Script to check for unkown attached devices

[KRL]

Hi All,

First post so first of all hello and thank you Merlin for making such great firmware!

I wanted to be notified of any new devices attaching to my router which are unkown to me. To do this I created the script below. I hope this might also be usefu to some of you.

#!/bin/sh

#    attached_device_checker.sh
#
#    Usage:
#            ./attached_device_checker.sh
#
#    Description:
#                This script will check all attached devices to the router (wired and wireless) using arp.
#                It will then compare the attached devices against a user pre-defined MAC list:
#                    /jffs/configs/device_macs.
#                The device_macs file should be populated by the user with a list of known MAC addresses
#                that access your router.  Example device_macs below with made up MAC addresses:
#                    00:00:00:00:00:01
#                    00:00:00:00:00:02
#                    00:00:00:00:00:03
#                    00:00:00:00:00:04
#                    00:00:00:00:00:05
#                    00:00:00:00:00:06
#                    00:00:00:00:00:07
#                    00:00:00:00:00:08
#                    00:00:00:00:00:09
#                    <incomplete>
#               
#                If a device is found attached to the router which does not exist in the device_macs list an
#                email will be sent containing the unknown device information.  The email will only be sent
#                once in a 24 hour period for each new device detected (see cron below).  Currently sendmail
#                is configured to use GMAIL using the advice from lahma - thank you lahma!
#                    http://www.snbforums.com/threads/notifications-e-mail.8190/page-8#post-291510
#
#                The script can be run periodically using cron.  I have added the following to services-start:
#                    # Checked attached devices every 5 minutes
#                    cru a AttachDeviceCheck "*/5 * * * * /jffs/scripts/attached_device_checker.sh"
#
#                    # Delete unkowndevicelist at 1am everyday
#                    cru a DeleteUnkownDeviceList "* 1 * * * rm /tmp/unkowndevicelist"



FROM="<email>@gmail.com"
AUTH="<email>@gmail.com"
PASS="<email_password>"
FROMNAME="<name>"
TO="<send_email_address>"
MAIL="/tmp/mail.txt"

DEVICEMACS="/jffs/configs/device_macs"
NEWDEVICELIST="/tmp/newdevicelist"
MACLIST="/tmp/maclist"
UNKOWNDEVICELIST="/tmp/unkowndevicelist"
DEVICEMAP="/tmp/devicemap"
MACMAP="/tmp/macmap"

# Remove old new device list
rm $NEWDEVICELIST

# create fresh mac lookup list from device_macs and unkowndevicelist
cat $DEVICEMACS > $MACLIST
cat $UNKOWNDEVICELIST >>  $MACLIST

# Create arp list
arp -a -i br0 | awk '{print $1,$2,$4}' > $DEVICEMAP

# Create MAC list
cat $DEVICEMAP | awk '{print $3}' > $MACMAP


for line in $(cat $MACMAP)
        do
                CHECK=`grep -i $line $MACLIST | wc -l`
                        if [ $CHECK == "0" ]; then
                                NEWDEVICE=`grep $line $DEVICEMAP`
                                echo $NEWDEVICE >> $NEWDEVICELIST
                        fi
done

MAILCHECK=`cat $NEWDEVICELIST | wc -l`

 if [ $MAILCHECK != "0" ]; then
ntpclient -h pool.ntp.org -s &> /dev/null

cat $NEWDEVICELIST >> $UNKOWNDEVICELIST

echo "Subject: Unknown Device Connection Alert" >$MAIL
echo "From: \\"$FROMNAME\\"<$FROM>" >>$MAIL
echo "Date: `date -R`" >>$MAIL
echo "" >>$MAIL
echo "My WAN IP is: `nvram get wan0_ipaddr`" >>$MAIL
echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`" >>$MAIL
cat $NEWDEVICELIST >>$MAIL
echo "" >>$MAIL

cat $MAIL | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-tls1 -starttls smtp -connect smtp.gmail.com:587" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO \

rm $MAIL
fi