄĹovou strutkuru |
32 | | | mkdir -p "$ACCOUNT_DIR" |
33 | | | mkdir -p "$ACCOUNT_DIR/graphs" |
34 | | | mkdir -p "$ACCOUNT_DIR/rrd" |
35 | | | chown www-data:www-data -R "$ACCOUNT_DIR/graphs" |
36 | | | } |
37 | | | |
38 | | | rrdtool_update() { |
39 | | | if [ "$ACCOUNT_COMPRESSION" == "yes" ]; then |
40 | | | cp "$ACCOUNT_DIR/rrd/$1" "/tmp/account_$1" |
41 | | | rrdtool update "/tmp/account_$1" -t $2 $3 |
42 | | | mv "/tmp/account_$1" "$ACCOUNT_DIR/rrd/$1" |
43 | | | else |
44 | | | rrdtool update "$ACCOUNT_DIR/rrd/$1" -t $2 $3 |
45 | | | fi |
46 | | | } |
47 | | | |
48 | | | # implementace pocitani dat |
49 | | | account_start() { |
50 | | | account_stop |
51 | | | [ "$INTERNAL_IP" != "" ] && $IPTABLES -I FORWARD -j ACCOUNT --addr $INTERNAL_IP --tname account |
52 | | | [ "$EXTERNAL_IP" != "" ] && $IPTABLES -I FORWARD -j ACCOUNT --addr $EXTERNAL_IP --tname account_ext |
53 | | | #if [ "`$IPTABLES -L FORWARD | grep eth_accept`" != "" ]; then |
54 | | | # $IPTABLES -I eth_accept -j ACCOUNT --addr $INTERNAL_IP --tname account |
55 | | | #fi |
56 | | | } |
57 | | | |
58 | | | account_stop() { |
59 | | | for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep ACCOUNT | awk '{print $1}' | sort -r -n`; do |
60 | | | $IPTABLES -D FORWARD $I |
61 | | | done |
62 | | | #for I in `$IPTABLES -L eth_accept -n -v --line-numbers | grep ACCOUNT | awk '{print $1}' | sort -r -n`; do |
63 | | | # $IPTABLES -D eth_accept $I |
64 | | | #done |
65 | | | } |
66 | | | |
67 | | | account_restart() { |
68 | | | account_start |
69 | | | } |
70 | | | |
71 | | | account_reset() { |
72 | | | iptaccount -f -l account &>/dev/null |
73 | | | iptaccount -f -l account_ext &>/dev/null |
74 | | | rm -f "$ACCOUNT_DIR/data.txt" |
75 | | | } |
76 | | | |
77 | | | account_graphs_generate_ip() { |
78 | | | account_create_dir |
79 | | | |
80 | | | # NaÄteme novĂĄ data |
81 | | | local DATA=`iptaccount -f -l account 2>/dev/null | grep "IP" | awk '{print $2":"$7":"$12}'`" |
82 | | | "`iptaccount -f -l account_ext 2>/dev/null | grep "IP" | awk '{print $2":"$7":"$12}'` |
83 | | | local DATA_OLD=`grep -v \# "$ACCOUNT_DIR/data.txt"` |
84 | | | |
85 | | | local CTIME="`grep \# \"$ACCOUNT_DIR/data.txt\"`" |
86 | | | |
87 | | | # UloĹžĂme novĂĄ data do tmp souborĹŻ, protoĹže je rychlejĹĄĂ grepovat IP adresy |
88 | | | # ze souboru, neĹž pomocĂ echa. |
89 | | | echo "$DATA" > "/tmp/account_data.txt" |
90 | | | echo "$DATA_OLD" > "/tmp/account_data_old.txt" |
91 | | | |
92 | | | # ZachovĂĄvĂĄme datum vytvoĹenĂ |
93 | | | if [ "$CTIME" == "" ]; then |
94 | | | DATA_I="# vytvoreno `date +%H:%M\" \"%d.%m.%Y` |
95 | | | " |
96 | | | else |
97 | | | DATA_I="$CTIME |
98 | | | " |
99 | | | fi |
100 | | | |
101 | | | # zpracujeme data pro nove adresy |
102 | | | for I in $DATA; do |
103 | | | # rychlejsi zpusob ziskani dat |
104 | | | IFS=$' :\t\n' |
105 | | | I=( $I ) |
106 | | | IFS=$' \t\n' |
107 | | | |
108 | | | # zpracovavana IP adresa, aktualni upload a download |
109 | | | IP=${I[0]} |
110 | | | DOWNLOAD=${I[1]} |
111 | | | UPLOAD=${I[2]} |
112 | | | |
113 | | | # Nebudeme uklĂĄdat IP adresy, kterĂŠ majĂ nulovĂ˝ upload, nebo download, |
114 | | | # protoĹže jde vÄtĹĄinou jen o skenovĂĄnĂ sĂtÄ, teoreticky by bylo vhodnĂŠ |
115 | | | # pouĹžĂt nÄjakĂ˝ limit pro druhou nenulovou hodnotu, napĹĂklad 1024 bitĹŻ |
116 | | | # by staÄilo aby byla IP brĂĄna jako aktivnĂ. |
117 | | | ( [ "$DOWNLOAD" == "" ] || [ "$UPLOAD" == "" ] ) && continue |
118 | | | ( [ "$DOWNLOAD" == "0" ] || [ "$UPLOAD" == "0" ] ) && continue |
119 | | | |
120 | | | # starĂ˝ upload a download |
121 | | | IFS=$' :\t\n' |
