[CentOS] Monitor Wireless Networks OT
Joseph Hesse
joehesse at gmail.com
Tue Feb 25 12:00:51 UTC 2014
On 02/24/2014 07:58 PM, Billy Crook wrote:
> On Thu, Feb 20, 2014 at 3:50 PM, Frank Cox <theatre at melvilletheatre.com> wrote:
>> On Thu, 20 Feb 2014 15:42:35 -0600
>> Joseph Hesse wrote:
>>
>>> Apparently my hardware is not sufficient. When I run "iwlist scan" I get:
>>>
>>> lo p5p1; Interface doesn't support scanning
>> I'm pretty sure you have to run it as root user.
> You also have to run it on your wireless nic. p5p1 sounds like a
> gig-ethernet wired nic. wlp should be your wireless
>
> You might also have to ifup wlan0 or ifconfig wlan0 up to get it to
> scan. Sometimes if its down, it won't scan.
>
> I thought I might share my scripts anyway. First the awk, then the cronjob.
>
> # cat bin/iwlistparse.awk
> $1 == "BSS" {
> MAC = $2
> wifi[MAC]["enc"] = "Open"
> wifi[MAC]["mac"] = $MAC
> }
> $1 == "SSID:" {
> wifi[MAC]["SSID"] = $2
> }
> $1 == "freq:" {
> wifi[MAC]["freq"] = $NF
> }
> $1 == "signal:" {
> wifi[MAC]["sig"] = $2 " " $3
> }
> $1 == "WPA:" {
> wifi[MAC]["enc"] = "WPA"
> }
> $1 == "WEP:" {
> wifi[MAC]["enc"] = "WEP"
> }
> END {
> # printf "%s\t\t%s\t%s\t\t%s\n","SSID","Frequency","Signal","Encryption"
>
> for (w in wifi) {
> printf "%s\t\t%s\t\t%s\t%s\n",wifi[w]["SSID"],wifi[w]["mac"],wifi[w]["freq"],wifi[w]["sig"],wifi[w]["enc"]
> }
> }
>
> # cat bin/wlanpatrol
> #!/bin/bash
> tstamp="$(date +\%Y\%m\%d\%H\%M\%S)"
>
> #Wirelss is flakey. Retry a 'few' times to get the right number of
> authorized APs, or any APs at all. sometimes scans just fail
> iter=0
> while [[ "${iter}" -le 60 ]]
> do
> iter=$(( ${iter} + 1 ))
> /sbin/iwlist wlp12s0 scanning 2>&1 | grep -v 'wlp12s0\ \ \
> Interface\ doesn'\''t\ support\ scanning\ :\ Device\ or\ resource\
> busy' > /root/iwlistlogs/${tstamp}
>
> #Replace 00.11.22.33.44.55's with the mac addresses of your authorised APs
> OurAPCount="$( awk -f /root/bin/iwlist.awk <
> /root/iwlistlogs/${tstamp} | grep -i -e '00.11.22.33.44.55' -e
> '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e
> '00.11.22.33.44.55' -e '00.11.22.33.44.55' | wc -l)"
> if [[ ! -s "/root/iwlistlogs/${tstamp}" ]]
> then
> continue
> fi
>
> #In our environment, I expect 6 legitimate APs be visible at all times.
> if [[ ${OurAPCount} -eq 6 ]]
> then
> break
> fi
> #echo OurAPCountError: ${OurAPCount} found.
>
> sleep 0.1
> done
>
> APCount="$( awk -f /root/bin/iwlist.awk /root/iwlistlogs/${tstamp} | wc -l)"
>
> #Here we check for bits and pieces of our actual company name in the
> names of all detected APs. Then we ignore the authorized mac
> addresses, to come upwith a list of APs pretending to be us.
> RogueAPs="$( awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} | \
> grep -i -e my -e company -e mc -e myc -e yco -e com -e omp -e mpa -e
> pan -e any | \
> grep -i -v -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e
> '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e '00.11.22.33.44.55' -e
> '00.11.22.33.44.55' )"
>
> if [[ $OurAPCount != 6 ]]
> then
> awk -f /root/bin/iwlist.awk < /root/iwlistlogs/${tstamp} |
> mail -s "Abnormal number of Our authorized APs: ${OurAPCount}"
> bcrook at mycompany.com
> fi
>
>
> if [[ ! -z "${RogueAPs}" ]]
> then
> mail -s "ROGUE APS IN USE" bcrook at OurAPCount.com <<< "${RogueAPs}"
> fi
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Thank you for the script.
FYI: p5p1 is the name of the wireless interface on my Fedora 20 laptop.
It was assigned automatically. It appears as wlan0 on my CentOS 6.5 laptop.
More information about the CentOS
mailing list