93 lines
2.4 KiB
Bash
Executable File
93 lines
2.4 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
|
#
|
|
# License: This script is distributed under the terms of version 2
|
|
# of the GNU GPL. See the LICENSE file included with the package.
|
|
#
|
|
# $Id$
|
|
#
|
|
# a simple script to check, if there was no smb traffic for the specified
|
|
# number of minutes - then it unmounts the crypto partition
|
|
#
|
|
# you may want to adjust the function "filter_ipt_rules" according to
|
|
# your setup
|
|
#
|
|
# any Parameter are ignored
|
|
#
|
|
# this script has to run as root - as it invokes iptables
|
|
#
|
|
# the iptables rules to detect smb traffic could look like the following:
|
|
# iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
|
|
# iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
|
|
#
|
|
# called by:
|
|
# - cron (/etc/cron.d/cryptobox)
|
|
#
|
|
|
|
set -eu
|
|
|
|
# read the default setting file, if it exists
|
|
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
|
|
|
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
|
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
|
# parse config file
|
|
. "$CONF_FILE"
|
|
|
|
|
|
############# some functions ##################
|
|
|
|
filter_ipt_rules()
|
|
# get the input rules for smb datagram traffic
|
|
{
|
|
"$IPTABLES" -L INPUT -vnx | grep -E "udp dpt:138|tcp dpt:139"
|
|
}
|
|
|
|
|
|
function check_for_traffic()
|
|
{
|
|
local traffic_yes=0
|
|
# fallback if no rules were found
|
|
# extract the number of packets and calculate the sum
|
|
filter_ipt_rules | sed 's/ */ /g' | cut -d " " -f 3 | while read a
|
|
do [ "$a" -gt 0 ] && echo "$a"
|
|
done | grep -q "" && traffic_yes=1
|
|
"$IPTABLES" -Z INPUT
|
|
[ "$traffic_yes" = "1" ]
|
|
}
|
|
|
|
|
|
################### main ######################
|
|
|
|
# TODO: migrate to multi-container-setup
|
|
exit 0
|
|
|
|
# break, if crypto partition is not mounted
|
|
"$CB_SCRIPT" is_crypto_mounted || exit 0
|
|
|
|
# break, if idle timer is turned off
|
|
MAX_IDLE_COUNTER=$("$CB_SCRIPT" get_config timeout)
|
|
[ "$MAX_IDLE_COUNTER" -eq 0 ] && exit 0
|
|
|
|
# config test
|
|
[ -z "$(filter_ipt_rules)" ] && echo "[`basename $0`]: Could not find a matching iptables rule!" >>"$LOG_FILE" && exit 1
|
|
|
|
# read current idle counter
|
|
if [ -e "$IDLE_COUNTER_FILE" ]
|
|
then current_count=$(<$IDLE_COUNTER_FILE)
|
|
else current_count=0
|
|
fi
|
|
|
|
# update counter
|
|
if check_for_traffic
|
|
then echo 0
|
|
else echo $((current_count + 1))
|
|
fi >"$IDLE_COUNTER_FILE"
|
|
|
|
# unmount crypto partition, if the threshold was reached
|
|
if [ "$(<$IDLE_COUNTER_FILE)" -ge "$MAX_IDLE_COUNTER" ]
|
|
then "$CB_SCRIPT" crypto-down >>"$LOG_FILE" 2>&1
|
|
echo "0" >"$IDLE_COUNTER_FILE"
|
|
fi
|