122 | | | I_OLD=( `grep -F "$IP:" "/tmp/account_data_old.txt"` ) |
123 | | | IFS=$' \t\n' |
124 | | | |
125 | | | # souÄet downloadu a uploadu |
126 | | | if [ "${I[0]}" == "${I_OLD[0]}" ]; then |
127 | | | DOWNLOAD_NEW=$((${I_OLD[1]} + $DOWNLOAD)) |
128 | | | UPLOAD_NEW=$((${I_OLD[2]} + $UPLOAD)) |
129 | | | else |
130 | | | DOWNLOAD_NEW=$DOWNLOAD |
131 | | | UPLOAD_NEW=$UPLOAD |
132 | | | fi |
133 | | | |
134 | | | # rychlost |
135 | | | DOWNLOAD_RATE=$(($DOWNLOAD / $INTERVAL)) |
136 | | | UPLOAD_RATE=$(($UPLOAD / $INTERVAL)) |
137 | | | |
138 | | | # nechceme ukladat data casto, proto je nacteme do promenne a pak ulozime najdnou, musime odradkovat! |
139 | | | DATA_I=$DATA_I"$IP:$DOWNLOAD_NEW:$UPLOAD_NEW:$DOWNLOAD_RATE:$UPLOAD_RATE |
140 | | | " |
141 | | | # vytvorime rrd soubor |
142 | | | [ ! -e "$ACCOUNT_DIR/rrd/host-$IP.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/host-$IP.rrd" \ |
143 | | | --step $INTERVAL \ |
144 | | | DS:in:GAUGE:$INTERVAL_0:0:U \ |
145 | | | DS:out:GAUGE:$INTERVAL_0:0:U \ |
146 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
147 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
148 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
149 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
150 | | | # Do promÄnnĂŠ in a out se uloŞà data, bude pouĹžit model GAUGE, kaĹždĂĄ |
151 | | | # hodnota odpovĂda pĹesnÄ reĂĄlnĂŠ hodnotÄ, nenĂ pĹĂrustkovĂĄ. |
152 | | | # MinimĂĄlnĂ hodnota je 0, maximĂĄlnĂ je unlimited (U). |
153 | | | rrdtool_update "host-$IP.rrd" in:out N:$UPLOAD_RATE:$DOWNLOAD_RATE |
154 | | | done |
155 | | | |
156 | | | # MusĂme uloĹžit aktuĂĄlnĂ data z aktivnĂch ip, abychom pĹi nĂĄslednĂŠm prohledĂĄvĂĄnĂ |
157 | | | # brali v potaz jen jiĹž uloĹženĂŠ ip adresy. |
158 | | | echo "$DATA_I" > "/tmp/account_data.txt" |
159 | | | |
160 | | | # zpracujeme data i pro stare adresy, toto ma obrovsky vliv na vykon |
161 | | | for I in $DATA_OLD; do |
162 | | | IFS=$' :\t\n' |
163 | | | I=( $I ) |
164 | | | IFS=$' \t\n' |
165 | | | |
166 | | | IP=${I[0]} |
167 | | | DOWNLOAD=${I[1]} |
168 | | | UPLOAD=${I[2]} |
169 | | | |
170 | | | # Nebudeme uklĂĄdat IP adresy, kterĂŠ majĂ nulovĂ˝ upload, nebo download, |
171 | | | # protoĹže jde vÄtĹĄinou jen o skenovĂĄnĂ sĂtÄ! |
172 | | | ( [ "$DOWNLOAD" == "" ] || [ "$UPLOAD" == "" ] ) && continue |
173 | | | ( [ "$DOWNLOAD" == "0" ] || [ "$UPLOAD" == "0" ] ) && continue |
174 | | | |
175 | | | # PokaĹždĂŠ grepovat v souboru je opravdu velmi nevhodnĂŠ, ale rychlejĹĄĂ |
176 | | | # neĹž echo celĂŠ promÄnnĂŠ data. |
177 | | | [ "`grep -F \"$IP:\" \"/tmp/account_data.txt\"`" != "" ] && continue |
178 | | | |
179 | | | # UloĹžĂme data |
180 | | | DATA_I=$DATA_I"$IP:$DOWNLOAD:$UPLOAD:0:0 |
181 | | | " |
182 | | | # OtĂĄzka je jestli vĹŻbec mĂĄ cenu aktualizovat data pro neaktivnĂ ip adresy |
183 | | | # mĹŻĹže to mĂt nepĹĂznivĂ˝ vliv na vĂ˝kon pĹi vÄtĹĄĂm poÄtu klientĹŻ a jedinĂŠ co nĂĄm to dĂĄvĂĄ |
184 | | | # je lepĹĄĂ pĹesnost v grafec, mĂsto Ăşdaje Na bude 0 hodnota. |
185 | | | # Pokud monitorujete velkĂŠ mnoĹžstĂ adres, pak nĂĄsledujĂcĂ ĹĂĄdky radÄji zakomentujte. |
186 | | | [ "$ACCOUNT_GRAPHS_IP_EX" != "yes" ] && continue |
187 | | | # vytvorime rrd soubor |
188 | | | [ ! -e "$ACCOUNT_DIR/rrd/host-$IP.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/host-$IP.rrd" \ |
189 | | | --step $INTERVAL \ |
190 | | | DS:in:GAUGE:$INTERVAL_0:0:U \ |
191 | | | DS:out:GAUGE:$INTERVAL_0:0:U \ |
192 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
193 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
194 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
