cryptonas-archive/v0.2.1/cbox-tree.d/usr/lib/cryptobox/check_smb_idle.sh

#!/bin/sh
#
# a simple script to check, if there was no smb traffic for the specified
# number of minutes - then it unmounts the crypto partition
#
# you may want to adjust the function "filter_ipt_rules" according to
# your setup
#
# any Parameter are ignored
# 
# this script has to run as root - as it invokes iptables
#
# the iptables rules to detect smb traffic could look like the following:
#   iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
#   iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
#
# called by:
#	- cron (/etc/cron.d/cryptobox)
#

set -eu

# parse config file
. /etc/cryptobox/cryptobox.conf


############# some functions ##################

filter_ipt_rules()
# get the input rules for smb datagram traffic
{
	"$IPTABLES" -L INPUT -vnx | grep -E "udp dpt:138|tcp dpt:139"
}


function check_for_traffic()
{
	local traffic_yes=0
	# fallback if no rules were found
	# extract the number of packets and calculate the sum
	filter_ipt_rules | sed 's/  */ /g' | cut -d " " -f 3 | while read a
		do	[ "$a" -gt 0 ] && echo "$a"
	  done | grep -q "" && traffic_yes=1
	"$IPTABLES" -Z INPUT
	[ "$traffic_yes" = "1" ]
}


################### main ######################

# break, if crypto partition is not mounted
"$CB_SCRIPT" is_crypto_mounted || exit 0

# break, if idle timer is turned off
MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)
[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0

# config test
[ -z "$(filter_ipt_rules)" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1

# read current idle counter
if [ -e "$IDLE_COUNTER_FILE" ]
	then	current_count=$(<$IDLE_COUNTER_FILE)
	else	current_count=0
  fi

# update counter
if check_for_traffic
  then	echo 0
  else	echo $((current_count + 1))
 fi >"$IDLE_COUNTER_FILE"

# unmount crypto partition, if the threshold was reached
if [ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ]
	then	"$CB_SCRIPT" crypto-down >>"$LOG_FILE" 2>&1
		echo "0" >"$IDLE_COUNTER_FILE"
  fi
v0.2.1 released 2005-10-24 12:19:17 +02:00			`#!/bin/sh`
			`#`
			`# a simple script to check, if there was no smb traffic for the specified`
			`# number of minutes - then it unmounts the crypto partition`
			`#`
			`# you may want to adjust the function "filter_ipt_rules" according to`
			`# your setup`
			`#`
			`# any Parameter are ignored`
			`#`
			`# this script has to run as root - as it invokes iptables`
			`#`
			`# the iptables rules to detect smb traffic could look like the following:`
			`# iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT`
			`# iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT`
			`#`
			`# called by:`
			`# - cron (/etc/cron.d/cryptobox)`
			`#`

			`set -eu`

			`# parse config file`
			`. /etc/cryptobox/cryptobox.conf`


			`############# some functions ##################`

			`filter_ipt_rules()`
			`# get the input rules for smb datagram traffic`
			`{`
			`"$IPTABLES" -L INPUT -vnx \| grep -E "udp dpt:138\|tcp dpt:139"`
			`}`


			`function check_for_traffic()`
			`{`
			`local traffic_yes=0`
			`# fallback if no rules were found`
			`# extract the number of packets and calculate the sum`
			`filter_ipt_rules \| sed 's/ */ /g' \| cut -d " " -f 3 \| while read a`
			`do [ "$a" -gt 0 ] && echo "$a"`
			`done \| grep -q "" && traffic_yes=1`
			`"$IPTABLES" -Z INPUT`
			`[ "$traffic_yes" = "1" ]`
			`}`


			`################### main ######################`

			`# break, if crypto partition is not mounted`
			`"$CB_SCRIPT" is_crypto_mounted \|\| exit 0`

			`# break, if idle timer is turned off`
			`MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)`
			`[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0`

			`# config test`
			[ -z "$(filter_ipt_rules)" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1

			`# read current idle counter`
			`if [ -e "$IDLE_COUNTER_FILE" ]`
			`then current_count=$(<$IDLE_COUNTER_FILE)`
			`else current_count=0`
			`fi`

			`# update counter`
			`if check_for_traffic`
			`then echo 0`
			`else echo $((current_count + 1))`
			`fi >"$IDLE_COUNTER_FILE"`

			`# unmount crypto partition, if the threshold was reached`
			`if [ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ]`
			`then "$CB_SCRIPT" crypto-down >>"$LOG_FILE" 2>&1`
			`echo "0" >"$IDLE_COUNTER_FILE"`
			`fi`