arpalert 2.0.11-7.1 / usr / share / arpalert / send_alert.pl

This file is indexed.

/usr/share/arpalert/send_alert.pl is in arpalert 2.0.11-7.1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/perl -w

# Set
#  action on detect = "/path/to/send_alert.pl"
# in /etc/arpalert/arpalert.conf to enable this script.

#
# This script is using Mail::Sendmail
# Web site: http://alma.ch/perl/mail.html#Mail::Sendmail
#
# Arguments sent by ArpAlert are :
# 1 : MAC Address
# 2 : IP Address
# 3 : supp (used with unathrq alert)
# 4 : Type of alert (cf arpalert.conf)
#

use Mail::Sendmail;
use Socket; # for inet_aton()

# Intruder MAC address
$intruder_MAC = $ARGV[0];

# Intruder IP address
$intruder_IP = $ARGV[1];

# Alert Type
$intruder_AlertType = $ARGV[3] or die "4 arguments needed";

open(MAILNAME, "</etc/mailname") or die "can't open /etc/mailname";
$mailname = <MAILNAME>;
chomp $mailname;

$mail{From} = 'ARP Alert <arpalert@' . "$mailname>";

# Separate multi receiver by coma (,)
# $mail{To}   = 'Mail 1 <mail.one@domain.com>, Mail 2 <mail.two@domain.com>';
$mail{To}   = "root <root@" . "$mailname>";

# SMTP server / IP or DNS name
# $server = 'smtp.domain.com';
$server = 'localhost';

if ($server) {
	$mail{Smtp} = $server;
	print "Server set to: $server\n";
}

$iaddr = inet_aton($intruder_IP) || "";
$intruder_Name = gethostbyaddr($iaddr, AF_INET) || "";

# Subject
$mail{Subject} = "[Warning] Intrusion Detection [Warning]";

# Body
$mail{Message} = "/!\\ Intruder Detected /!\\\n\n";
$mail{Message} .= "Intrusion time stamp : " . Mail::Sendmail::time_to_date() . "\n\n";
$mail{Message} .= "Intruder FQDN : $intruder_Name\n";
$mail{Message} .= "Intruder IP Address : $intruder_IP\n";
$mail{Message} .= "Intruder MAC Address : $intruder_MAC\n";
$mail{Message} .= "Type of alert : $intruder_AlertType\n";

# Send Alert
if (sendmail %mail) {
	print "content of \$Mail::Sendmail::log:\n$Mail::Sendmail::log\n";
	if ($Mail::Sendmail::error) {
		print "content of \$Mail::Sendmail::error:\n$Mail::Sendmail::error\n";
	}
	print "ok 2\n";
}
else {
	print "\n!Error sending mail:\n$Mail::Sendmail::error\n";
	print "not ok 2\n";
}

APT Browse - Built by Thomas Orozco.