195 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
196 | | | rrdtool_update "host-$IP.rrd" in:out N:0:0 |
197 | | | done |
198 | | | |
199 | | | # ZapĂĹĄeme novĂĄ data najednou |
200 | | | echo "$DATA_I" > "$ACCOUNT_DIR/data.txt" |
201 | | | |
202 | | | # SmaĹžeme tmp soubory |
203 | | | rm -f "/tmp/account_data.txt" |
204 | | | rm -f "/tmp/account_data_old.txt" |
205 | | | } |
206 | | | |
207 | | | account_graphs_generate_system() { |
208 | | | account_create_dir |
209 | | | |
210 | | | # pouĹžĂvanĂĄ promÄnnĂĄ, do kterĂŠ uklĂĄdĂĄme zĂskanĂŠ informace |
211 | | | local DATA="" |
212 | | | |
213 | | | # zĂĄtÄĹž procesoru |
214 | | | local CPU_DATA=`cat /proc/stat` |
215 | | | local CPU_DATA_OLD=`cat $ACCOUNT_DIR/cpu_load_data.txt 2>/dev/null` |
216 | | | |
217 | | | echo "$CPU_DATA" > "$ACCOUNT_DIR/cpu_load_data.txt" |
218 | | | |
219 | | | local CPU_LOAD="" |
220 | | | |
221 | | | if [ "$CPU_DATA_OLD" != "" ]; then |
222 | | | IFS=$'\t\n' |
223 | | | for I in $CPU_DATA; do |
224 | | | IFS=$' \t\n' |
225 | | | I=( $I ) |
226 | | | [ "${I[0]:0:3}" != "cpu" ] && continue |
227 | | | IFS=$'\t\n' |
228 | | | for J in $CPU_DATA_OLD; do |
229 | | | IFS=$' \t\n' |
230 | | | J=( $J ) |
231 | | | [ "${I[0]}" != "${J[0]}" ] && continue |
232 | | | # naĹĄli jsme odpovĂdajĂcĂ pĹedchozĂ data |
233 | | | TIME=$((${I[1]} + ${I[2]} + ${I[3]} + ${I[4]} + ${I[5]} + ${I[6]} + ${I[7]} - ${J[1]} - ${J[2]} - ${J[3]} - ${J[4]} - ${J[5]} - ${J[6]} - ${J[7]})) |
234 | | | LOAD=$((100 - ((100 * (${I[4]} - ${J[4]})) / $TIME))) |
235 | | | LOAD_USER=$(((100 * (${I[1]} - ${J[1]})) / $TIME)) |
236 | | | LOAD_USER_NICE=$(((100 * (${I[2]} - ${J[2]})) / $TIME)) |
237 | | | LOAD_SYSTEM=$(((100 * (${I[3]} - ${J[3]})) / $TIME)) |
238 | | | LOAD_IOWAIT=$(((100 * (${I[5]} - ${J[5]})) / $TIME)) |
239 | | | LOAD_HARDIRQ=$(((100 * (${I[6]} - ${J[6]})) / $TIME)) |
240 | | | LOAD_SOFTIRQ=$(((100 * (${I[7]} - ${J[7]})) / $TIME)) |
241 | | | break |
242 | | | done |
243 | | | CPU_LOAD=$CPU_LOAD"${I[0]} $LOAD |
244 | | | " |
245 | | | DATA=$DATA"${I[0]}_load $LOAD |
246 | | | ${I[0]}_load_user $LOAD_USER |
247 | | | ${I[0]}_load_user_nice $LOAD_USER_NICE |
248 | | | ${I[0]}_load_system $LOAD_SYSTEM |
249 | | | ${I[0]}_load_iowait $LOAD_IOWAIT |
250 | | | ${I[0]}_load_hardirq $LOAD_HARDIRQ |
251 | | | ${I[0]}_load_softirq $LOAD_SOFTIRQ |
252 | | | " |
253 | | | done |
254 | | | IFS=$' \t\n' |
255 | | | else |
256 | | | # Pro tvorbu grafu musĂme zĂskat alespoĹ poÄet procesorĹŻ, jinak |
257 | | | # bychom pĹi prvnĂm naÄtenĂ vytvoĹili chybnĂ˝ soubor. |
258 | | | for I in $CPU_DATA; do |
259 | | | IFS=$' \t\n' |
260 | | | I=( $I ) |
261 | | | [ "${I[0]:0:3}" != "cpu" ] && continue |
262 | | | CPU_LOAD=$CPU_LOAD"${I[0]} 0 |
263 | | | " |
264 | | | DATA=$DATA"${I[0]}_load 0 |
265 | | | ${I[0]}_load_user 0 |
266 | | | ${I[0]}_load_user_nice 0 |
267 | | | ${I[0]}_load_system 0 |
268 | | | ${I[0]}_load_iowait 0 |
269 | | | ${I[0]}_load_hardirq 0 |
270 | | | ${I[0]}_load_softirq 0 |
271 | | | " |
272 | | | done |
273 | | | fi |
274 | | | |
275 | | | echo "$CPU_LOAD" > "$ACCOUNT_DIR/cpu_load.txt" |
276 | | | |
277 | | | # vyuĹžitĂ RAM |
278 | | | IFS=$' \t\n' |
279 | | | local MEM_DATA=( `awk '{print $2}' /proc/meminfo` ) |
280 | | | |
281 | | | DATA=$DATA"mem_total ${MEM_DATA[0]} |
282 | | | mem_used $(((${MEM_DATA[0]} - ${MEM_DATA[1]}) * 1024)) |
283 | | | mem_buffers $((${MEM_DATA[2]} * 1024)) |
284 | | | mem_cached $((${MEM_DATA[3]} * 1024)) |
285 | | | mem_active $((${MEM_DATA[5]} * 1024)) |
286 | | | mem_inact $((${MEM_DATA[6]} * 1024)) |
