Skip to content

Instantly share code, notes, and snippets.

@1nn3
Last active July 12, 2024 15:22
Show Gist options
  • Save 1nn3/0dfd6c261a67f867b37cd8c23c160e94 to your computer and use it in GitHub Desktop.
Save 1nn3/0dfd6c261a67f867b37cd8c23c160e94 to your computer and use it in GitHub Desktop.
ARP alert action on detect script
#!/usr/bin/env sh
# ARP alert action
# grep "action on detect" /etc/arpalert/arpalert.conf
# action on detect = /usr/local/sbin/arpalert-action-on-detect
mac="$1"
ip="$2"
extras="$3"
device="$4"
type_of_alert="$5"
vendor="$6"
case "$type_of_alert" in
0) subject="IP change $ip ($vendor)" ;;
1) subject="MAC already detected but not in white list" ;;
2) subject="MAC in black list" ;;
3) subject="New MAC $mac ($vendor)" ;;
4) subject="Unauthorized arp request" ;;
5) subject="Abusive number of arp request detected" ;;
6) subject="Ethernet MAC different from ARP MAC" ;;
7) subject="Flood detected" ;;
8) subject="New MAC whithout IP $mac ($vendor)" ;;
9) subject="MAC change $mac ($vendor)" ;;
10) subject="MAC expiere $mac ($vendor)" ;;
*) subject="n/a" ;;
esac
mail -s "$subject" root <<!
$device $ip $mac $vendor
$subject ($type_of_alert)
$extras
!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment