lanturtle-modules/modules/turtledump

125 lines
3.7 KiB
Plaintext
Raw Normal View History

2017-11-19 21:30:24 +00:00
#!/bin/bash /usr/lib/turtle/turtle_module
VERSION="1.0"
DESCRIPTION="Save tcpdump pcap to remote host"
AUTHOR="Dylan Smyth"
CONF=/tmp/turtledump.form
: ${DIALOG_OK=0}
: ${DIALOG_CANCEL=1}
: ${DIALOG_HELP=2}
: ${DIALOG_EXTRA=3}
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
function start {
touch /tmp/turtledump.pid
if [ -s /etc/config/turtledump ]
then
turtledump_host=$(uci get turtledump.rp_host)
turtledump_user=$(uci get turtledump.rp_user)
turtledump_port=$(uci get turtledump.rp_port)
turtledump_filename=$(uci get turtledump.rp_filename)
if grep -q $turtledump_host /root/.ssh/known_hosts; then
echo "Starting Turtledump..."
echo "(tcpdump -i br-lan -w - not host $turtledump_host | ssh -q -t -p $turtledump_port $turtledump_user@$turtledump_host \"cat >> $turtledump_filename\" &)" | at now 2>/dev/null
sleep 3 #Give process time to start
pgrep -f "ssh -q -t -p $turtledump_port $turtledump_user@$turtledump_host" > /tmp/turtledump.pid
echo "Turtledump started with pid: $(cat /tmp/turtledump.pid)"
else
echo "Host $turtledump_host is not known."
echo "Please use keymanager to generate a key for this host."
fi
else
touch /etc/config/turtledump
echo "Turtledump is not configured"
fi
}
function stop {
touch /tmp/turtledump.pid
if kill -0 $(cat /tmp/turtledump.pid) 2>/dev/null; then
echo "Stopping Turtledump"
kill $(cat /tmp/turtledump.pid)
else
echo "Turtledump not running"
fi
}
function status {
if [ -s /tmp/turtledump.pid ]; then
if kill -0 $(cat /tmp/turtledump.pid) 2>/dev/null; then
echo "1"
else
echo "0"
fi
else
echo "0"
fi
}
function configure {
if [ -s /etc/config/turtledump ]
then
turtledump_host=$(uci get turtledump.rp_host)
turtledump_user=$(uci get turtledump.rp_user)
turtledump_port=$(uci get turtledump.rp_port)
turtledump_filename=$(uci get turtledump.rp_filename)
else
touch /etc/config/turtledump
turtledump_port='22'
turtledump_filename='turtle.pcap'
fi
dialog --ok-label "Submit" \
--help-button \
--title "Turtledump Configuration" \
--form "Turtledump\n\n\
Host: IP address of host to establish the SSH connection\n\
User: User to log in as\n\
Port: Port the SSH server is running on (Default 22)\n\
Filename: pcap filename (Default 'turtle.pcap')\n \n" 16 60 4\
"Host:" 1 1 "$turtledump_host" 1 14 48 0 \
"User:" 2 1 "$turtledump_user" 2 14 48 0 \
"Port:" 3 1 "$turtledump_port" 3 14 48 0 \
"Filename" 4 1 "$turtledump_filename" 4 14 48 0 \
2>$CONF
return=$?
case $return in
$DIALOG_OK)
cat $CONF | {
read -r turtledump_host
read -r turtledump_user
read -r turtledump_port
read -r turtledump_filename
touch /etc/config/turtledump
uci set turtledump.rp_host=$turtledump_host
uci set turtledump.rp_user=$turtledump_user
uci set turtledump.rp_port=$turtledump_port
uci set turtledump.rp_filename=$turtledump_filename
uci commit turtledump
rm $CONF
};;
$DIALOG_CANCEL)
rm $CONF
clear
exit;;
$DIALOG_HELP)
dialog --title "Help" \
--msgbox "\
Turtledump will launch tcpdump and write the captured packets to a pcap file on a remost host via an SSH connection.\n\
Use the keymanager module to first create an SSH key for the remote host.\n\
Host: IP address of host to establish the SSH connection\n\
User: User to log in as\n\
Port: Port the SSH server is running on (Default 22)\n\
Filename: Filename for the saved pcap (Default 'turtle.pcap')\n \n
" 20 60
configure
;;
$DIALOG_ESC)
clear;;
esac
}