287 | | | mem_mapped $((${MEM_DATA[16]} * 1024)) |
288 | | | mem_slab $((${MEM_DATA[17]} * 1024)) |
289 | | | swap_total $((${MEM_DATA[11]} * 1024)) |
290 | | | swap_used $(((${MEM_DATA[11]} - ${MEM_DATA[12]}) * 1024)) |
291 | | | " |
292 | | | |
293 | | | # obsazenĂ rootfs, tmpfs a tmpfs_small |
294 | | | local FS_DATA=`df / /var/tmpfs /var/tmpfs/small 2>/dev/null` |
295 | | | |
296 | | | IFS=$'\t\n' |
297 | | | for I in $FS_DATA; do |
298 | | | IFS=$' \t\n' |
299 | | | I=( $I ) |
300 | | | if [ "${I[5]}" == "/" ]; then |
301 | | | ROOT_TOTAL=$((${I[1]} * 1024)) |
302 | | | ROOT_USED=$((${I[2]} * 1024)) |
303 | | | elif [ "${I[5]}" == "/var/tmpfs" ]; then |
304 | | | TMPFS_TOTAL=$((${I[1]} * 1024)) |
305 | | | TMPFS_USED=$((${I[2]} * 1024)) |
306 | | | elif [ "${I[5]}" == "/var/tmpfs/small" ]; then |
307 | | | TMPFSS_TOTAL=$((${I[1]} * 1024)) |
308 | | | TMPFSS_USED=$((${I[2]} * 1024)) |
309 | | | fi |
310 | | | done |
311 | | | IFS=$' \t\n' |
312 | | | |
313 | | | DATA=$DATA"root_total $ROOT_TOTAL |
314 | | | root_used $ROOT_USED |
315 | | | tmpfs_total $TMPFS_TOTAL |
316 | | | tmpfs_used $TMPFS_USED |
317 | | | tmpfss_total $TMPFSS_TOTAL |
318 | | | tmpfss_used $TMPFSS_USED |
319 | | | " |
320 | | | |
321 | | | # PoÄet aktivnĂ poÄĂtaÄĹŻ na zĂĄkladÄ conntrack, bohuĹžel sloĹžitĂŠ matchovĂĄnĂ na zĂĄkladÄ |
322 | | | # danĂŠho internĂho rozsahu by bylo nepĹimÄĹenÄ pomalĂŠ, proto sprĂĄvnÄ matchuje pouze |
323 | | | # rozsahy: 0.0.0.0/0, X.0.0.0/8, X.X.0.0/16 a X.X.X.0/24 |
324 | | | IFS=$'/.\t\n' |
325 | | | local INTERNAL_IP=( $INTERNAL_IP ) |
326 | | | IFS=$' \t\n' |
327 | | | [ "${INTERNAL_IP[0]}" != "0" ] && POM_IP="${INTERNAL_IP[0]}." |
328 | | | [ "${INTERNAL_IP[1]}" != "0" ] && POM_IP="$POM_IP${INTERNAL_IP[1]}." |
329 | | | [ "${INTERNAL_IP[2]}" != "0" ] && POM_IP="$POM_IP${INTERNAL_IP[2]}." |
330 | | | [ "${INTERNAL_IP[3]}" != "0" ] && POM_IP="$POM_IP${INTERNAL_IP[3]}" |
331 | | | local ACTIVE_IPS=`awk '{print $5}' /proc/net/ip_conntrack | cut -d= -f2 | grep -F $POM_IP | sort -u | wc -l` |
332 | | | |
333 | | | DATA=$DATA"active_ips $ACTIVE_IPS |
334 | | | " |
335 | | | echo "$ACTIVE_IPS" > "$ACCOUNT_DIR/users.txt" |
336 | | | |
337 | | | local CREATE_DATA="" |
338 | | | local UPDATE_DATA1="" |
339 | | | local UPDATE_DATA2="" |
340 | | | |
341 | | | IFS=$'\t\n' |
342 | | | for I in $DATA; do |
343 | | | IFS=$' \t\n' |
344 | | | I=( $I ) |
345 | | | CREATE_DATA=$CREATE_DATA" DS:${I[0]}:GAUGE:$INTERVAL_0:0:U" |
346 | | | UPDATE_DATA1=$UPDATE_DATA1":${I[0]}" |
347 | | | UPDATE_DATA2=$UPDATE_DATA2":${I[1]}" |
348 | | | done |
349 | | | IFS=$' \t\n' |
350 | | | |
351 | | | # SamotnĂŠ vytvoĹenĂ rrd souboru |
352 | | | [ ! -e "$ACCOUNT_DIR/rrd/system.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/system.rrd" \ |
353 | | | --step $INTERVAL $CREATE_DATA \ |
354 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
355 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
356 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
357 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
358 | | | |
359 | | | # aktualizujeme data |
360 | | | rrdtool_update "system.rrd" ${UPDATE_DATA1:1} N$UPDATE_DATA2 |
361 | | | } |
362 | | | |
363 | | | # funkce vyĹžaduje kompletnĂ pĹepsĂĄnĂ a optimalizaci |
364 | | | account_graphs_generate_interfaces() { |
365 | | | account_create_dir |
366 | | | |
367 | | | # naÄteme zĂĄkladnĂ data |
368 | | | local DATA=`grep -F ":" /proc/net/dev | sed 's/:/ /g'` |
369 | | | local DATA_OLD=`cat "$ACCOUNT_DIR/interfaces.txt" 2>/dev/null` |
370 | | | |
371 | | | echo "$DATA" > "$ACCOUNT_DIR/interfaces.txt" |
372 | | | |
