cryptonas/cbox-tree.d/usr/lib/cryptobox/check_smb_idle.sh

#!/bin/sh
#
# a simple script to check, if there was no smb traffic for the specified
# number of minutes - then it unmounts the crypto partition
#
# you may want to adjust the function "filter_ipt_rules" according to
# your setup
#
# any Parameter are ignored
# 
# this script has to run as root - as it invokes iptables
#
# the iptables rules to detect smb traffic could look like the following:
#   iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
#   iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
#
# called by:
#	- cron (/etc/cron.d/cryptobox
#

set -eu

# parse config file
. /etc/cryptobox/cryptobox.conf


############# some functions ##################

filter_ipt_rules()
# get the input rules for smb datagram traffic
{
	iptables -L INPUT -vnx | grep -E "tcp upt:138|udp dpt:139"
}


function count_traffic()
{
	local sum=0
	# fallback if no rules were found
	echo "$sum"
	# extract the number of packets and calculate the sum
	filter_ipt_rules | sed 's/  */ /g' | cut -d " " -f 3 | while read a
		do	sum=$((sum+a))
			echo "$sum"
	  done | tail -1
	# sorry for the echo-tail-voodoo - i did not know it better :)
	iptables -Z INPUT
}


################### main ######################

# break, if crypto partition is not mounted
"$CB_SCRIPT" is_crypto_mounted || exit 0

# break, if idle timer is turned off
MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)
[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0

# config test
[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1

# init idle_counter file, if it does not exist
[ ! -e "$IDLE_COUNTER_FILE" ] && echo "0" >"$IDLE_COUNTER_FILE"

# return true if it was idle
if [ "$(count_traffic)" -eq 0 ]
  then	echo "$(( $(<$IDLE_COUNTER_FILE) +1))"
  else	echo 0
 fi >"$IDLE_COUNTER_FILE"

# unmount crypto partition, if the threshold was reached
[ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ] && \
	"$CB_SCRIPT" crypto-umount >>"$LOG_FILE" 2>&1
new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00			`#!/bin/sh`
			`#`
check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			`# a simple script to check, if there was no smb traffic for the specified`
			`# number of minutes - then it unmounts the crypto partition`
new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00			`#`
check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			`# you may want to adjust the function "filter_ipt_rules" according to`
			`# your setup`
new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00			`#`
			`# any Parameter are ignored`
			`#`
			`# this script has to run as root - as it invokes iptables`
			`#`
check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			`# the iptables rules to detect smb traffic could look like the following:`
new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00			`# iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT`
			`# iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT`
			`#`
changed references to scripts 2005-07-21 21:53:49 +02:00			`# called by:`
check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			`# - cron (/etc/cron.d/cryptobox`
changed references to scripts 2005-07-21 21:53:49 +02:00			`#`
new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00
			`set -eu`

			`# parse config file`
			`. /etc/cryptobox/cryptobox.conf`


check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			`############# some functions ##################`

new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00			`filter_ipt_rules()`
			`# get the input rules for smb datagram traffic`
			`{`
			`iptables -L INPUT -vnx \| grep -E "tcp upt:138\|udp dpt:139"`
			`}`


			`function count_traffic()`
			`{`
			`local sum=0`
			`# fallback if no rules were found`
			`echo "$sum"`
			`# extract the number of packets and calculate the sum`
			`filter_ipt_rules \| sed 's/ */ /g' \| cut -d " " -f 3 \| while read a`
			`do sum=$((sum+a))`
			`echo "$sum"`
			`done \| tail -1`
			`# sorry for the echo-tail-voodoo - i did not know it better :)`
			`iptables -Z INPUT`
			`}`

check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00
			`################### main ######################`

			`# break, if crypto partition is not mounted`
			`"$CB_SCRIPT" is_crypto_mounted \|\| exit 0`

			`# break, if idle timer is turned off`
			`MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)`
			`[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0`

new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00			`# config test`
check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1

			`# init idle_counter file, if it does not exist`
			`[ ! -e "$IDLE_COUNTER_FILE" ] && echo "0" >"$IDLE_COUNTER_FILE"`
new directory layout (trunk, tags and branches) 2005-07-21 11:35:28 +02:00
			`# return true if it was idle`
check_smb_idle.sh integrated 2005-08-29 01:31:53 +02:00			`if [ "$(count_traffic)" -eq 0 ]`
			`then echo "$(( $(<$IDLE_COUNTER_FILE) +1))"`
			`else echo 0`
			`fi >"$IDLE_COUNTER_FILE"`

			`# unmount crypto partition, if the threshold was reached`
			`[ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ] && \`
			`"$CB_SCRIPT" crypto-umount >>"$LOG_FILE" 2>&1`