diff options
author | Christian Hesse <mail@eworm.de> | 2018-12-14 12:35:06 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2018-12-14 12:35:06 +0100 |
commit | eda89ba64391dc6b41c7d9762656143caad1f77b (patch) | |
tree | 37ec10329c411cc89653e1167b67be13413afb6e | |
parent | 65283ce76d87f02e1eb47ace91a6c93192c0f108 (diff) |
collect-wireless-mac: get and record the vendor
-rw-r--r-- | collect-wireless-mac.capsman | 14 | ||||
-rw-r--r-- | collect-wireless-mac.local | 14 | ||||
-rw-r--r-- | collect-wireless-mac.template | 14 |
3 files changed, 36 insertions, 6 deletions
diff --git a/collect-wireless-mac.capsman b/collect-wireless-mac.capsman index 46bf7fd..2fd05c4 100644 --- a/collect-wireless-mac.capsman +++ b/collect-wireless-mac.capsman @@ -8,6 +8,7 @@ :global "identity"; +:global CertificateAvailable; :global SendNotification; :local "place-before" [ / caps-man access-list find where comment="--- collected above ---" disabled ]; @@ -36,8 +37,16 @@ :local interface [ / caps-man registration-table get $regentry interface ]; :local ssid [ / caps-man registration-table get $regentry ssid ]; :local datetime ([ / system clock get date ] . " " . [ / system clock get time ]); - :local message ("unknown MAC address " . $mac . " (" . $hostname . ") first seen on " . \ - $datetime . " connected to SSID " . $ssid . ", interface " . $interface); + :local vendor; + :do { + $CertificateAvailable "731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568"; + :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \ + url=("https://api.macvendors.com/" . $mac) output=user as-value ]->"data"); + } on-error={ + :set vendor "unknown vendor"; + } + :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \ + "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface); / log info $message; / caps-man access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes; $SendNotification ($mac . " connected to " . $ssid) \ @@ -46,6 +55,7 @@ "Interface: " . $interface . "\n" . \ "SSID: " . $ssid . "\n" . \ "MAC: " . $mac . "\n" . \ + "Vendor: " . $vendor . "\n" . \ "Hostname: " . $hostname . "\n" . \ "Address: " . $address . "\n" . \ "Date: " . $datetime); diff --git a/collect-wireless-mac.local b/collect-wireless-mac.local index 3416046..d6ece7d 100644 --- a/collect-wireless-mac.local +++ b/collect-wireless-mac.local @@ -8,6 +8,7 @@ :global "identity"; +:global CertificateAvailable; :global SendNotification; :local "place-before" [ / interface wireless access-list find where comment="--- collected above ---" disabled ]; @@ -36,8 +37,16 @@ :local interface [ / interface wireless registration-table get $regentry interface ]; :local ssid [ / interface wireless get [ find where name=$interface ] ssid ]; :local datetime ([ / system clock get date ] . " " . [ / system clock get time ]); - :local message ("unknown MAC address " . $mac . " (" . $hostname . ") first seen on " . \ - $datetime . " connected to SSID " . $ssid . ", interface " . $interface); + :local vendor; + :do { + $CertificateAvailable "731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568"; + :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \ + url=("https://api.macvendors.com/" . $mac) output=user as-value ]->"data"); + } on-error={ + :set vendor "unknown vendor"; + } + :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \ + "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface); / log info $message; / interface wireless access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes; $SendNotification ($mac . " connected to " . $ssid) \ @@ -46,6 +55,7 @@ "Interface: " . $interface . "\n" . \ "SSID: " . $ssid . "\n" . \ "MAC: " . $mac . "\n" . \ + "Vendor: " . $vendor . "\n" . \ "Hostname: " . $hostname . "\n" . \ "Address: " . $address . "\n" . \ "Date: " . $datetime); diff --git a/collect-wireless-mac.template b/collect-wireless-mac.template index 784bfb9..59b2e72 100644 --- a/collect-wireless-mac.template +++ b/collect-wireless-mac.template @@ -9,6 +9,7 @@ :global "identity"; +:global CertificateAvailable; :global SendNotification; :local "place-before" [ / %PATH% access-list find where comment="--- collected above ---" disabled ]; @@ -38,8 +39,16 @@ :local ssid [ / caps-man registration-table get $regentry ssid ]; :local ssid [ / interface wireless get [ find where name=$interface ] ssid ]; :local datetime ([ / system clock get date ] . " " . [ / system clock get time ]); - :local message ("unknown MAC address " . $mac . " (" . $hostname . ") first seen on " . \ - $datetime . " connected to SSID " . $ssid . ", interface " . $interface); + :local vendor; + :do { + $CertificateAvailable "731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568"; + :set vendor ([ / tool fetch mode=https check-certificate=yes-without-crl \ + url=("https://api.macvendors.com/" . $mac) output=user as-value ]->"data"); + } on-error={ + :set vendor "unknown vendor"; + } + :local message ("unknown MAC address " . $mac . " (" . $vendor . ", " . $hostname . ") " . \ + "first seen on " . $datetime . " connected to SSID " . $ssid . ", interface " . $interface); / log info $message; / %PATH% access-list add place-before=$"place-before" comment=$message mac-address=$mac disabled=yes; $SendNotification ($mac . " connected to " . $ssid) \ @@ -48,6 +57,7 @@ "Interface: " . $interface . "\n" . \ "SSID: " . $ssid . "\n" . \ "MAC: " . $mac . "\n" . \ + "Vendor: " . $vendor . "\n" . \ "Hostname: " . $hostname . "\n" . \ "Address: " . $address . "\n" . \ "Date: " . $datetime); |