373 | | | # data pro generovĂĄnĂ celkovĂ˝ch pĹenesenĂ˝ch dat na rozhranĂ |
374 | | | local DATA_2="" |
375 | | | local DATA_2_OLD=`cat "$ACCOUNT_DIR/interfaces_data.txt" 2>/dev/null` |
376 | | | |
377 | | | local TOTAL_DOWNLOAD="0" |
378 | | | local TOTAL_UPLOAD="0" |
379 | | | |
380 | | | local TOTAL_DOWNLOAD_RATE="0" |
381 | | | local TOTAL_UPLOAD_RATE="0" |
382 | | | |
383 | | | # Pro vytvoĹenĂ statistik potĹebujeme pĹedchozĂ data |
384 | | | if [ "$DATA_OLD" != "" ]; then |
385 | | | IFS=$'\t\n' |
386 | | | for I in $DATA; do |
387 | | | IFS=$' \t\n' |
388 | | | I=( $I ) |
389 | | | [ "${I[0]:1:2}" != "th" ] && [ "${I[0]:0:4}" != "wlan" ] && continue |
390 | | | |
391 | | | DOWNLOAD=${I[1]} |
392 | | | UPLOAD=${I[9]} |
393 | | | |
394 | | | DOWNLOAD_DIFF="0" |
395 | | | UPLOAD_DIFF="0" |
396 | | | |
397 | | | DOWNLOAD_RATE="0" |
398 | | | UPLOAD_RATE="0" |
399 | | | |
400 | | | DOWNLOAD_TOTAL="0" |
401 | | | UPLOAD_TOTAL="0" |
402 | | | |
403 | | | # V pĹŻvodnĂch datech najdeme rozhranĂ |
404 | | | IFS=$'\t\n' |
405 | | | for J in $DATA_OLD; do |
406 | | | IFS=$' \t\n' |
407 | | | J=( $J ) |
408 | | | [ "${I[0]}" != "${J[0]}" ] && continue |
409 | | | DOWNLOAD_OLD=${J[1]} |
410 | | | UPLOAD_OLD=${J[9]} |
411 | | | |
412 | | | # poÄĂtadla na rozhranĂ pĹetĂŠkajĂ po pĹenesenĂ 4 GB dat |
413 | | | if [ "$DOWNLOAD" -lt "$DOWNLOAD_OLD" ]; then |
414 | | | DOWNLOAD_DIFF=$(($DOWNLOAD + ( 4 * 1024 * 1024 * 1024 ) - $DOWNLOAD_OLD)) |
415 | | | else |
416 | | | DOWNLOAD_DIFF=$(($DOWNLOAD - $DOWNLOAD_OLD)) |
417 | | | fi |
418 | | | if [ "$UPLOAD" -lt "$UPLOAD_OLD" ]; then |
419 | | | UPLOAD_DIFF=$(($UPLOAD + ( 4 * 1024 * 1024 * 1024 ) - $UPLOAD_OLD)) |
420 | | | else |
421 | | | UPLOAD_DIFF=$(($UPLOAD - $UPLOAD_OLD)) |
422 | | | fi |
423 | | | |
424 | | | # spoÄĂtĂĄme aktuĂĄlnĂ pĹenosovu rychlost na rozhranĂ |
425 | | | DOWNLOAD_RATE=$(($DOWNLOAD_DIFF / $INTERVAL)) |
426 | | | UPLOAD_RATE=$(($UPLOAD_DIFF / $INTERVAL)) |
427 | | | break |
428 | | | done |
429 | | | |
430 | | | # VĂ˝poÄet staĹženĂ˝ch dat na rozhranĂ |
431 | | | IFS=$'\t\n' |
432 | | | for J in $DATA_2_OLD; do |
433 | | | IFS=$' \t\n' |
434 | | | J=( $J ) |
435 | | | [ "${I[0]}" != "${J[0]}" ] && continue |
436 | | | DOWNLOAD_TOTAL=$((${J[1]} + $DOWNLOAD_DIFF)) |
437 | | | UPLOAD_TOTAL=$((${J[2]} + $UPLOAD_DIFF)) |
438 | | | break |
439 | | | done |
440 | | | |
441 | | | [ "$DOWNLOAD_TOTAL" == "0" ] && DOWNLOAD_TOTAL="$DOWNLOAD" |
442 | | | [ "$UPLOAD_TOTAL" == "0" ] && UPLOAD_TOTAL="$UPLOAD" |
443 | | | |
444 | | | DATA_2=$DATA_2"${I[0]} $DOWNLOAD_TOTAL $UPLOAD_TOTAL $DOWNLOAD_RATE $UPLOAD_RATE |
445 | | | " |
446 | | | |
447 | | | # UloĹžĂme prĹŻtok rozhranĂm |
448 | | | [ ! -e "$ACCOUNT_DIR/rrd/interface-${I[0]}.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/interface-${I[0]}.rrd" \ |
449 | | | --step $INTERVAL \ |
450 | | | DS:in:GAUGE:$INTERVAL_0:0:U \ |
451 | | | DS:out:GAUGE:$INTERVAL_0:0:U \ |
452 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
453 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
454 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
455 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
456 | | | rrdtool_update "interface-${I[0]}.rrd" in:out N:$DOWNLOAD_RATE:$UPLOAD_RATE |
457 | | | |
458 | | | TOTAL_DOWNLOAD=$(($DOWNLOAD_TOTAL + $TOTAL_DOWNLOAD)) |
459 | | | TOTAL_UPLOAD=$(($UPLOAD_TOTAL + $TOTAL_UPLOAD)) |
460 | | | |
461 | | | TOTAL_DOWNLOAD_RATE=$(($DOWNLOAD_RATE + $TOTAL_DOWNLOAD_RATE)) |
462 | | | TOTAL_UPLOAD_RATE=$(($UPLOAD_RATE + $TOTAL_UPLOAD_RATE)) |
463 | | | done |
464 | | | IFS=$' \t\n' |
465 | | | fi |
466 | | | |
