54 lines
1.3 KiB
Bash
Executable file
54 lines
1.3 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# a simple script to check, if there was smb traffic since the last test
|
|
#
|
|
# you may want to adjust the function "filter_ipt_rules" according to your setup
|
|
#
|
|
# any Parameter are ignored
|
|
#
|
|
# this script has to run as root - as it invokes iptables
|
|
#
|
|
# possible deployment in crontab:
|
|
# smb_timeout.sh && (/etc/init.d/samba stop; umount /mnt/crypto)
|
|
#
|
|
# the iptables rules you need to detect smb traffic could look like the following:
|
|
# iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
|
|
# iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
|
|
#
|
|
# called by:
|
|
# - TODO: this script is not in use, yet
|
|
#
|
|
|
|
set -eu
|
|
|
|
# parse config file
|
|
. /etc/cryptobox/cryptobox.conf
|
|
|
|
|
|
filter_ipt_rules()
|
|
# get the input rules for smb datagram traffic
|
|
{
|
|
iptables -L INPUT -vnx | grep -E "tcp upt:138|udp dpt:139"
|
|
}
|
|
|
|
|
|
function count_traffic()
|
|
{
|
|
local sum=0
|
|
# fallback if no rules were found
|
|
echo "$sum"
|
|
# extract the number of packets and calculate the sum
|
|
filter_ipt_rules | sed 's/ */ /g' | cut -d " " -f 3 | while read a
|
|
do sum=$((sum+a))
|
|
echo "$sum"
|
|
done | tail -1
|
|
# sorry for the echo-tail-voodoo - i did not know it better :)
|
|
iptables -Z INPUT
|
|
}
|
|
|
|
# config test
|
|
[ -z "`filter_ipt_rules`" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >&2 && exit 1
|
|
|
|
# return true if it was idle
|
|
test "`count_traffic`" -eq 0
|
|
exit $?
|