To tackle these scenarios, I thought it would be personally useful if there was an automated method of notification so that this process could all be done in the background for me, and I could continue whatever work I was doing without having to micro-manage a ping.
For me, I felt it would be great if an email notification could be used since I could use Outlook's preview window in conjunction with my ping to quickly break me away from what I was doing to allow my investigation to begin when the device in question came back online. My first attempt at this was using a simple ICMP echo (type 8) to determine device's status. When the device came back online, I used the Linux sendEmail program to email me with the status update. The result was a short little bash script and the code that follows.
#!/bin/bash
echo "Please enter the IP address or FQDN of the host you are interested in: "
read ipaddress
echo -e "\nPlease enter Exchange password (Used for sendEmail Purposes): "
read -s PASSWORD
while :
do
ping -c 1 $ipaddress > /dev/null
if [ $? -eq 0 ]; then
sendEmail -f (enter from address) -t (enter your email address) -u Commence the Investigation!!! -m Host $ipaddress is back online! -s (enter SMTP relay server):25 -xu (enter username) -xp $PASSWORD -o tls=no
break
fi
done
As you can see, nothing too special here. The script simply ran a ping in loop, where it would send a single ICMP type 8 echo packet and wait for an ICMP echo-reply (type 0) to return. Now, there are a couple glaring problems with this, most notably what happens if the device in question doesn't respond to ICMP because it is behind a firewall, for example? To overcome some of the limitations with using ICMP, I came up with a second script that makes calls the fantastic Nmap in order to customize the types of probes used to determine a device's online status.
#!/bin/bash
NMAP=/usr/bin/nmap
NMAPOPTIONSLINUX="-n -PN -sS -p22,25,53,80,110,143,443 -PA22,53,80,443"
NMAPOPTIONSWIN="-n -PN -sS -p135-139,445,1025 -PA135-139,445,1025"
NMAPOPTIONSCISCO="-n -PN -sS -p22,23,80,443"
function Linux {
while :
do
$NMAP $NMAPOPTIONSLINUX $IPADDYLINUX > nmap.txt
cat nmap.txt | grep "Host is up" > /dev/null
if [ $? -eq 0 ]; then
sendEmail -f (from email address) -t (to email address) -u Commence the Investigation!!! -m Host $IPADDYLINUX is back online! -s (SMTP relay server) -o tls=no
break
fi
done
}
function Windows {
while :
do
$NMAP $NMAPOPTIONSWIN $IPADDYWIN > nmap.txt
cat nmap.txt | grep "Host is up" > /dev/null
if [ $? -eq 0 ]; then
sendEmail -f (from email address) -t (to email address) -u Commence the Investigation!!! -m Host $IPADDYLINUX is back online! -s (SMTP relay server) -o tls=no
break
fi
done
}
function Cisco {
while :
do
$NMAP $NMAPOPTIONSCISCO $IPADDYCISCO > nmap.txt
cat nmap.txt | grep "Host is up" > /dev/null
if [ $? -eq 0 ]; then
sendEmail -f (from email address) -t (to email address) -u Commence the Investigation!!! -m Host $IPADDYLINUX is back online! -s (SMTP relay server) -o tls=no
break
fi
done
}
function Menu {
clear
cat > /dev/stdout <<DELIM
========================================================
Please Select the Appropriate Device Type
[L]inux or Unix
[W]indows
[C]isco
[Q]uit
========================================================
DELIM
read DEVICETYPE
clear
shopt -s nocasematch
if [[ $DEVICETYPE = *L* ]]; then
echo "Please input IP address of Linux/Unix device:"
read IPADDYLINUX
echo -e "Thank You, An Email Will Be Sent When Host is Back Online...\n"
Linux
elif [[ $DEVICETYPE = *W* ]]; then
echo "Please input IP address of Windows device:"
read IPADDYWIN
echo -e "\nThank You, An Email Will Be Sent When Host is Back Online...\n"
Windows
elif [[ $DEVICETYPE = *C* ]]; then
echo "Please input IP address of Cisco device:"
read IPADDYCISCO
echo -e "\nThank You, An Email Will Be Sent When Host is Back Online...\n"
Cisco
elif [[ $DEVICETYPE = *Q* ]]; then
echo -e "\n\nGoodbye, and thank you for being the Network Police!"
exit 0
else
echo "Sorry, --> $DEVICETYPE <-- is an Unknown Selection"
echo "Press Enter to Continue..."
read
Menu
fi
shopt -u nocasematch
}
Menu
Besides a more polished look, this will actually cater the TCP probes based on the type of device in question. I customized the Nmap options based on personal experience with various types of OS. As with the ICMP script, it will wait for a device to come back online before notifying via email. Both of these bash scripts were written using the Linux Backtrack4 distro. Note that I did not require authentication on the SMTP relay server in the latter script.
No comments:
Post a Comment