467 | | | DATA_2=$DATA_2"all $TOTAL_DOWNLOAD $TOTAL_UPLOAD $TOTAL_DOWNLOAD_RATE $TOTAL_UPLOAD_RATE |
468 | | | " |
469 | | | |
470 | | | # CelkovĂĄ data protĂŠkajĂcĂ skrze router |
471 | | | [ ! -e "$ACCOUNT_DIR/rrd/interface-all.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/interface-all.rrd" \ |
472 | | | --step $INTERVAL \ |
473 | | | DS:all:GAUGE:$INTERVAL_0:0:U \ |
474 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
475 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
476 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
477 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
478 | | | rrdtool_update "interface-all.rrd" all N:$(($TOTAL_DOWNLOAD_RATE + $TOTAL_UPLOAD_RATE)) |
479 | | | |
480 | | | echo "$DATA_2" > "$ACCOUNT_DIR/interfaces_data.txt" |
481 | | | } |
482 | | | |
483 | | | account_graphs_generate_pings() { |
484 | | | account_create_dir |
485 | | | |
486 | | | [ ! -e "/etc/firewall/routers.conf" ] && return 0 |
487 | | | |
488 | | | # naÄteme data |
489 | | | local DATA=`grep -F "." /etc/firewall/routers.conf | awk '{print $1}'` |
490 | | | local DATA_OLD=`grep -v \# "$ACCOUNT_DIR/routers.txt"` |
491 | | | local DATA_NEW="" |
492 | | | |
493 | | | # Zpracujeme data |
494 | | | for I in $DATA; do |
495 | | | [ "${I:0:1}" == "#" ] && continue |
496 | | | |
497 | | | GOOD="0" |
498 | | | BAD="0" |
499 | | | |
500 | | | IFS=$'\t\n' |
501 | | | for J in $DATA_OLD; do |
502 | | | IFS=$': \t\n' |
503 | | | J=( $J ) |
504 | | | IFS=$' \t\n' |
505 | | | [ "$I" != "${J[0]}" ] && continue |
506 | | | GOOD="${J[1]}" |
507 | | | BAD="${J[2]}" |
508 | | | break |
509 | | | done |
510 | | | |
511 | | | IFS=$'\/ \t\n' |
512 | | | RESPONSE=( `ping $I -c 1 -s 1024 -q -v -W 1 | grep min 2>/dev/null` ) |
513 | | | IFS=$' \t\n' |
514 | | | |
515 | | | if [ "${RESPONSE[7]}" == "" ]; then |
516 | | | ((BAD++)) |
517 | | | else |
518 | | | ((GOOD++)) |
519 | | | fi |
520 | | | |
521 | | | DATA_NEW=$DATA_NEW"$I:$GOOD:$BAD |
522 | | | " |
523 | | | # VytvoĹĂme graf |
524 | | | [ ! -e "$ACCOUNT_DIR/rrd/ping-$I.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/ping-$I.rrd" \ |
525 | | | --step $INTERVAL \ |
526 | | | DS:response:GAUGE:$INTERVAL_0:0:U \ |
527 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
528 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
529 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
530 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
531 | | | rrdtool_update "ping-$I.rrd" response N:${RESPONSE[7]} |
532 | | | done |
533 | | | |
534 | | | echo "$DATA_NEW" > "$ACCOUNT_DIR/routers.txt" |
535 | | | } |
536 | | | |
537 | | | account_graphs_get_mikrotik_wifi_clients() { |
538 | | | account_create_dir |
539 | | | |
540 | | | [ ! -e "/etc/firewall/mikrotik.conf" ] && return 0 |
541 | | | |
542 | | | local DATA=`grep -F "." /etc/firewall/mikrotik.conf` |
543 | | | local DATA_NEW="" |
544 | | | |
545 | | | IFS=$'\t\n' |
546 | | | for I in $DATA; do |
547 | | | IFS=$' \t\n' |
548 | | | I=( $I ) |
549 | | | [ "${I[0]:0:1}" == "#" ] && continue |
550 | | | DATA_NEW=$DATA_NEW"`mikrotik_get -ip=${I[0]} -name=${I[1]} -pwd=${I[2]} -cmd=\"interface wireless registration-table print\" | grep \":\" | sed 's/\r\$//'`" |
551 | | | done |
552 | | | IFS=$' \t\n' |
553 | | | |
554 | | | echo "$DATA_NEW" > "$ACCOUNT_DIR/mikrotik_wifi.txt" |
555 | | | } |
556 | | | |
557 | | | account_graphs_generate_signal() { |
558 | | | account_create_dir |
559 | | | |
560 | | | local DATA="" |
561 | | | |
562 | | | # madwifi |
563 | | | for I in `ls /proc/net/madwifi/ 2>/dev/null`; do |
