Evo, negde sam iskopao i modifikovani kod za checkrad skriptu u perlu koju sam ja koristio da cistim bazu od "visecih sesija". Ova modifikacija koristi telnet na NAS (MT) da proveri ko je sve ulogovan i koji je session-id, jer je taj podatak nemoguce izvuci preko snmp-a.
Code:
sub mikrotik_telnet {
# Localize all variables first.
my ($t, $login, $password);
my (@fields, @output, $output, $username_seen, $user);
return 2 unless (check_net_telnet());
$terminalserver = $ARGV[1];
$user = $ARGV[3];
# Get login name and password for a certain NAS from $naspass.
($login, $password) = naspasswd($terminalserver, 1);
return 2 if ($password eq "");
# MikroTik routeros doesnt tell us to which port the user is connected
# practically this would limit us to a simple only-one user limit for
# this script to work properly.
$t = new Net::Telnet (Timeout => 5,
Prompt => '//\[.*@.*\] > /');
# Dont just exit when there is error
$t->errmode('return');
# Telnet to terminal server
$t->open($terminalserver) or return 2;
#Send login and password etc.
$t->login(Name => $login,
Password => $password,
# We must detect if we are logged in from the login banner.
# Because if routeros is with a free license the command
# prompt dont come. Instead it waits us to press "Enter".
Prompt => '/MikroTik/');
# Just be sure that routeros isn't waiting for us to press "Enter"
$t->print("");
# Wait for the real prompt
$t->waitfor('/\[.*@.*\] > /');
# It is not possible to get the line numbers etc.
# Thus we cant support if simultaneus-use is over 1
# At least I was using pppoe so it wasnt possible.
#$t->print('ppp active print column name detail');
$t->print('ppp active print without-paging detail');
# Somehow routeros echo'es our commands 2 times. We dont want to mix
# this with the real command prompt.
$t->waitfor('/\[.*@.*\] > ppp active print without-paging detail/');
# Now lets get the list of online ppp users.
( $output ) = $t->waitfor('/\[.*@.*\] > /');
# For debugging we can print the list to stdout
# print $output;
#Lets logout to make everybody happy.
#If we close the connection without logging out then routeros
#starts to complain after a while. Saying;
#telnetd: All network ports in use.
$t->print("quit");
$t->close;
#check for # of $user in output
#the output includes only one = between name and username so we can
#safely use it as a seperator.
#disabled until mikrotik starts to send newline after each line...
# @output = $output;
# foreach $line ( @output ) {
# #remove newline
# chomp $line;
# #remove trailing whitespace
# ($line = $line) =~ s/\s+$//;
# if( $line =~ /name=/ ) {
# print($line);
# @fields = split( /=/, $line );
# if( $fields[1] == "\"$user\"") {
# $username_seen++;
# }
# }
# }
if( ($output =~ /name="$user"/)&&($output=~/session-id=$ARGV[4]/) ) {
$username_seen++;
}
#lets return something
if ($username_seen > 0) {
return 1;
} else {
return 0;
}
}
Znaci upotreba (npr):
checkrad mikrotik 192.168.0.10 14 simo 0x81600000
- "mikrotik" je tip NAS-a (sto se perla tice poziva se funkcija mikrotik_telnet)
- "192.168.0.10" ip adresa NAS-a na koji se skripta telnetuje i proverava da li postoji navedeni korisnik sa navedenim session-id-jem
- 14 je nas_port (skripta ga ne koristi pa moze da stoji ovde bilo sta, moze da se implementira)
- "simo" je user koga proveravamo
- "0x81600000" je session-id koji vadimo iz radacct tabele i proveravamo
i naravno uredno popunjen fajl naspasswd:
192.168.0.10 admin password
ovo se koristi za telnet, pa ne bi bilo lose kreirati neki read-only user na mt-u samo za ove potrebe...