公司的无线环境采用mac地址认证的方式,mac地址被绑定到Radius的users配置文件中,将注册了的mac地址作为用户名和密码。为了方便的管理这些mac地址,自己写了一个shell脚本来管理。
shell脚本所特有的强大文本处理能力和各种命令函数的组合,使得管理员的工作能轻松不少。
下面就列出该脚本的功能以示参考:
-
添加mac地址
-
删除mac地址
-
查找mac地址
-
去除重复mac地址
-
检查mac地址合法性
-
TODO,导入导出mac地址,添加注释
其中用到的Shell脚本技术包括但不限于:
-
文本文件的列处理和行处理,如sed、awk等命令
-
字符串查找、过滤、大小写转换,bash和grep等命令
-
获取、计算、比较字符串长度,bash和wc等命令
-
mac地址正则表达式的处理和类型转换
-
shell编程操作、包括文件包含、函数、参数传递、返回值等
-
其他
代码示例:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
#!/bin/bash
#
# Source function library.
.
/etc/rc
.d
/init
.d
/functions
RADIUSD=
/usr/sbin/radiusd
LOCKF=
/var/lock/subsys/radiusd
CONFIG=
/etc/raddb/radiusd
.conf
USERCONFIG=
/etc/raddb/users
[ -f $RADIUSD ] ||
exit
0
[ -f $CONFIG ] ||
exit
0
[ -f $USERCONFIG ] ||
exit
0
RETVAL=0
OPERATION=$1
MACADDRESS=$2
function
help()
{
clear
echo
$
""
echo
$
"===================================================================================="
echo
$
"For Radius on Fedora/CentOS/RadHat Linux Server, Written by Chris"
echo
$
"===================================================================================="
echo
$
"A tool to manage Radius server"
echo
$
""
echo
$
"Usage: $0 {find|add|modify|delete|check|remove|start|stop|status|restart|reload} mac"
#TODO
echo
$
"Usage: $0 {import|export|debug}"
echo
$
""
echo
$
"For more information please contract dgdenterprise@gmail.com"
echo
$
"===================================================================================="
echo
$
""
exit
1
}
function
mac()
{
if
[ -z $MACADDRESS ];
then
echo
$
"no mac address is signed! "
echo
$
"\$2 is $MACADDRESS"
exit
1
else
if
[[
"${#MACADDRESS}"
!=
"12"
]] && [[
"${#MACADDRESS}"
!=
"17"
]] ;
then
echo
"mac length is ${#MACADDRESS}"
echo
"mac address is illegal! "
exit
1
# else
# echo $"mac which you input is $MACADDRESS"
fi
#echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}/p'
#echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}/p'
#echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{12}/p'
if
[[ `
echo
$MACADDRESS |
grep
-` ]];
then
PROMAC=`
echo
$MACADDRESS |
sed
-nr
'/[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}/p'
|
tr
'[:upper:]'
'[:lower:]'
|
sed
's/-//g'
`
elif
[[ `
echo
$MACADDRESS |
grep
:` ]];
then
PROMAC=`
echo
$MACADDRESS |
sed
-nr
'/[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}/p'
|
tr
'[:upper:]'
'[:lower:]'
|
sed
's/://g'
`
else
PROMAC=`
echo
$MACADDRESS |
tr
'[:upper:]'
'[:lower:]'
`
fi
echo
$PROMAC
fi
}
function
find
()
{
MAC=`mac`
echo
$
"accepted mac is $MAC"
if
[[ `
grep
$MAC $USERCONFIG` ]];
then
MACLINE=`
grep
-n $MAC $USERCONFIG |
awk
-F
':'
'{print $1}'
`
#echo $MACLINE
MACLINECOUNT=$(
echo
$MACLINE |
wc
-w)
#echo $MACLINECOUNT
if
[[
"$MACLINECOUNT"
!=
"1"
]];
then
echo
$
"ERROR, this mac $MAC has duplicate record, you should use $0 remove $MAC to remove duplicate record"
exit
1
fi
echo
$
"Successfully find $MAC in $MACLINE line of file $USERCONFIG! "
echo
REVAL=$?
else
echo
$
"Can not find $MAC in file $USERCONFIG! "
echo
exit
1
REVAL=$?
fi
}
function
add()
{
MAC=`mac`
echo
$
"accepted mac is $MAC"
#find $MAC
LINENUM=`
grep
-n
"Cleartext-Password :='"
$USERCONFIG |
grep
-
v
\
# | head -n1 | awk -F ":" '{print $1}'`
SEDOPERATION=$LINENUM
"a"
sed
-i
"$SEDOPERATION $MAC Cleartext-Password :='$MAC'"
$USERCONFIG
find
$MAC
restart
}
function
modify()
{
MAC=`mac`
find
$MAC
#TODO
}
function
delete()
{
MAC=`mac`
echo
$
"accepted mac is $MAC"
if
[[ `
grep
$MAC $USERCONFIG` ]];
then
MACLINE=`
grep
-n $MAC $USERCONFIG |
awk
-F
':'
'{print $1}'
`
##echo $MACLINE
#MACLINECOUNT=$(echo $MACLINE | wc -w)
##echo $MACLINECOUNT
#if [[ "$MACLINECOUNT" != "1" ]];then
# echo $"ERROR, this mac $MAC has duplicate record, you should use $0 remove $MAC to remove duplicate record"
# exit 1
#fi
echo
$
"Successfully find $MAC in $MACLINE line of file $USERCONFIG! "
echo
$
"It will be deleted! "
sed
-i
"$MACLINE d"
$USERCONFIG
#TODO
echo
$
"If you see 'Can not find $MAC in file $USERCONFIG! ', it means successfully! "
find
$MAC
echo
REVAL=$?
else
echo
$
"Can not find $MAC in file $USERCONFIG! "
echo
REVAL=$?
fi
}
function
check()
{
MAC=`mac`
find
$MAC
remove $MAC
}
function
remove()
{
MAC=`mac`
echo
$
"accepted mac is $MAC"
#TODO
#echo $"backuped file to file $FILENAME"
if
[[ `
grep
$MAC $USERCONFIG` ]];
then
MACLINE=`
grep
-n $MAC $USERCONFIG |
awk
-F
':'
'{print $1}'
`
#echo $MACLINE
MACLINECOUNT=$(
echo
$MACLINE |
wc
-w)
#echo $MACLINECOUNT
if
[[
"$MACLINECOUNT"
==
"1"
]];
then
echo
$
"WARNNING, this mac $MAC is good record, no duplicate record has found! "
exit
0
fi
TOREMOVE=
"$MAC Cleartext-Password :='$MAC'"
sed
-i
"/^$TOREMOVE$/d"
$USERCONFIG
add $MAC
fi
}
function
restart()
{
service radiusd restart
}
function
reload()
{
service radiusd reload
}
function
status()
{
service radiusd status
}
case
"$1"
in
find
)
find
RETVAL=$?
;;
add)
add
RETVAL=$?
;;
modify)
modify
RETVAL=$?
;;
delete)
delete
RETVAL=$?
;;
check)
check
RETVAL=$?
;;
remove)
remove
RETVAL=$?
;;
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
status)
status
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
reload)
reload
RETVAL=$?
;;
*)
help
exit
1
;;
esac
|
其中有一些可以改进的地方,比如换一种方法或者增强用户的使用体验都是可以的,欢迎大家提出意见。
本文转自 urey_pp 51CTO博客,原文链接:http://blog.51cto.com/dgd2010/1567085,如需转载请自行联系原作者