564 | | | # z madwifi lze zĂskat data pĹes wlanconfig i iwlist |
565 | | | #iwlist $I peers |
566 | | | IFS=$'\t\n' |
567 | | | CLIENTS=`wlanconfig $I list | grep ":" | tr [:lower:] [:upper:]` |
568 | | | for CLIENT in $CLIENTS; do |
569 | | | IFS=$' \t\n' |
570 | | | CLIENT=( $CLIENT ) |
571 | | | DATA=$DATA"$I ${CLIENT[0]} ${CLIENT[5]} |
572 | | | " |
573 | | | IFS=$'\t\n' |
574 | | | done |
575 | | | IFS=$' \t\n' |
576 | | | done |
577 | | | |
578 | | | # hostap |
579 | | | for I in `ls /proc/net/hostap/ 2>/dev/null`; do |
580 | | | # hostap ukrývå vťe v proc |
581 | | | IFS=$'\t\n' |
582 | | | CLIENTS=`ls /proc/net/hostap/$I/ | grep ":"` |
583 | | | for CLIENT in $CLIENTS; do |
584 | | | IFS=$' =\t\n' |
585 | | | SIGNAL=( `grep "signal" /proc/net/hostap/$I/$CLIENT` ) |
586 | | | IFS=$' \t\n' |
587 | | | DATA=$DATA"$I $CLIENT ${SIGNAL[5]} |
588 | | | " |
589 | | | IFS=$'\t\n' |
590 | | | done |
591 | | | IFS=$' \t\n' |
592 | | | done |
593 | | | |
594 | | | # KlasickĂ˝ iwlist, napĹĂklad madwifi dÄlĂĄ takto bgscan, takĹže jde spĂĹĄ |
595 | | | # o scan, neĹžli o mÄĹenĂ signĂĄlu klientĹŻ. |
596 | | | #IFS=$'\t\n' |
597 | | | #for I in `ip link show 2>/dev/null | grep -E "wlan|ath"`; do |
598 | | | # IFS=$' :\t\n' |
599 | | | # I=( $I ) |
600 | | | # IFS=$'\t\n' |
601 | | | # CLIENTS=`iwlist ${I[1]} peers | grep ":" | grep -i "signal" | tr [:lower:] [:upper:]` |
602 | | | # for CLIENT in $CLIENTS; do |
603 | | | # IFS=$' =\t\n' |
604 | | | # CLIENT=( $CLIENT ) |
605 | | | # IFS=$' \t\n' |
606 | | | # DATA=$DATA"${I[1]} ${CLIENT[0]} ${CLIENT[6]} |
607 | | | #" |
608 | | | # IFS=$'\t\n' |
609 | | | # done |
610 | | | # IFS=$' \t\n' |
611 | | | #done |
612 | | | |
613 | | | # Nahrajeme data takĂŠ pro mikrotik |
614 | | | if [ -e "$ACCOUNT_DIR/mikrotik_wifi.txt" ] && [ "$ACCOUNT_GRAPHS_MK_SIGNAL" == "yes" ]; then |
615 | | | CLIENTS=`grep ":" "$ACCOUNT_DIR/mikrotik_wifi.txt"` |
616 | | | IFS=$'\t\n' |
617 | | | for CLIENT in $CLIENTS; do |
618 | | | IFS=$' \t\n' |
619 | | | CLIENT=( $CLIENT ) |
620 | | | # Mikrotik obÄas nezaĹĄle RADIO-NAME a tĂm rozhodĂ poĹadĂ |
621 | | | if [ "${CLIENT[3]:2:1}" == ":" ]; then |
622 | | | DATA=$DATA"${CLIENT[1]} ${CLIENT[3]} -${CLIENT[5]//[^0-9]/} |
623 | | | " |
624 | | | elif [ "${CLIENT[2]:2:1}" == ":" ]; then |
625 | | | DATA=$DATA"${CLIENT[1]} ${CLIENT[2]} -${CLIENT[4]//[^0-9]/} |
626 | | | " |
627 | | | fi |
628 | | | IFS=$'\t\n' |
629 | | | done |
630 | | | IFS=$' \t\n' |
631 | | | fi |
632 | | | |
633 | | | # hromadnÄ zmÄnĂme vĹĄe na velkĂĄ pĂsmena |
634 | | | DATA="`echo \"$DATA\" | tr [:lower:] [:upper:]`" |
635 | | | |
636 | | | IFS=$'\t\n' |
637 | | | for I in $DATA; do |
638 | | | IFS=$' \t\n' |
639 | | | I=( $I ) |
640 | | | # rrdtool nesnese v nĂĄzvu soubor se vstupnĂmi daty dvojteÄky |
641 | | | MAC=${I[1]//:/-} |
642 | | | [ ! -e "$ACCOUNT_DIR/rrd/signal-$MAC.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/signal-$MAC.rrd" \ |
643 | | | --step $INTERVAL \ |
644 | | | DS:signal:GAUGE:$INTERVAL_0:-100:0 \ |
645 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
646 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
647 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
648 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
649 | | | # aktualizujeme data pro vsechny karty |
650 | | | rrdtool_update "signal-$MAC.rrd" signal N:${I[2]} |
651 | | | IFS=$'\t\n' |
652 | | | done |
653 | | | IFS=$' \t\n' |
654 | | | } |
655 | | | |
656 | | | account_graphs_generate_drives() { |
657 | | | account_create_dir |
658 | | | |
659 | | | # NaÄteme data, jen lokĂĄlnĂ disky, zobrazit typ a postfix zobrazenĂ |
660 | | | local DATA=`df -lTP` |
661 | | | local DATA_NEW="" |
662 | | | |
663 | | | local DRIVES="" |
664 | | | local SIZES="" |
665 | | | |
666 | | | IFS=$'\t\n' |
667 | | | for I in $DATA; do |
668 | | | IFS=$' \t\n' |
669 | | | I=( $I ) |
670 | | | [ "${I[0]}" == "/dev/root" ] && I[0]="/dev/`readlink /dev/root`" |
671 | | | |
672 | | | if [ "${I[0]%/*}" == "/dev" ]; then |
673 | | | # MusĂme pĹedejĂt bind mountĹŻm, nezpracovĂĄvĂĄme jiĹž zpracovanĂ˝ disk. |
674 | | | [ "`echo \"$DRIVES\" | grep -x \"${I[0]}\"`" != "" ] && continue |
675 | | | DRIVES=$DRIVES"${I[0]} |
676 | | | " |
677 | | | DRIVE=${I[0]##*/} |
678 | | | TYPE="drive" |
679 | | | elif [ "${I[0]}" == "tmpfs" ] || [ "${I[0]}" == "cf_main" ]; then |
680 | | | # MusĂme pĹedejĂt bind mountĹŻm, nezpracovĂĄvĂĄme jiĹž zpracovanĂ˝ disk. |
681 | | | [ "`echo \"$SIZES\" | grep -x \"${I[2]}-${I[3]}\"`" != "" ] && continue |
682 | | | SIZES=$SIZES"${I[2]}-${I[3]} |
683 | | | " |
684 | | | # nahradĂme vĹĄechny / pomlÄkou a odstranĂme prvnĂ pomlÄku |
685 | | | DRIVE=${I[6]//\//-} |
686 | | | DRIVE=${DRIVE:1} |
687 | | | TYPE="tmpfs" |
688 | | | else |
689 | | | continue |
690 | | | fi |
691 | | | |
692 | | | TOTAL=$((${I[2]} * 1024)) |
693 | | | USED=$((${I[3]} * 1024)) |
694 | | | |
695 | | | # VytvoĹĂme graf |
696 | | | [ ! -e "$ACCOUNT_DIR/rrd/$TYPE-$DRIVE.rrd" ] && rrdtool create "$ACCOUNT_DIR/rrd/$TYPE-$DRIVE.rrd" \ |
697 | | | --step $INTERVAL \ |
698 | | | DS:total:GAUGE:$INTERVAL_0:0:U \ |
699 | | | DS:used:GAUGE:$INTERVAL_0:0:U \ |
700 | | | RRA:AVERAGE:0.5:$INTERVAL_1 \ |
701 | | | RRA:AVERAGE:0.5:$INTERVAL_2 \ |
702 | | | RRA:AVERAGE:0.5:$INTERVAL_3 \ |
703 | | | RRA:AVERAGE:0.5:$INTERVAL_4 |
704 | | | rrdtool_update "$TYPE-$DRIVE.rrd" total:used N:$TOTAL:$USED |
705 | | | done |
706 | | | } |
707 | | | |
708 | | | account_graphs_reset() { |
709 | | | rm -rf "$ACCOUNT_DIR/rrd/"* |
710 | | | rm -rf "$ACCOUNT_DIR/graphs/"* |
711 | | | rm -f "$ACCOUNT_DIR/cpu_load.txt" |
712 | | | rm -f "$ACCOUNT_DIR/cpu_load_data.txt" |
713 | | | rm -f "$ACCOUNT_DIR/data.txt" |
714 | | | rm -f "$ACCOUNT_DIR/interfaces.txt" |
715 | | | rm -f "$ACCOUNT_DIR/interfaces_data.txt" |
716 | | | rm -f "$ACCOUNT_DIR/mikrotik_wifi.txt" |
717 | | | rm -f "$ACCOUNT_DIR/routers.txt" |
718 | | | rm -f "$ACCOUNT_DIR/signals.txt" |
719 | | | rm -f "$ACCOUNT_DIR/users.txt" |
720 | | | iptaccount -f -l account &>/dev/null |
721 | | | iptaccount -f -l account_ext &>/dev/null |
722 | | | } |
723 | | | |
724 | | | # automaticke spousteni generovani grafu pro webove rozhrani |
725 | | | if [ "$ACCOUNT_GRAPHS" == "yes" ] && [ "$ACCOUNT" == "yes" ] && [ "$FIREWALL" == "yes" ] && [ ! -e "/etc/cron.d/account_graphs" ]; then |
726 | | | echo -n "Creating cron file for firewall account..." |
727 | | | |
728 | | | ro_test "/etc/cron.d/account_graphs" |
729 | | | |
730 | | | echo "# Created by firewall script for account" > /etc/cron.d/account_graphs |
731 | | | echo "*/2 * * * * root /etc/init.d/firewall account_graphs_generate" >> /etc/cron.d/account_graphs |
732 | | | |
733 | | | ro_exit |
734 | | | |
735 | | | echo "done." |
736 | | | elif ( [ "$ACCOUNT" != "yes" ] || [ "$ACCOUNT_GRAPHS" != "yes" ] || [ "$FIREWALL" != "yes" ] || [ "$1" == "account_stop" ] ) && [ -e "/etc/cron.d/account_graphs" ] && [ "`basename $0`" != "account" ]; then |
737 | | | echo -n "Deleting cron file for firewall account..." |
738 | | | |
739 | | | ro_test "/etc/cron.d/account_graphs" |
740 | | | |
741 | | | rm -f "/etc/cron.d/account_graphs" 2>/dev/null |
742 | | | |
743 | | | ro_exit |
744 | | | |
745 | | | echo "done." |
746 | | | fi |
747 | | | |