用Linux Shell脚本轻松管理Radius服务器

jopen 10年前

公司的无线环境采用mac地址认证的方式,mac地址被绑定到Radius的users配置文件中,将注册了的mac地址作为用户名和密码。为了方便的管理这些mac地址,自己写了一个shell脚本来管理。

shell脚本所特有的强大文本处理能力和各种命令函数的组合,使得管理员的工作能轻松不少。

下面就列出该脚本的功能以示参考:

  • 添加mac地址
  • 删除mac地址
  • 查找mac地址
  • 去除重复mac地址
  • 检查mac地址合法性
  • TODO,导入导出mac地址,添加注释

其中用到的Shell脚本技术包括但不限于:

  • 文本文件的列处理和行处理,如sed、awk等命令
  • 字符串查找、过滤、大小写转换,bash和grep等命令
  • 获取、计算、比较字符串长度,bash和wc等命令
  • mac地址正则表达式的处理和类型转换
  • shell编程操作、包括文件包含、函数、参数传递、返回值等
  • 其他

代码示例:

#!/bin/bash  #    # Source function library.  . /etc/rc.d/init.d/functions    RADIUSD=/usr/sbin/radiusd  LOCKF=/var/lock/subsys/radiusd  CONFIG=/etc/raddb/radiusd.conf  USERCONFIG=/etc/raddb/users    [ -f $RADIUSD ] || exit 0  [ -f $CONFIG ] || exit 0  [ -f $USERCONFIG ] || exit 0    RETVAL=0    OPERATION=$1  MACADDRESS=$2    function help()  {      clear      echo $""      echo $"===================================================================================="      echo $"For Radius on Fedora/CentOS/RadHat Linux Server, Written by Chris"      echo $"===================================================================================="      echo $"A tool to manage Radius server"      echo $""      echo $"Usage: $0 {find|add|modify|delete|check|remove|start|stop|status|restart|reload} mac"      #TODO      echo $"Usage: $0 {import|export|debug}"      echo $""      echo $"For more information please contract dgdenterprise@gmail.com"      echo $"===================================================================================="      echo $""      exit 1  }    function mac()  {      if [ -z $MACADDRESS ];then          echo $"no mac address is signed! "          echo $"\$2 is $MACADDRESS"          exit 1      else                  if [[ "${#MACADDRESS}" != "12" ]] && [[ "${#MACADDRESS}" != "17" ]] ;then              echo "mac length is ${#MACADDRESS}"                          echo "mac address is illegal! "              exit 1  #                else  #                        echo $"mac which you input is $MACADDRESS"                  fi          #echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}/p'          #echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}/p'          #echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{12}/p'          if [[ `echo $MACADDRESS | grep -` ]];then              PROMAC=`echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}/p' | tr '[:upper:]' '[:lower:]' | sed 's/-//g'`          elif [[ `echo $MACADDRESS | grep :` ]];then              PROMAC=`echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}/p' | tr '[:upper:]' '[:lower:]' | sed 's/://g'`          else              PROMAC=`echo $MACADDRESS | tr '[:upper:]' '[:lower:]'`          fi          echo $PROMAC      fi  }    function find()  {      MAC=`mac`      echo $"accepted mac is $MAC"      if [[ `grep $MAC $USERCONFIG` ]]; then          MACLINE=`grep -n $MAC $USERCONFIG | awk -F ':' '{print $1}'`          #echo $MACLINE          MACLINECOUNT=$(echo $MACLINE | wc -w)          #echo $MACLINECOUNT          if [[ "$MACLINECOUNT" != "1" ]];then              echo $"ERROR, this mac $MAC has duplicate record, you should use $0 remove $MAC to remove duplicate record"              exit 1          fi          echo $"Successfully find $MAC in $MACLINE line of file $USERCONFIG! "          echo          REVAL=$?      else          echo $"Can not find $MAC in file $USERCONFIG! "          echo          exit 1          REVAL=$?      fi  }    function add()  {      MAC=`mac`      echo $"accepted mac is $MAC"      #find $MAC      LINENUM=`grep -n "Cleartext-Password :='" users | grep -v \# | head -n1 | awk -F ":" '{print $1}'`      SEDOPERATION=$LINENUM"a"      sed -i "$SEDOPERATION $MAC    Cleartext-Password :='$MAC'" $USERCONFIG      find $MAC      restart  }    function modify()  {      MAC=`mac`      find $MAC      #TODO    }    function delete()  {          MAC=`mac`          echo $"accepted mac is $MAC"          if [[ `grep $MAC $USERCONFIG` ]]; then                  MACLINE=`grep -n $MAC $USERCONFIG | awk -F ':' '{print $1}'`                  ##echo $MACLINE                  #MACLINECOUNT=$(echo $MACLINE | wc -w)                  ##echo $MACLINECOUNT                  #if [[ "$MACLINECOUNT" != "1" ]];then                  #        echo $"ERROR, this mac $MAC has duplicate record, you should use $0 remove $MAC to remove duplicate record"                  #        exit 1                  #fi                  echo $"Successfully find $MAC in $MACLINE line of file $USERCONFIG! "          echo $"It will be deleted! "          sed -i "$MACLINE d" $USERCONFIG          #TODO          echo $"If you see 'Can not find $MAC in file $USERCONFIG! ', it means successfully! "          find $MAC                  echo                  REVAL=$?          else                  echo $"Can not find $MAC in file $USERCONFIG! "                  echo                  REVAL=$?          fi  }    function check()  {      MAC=`mac`      find $MAC      remove $MAC  }    function remove()  {      MAC=`mac`          echo $"accepted mac is $MAC"      #TODO      #echo $"backuped file to file $FILENAME"          if [[ `grep $MAC $USERCONFIG` ]]; then                  MACLINE=`grep -n $MAC $USERCONFIG | awk -F ':' '{print $1}'`                  #echo $MACLINE                  MACLINECOUNT=$(echo $MACLINE | wc -w)                  #echo $MACLINECOUNT                  if [[ "$MACLINECOUNT" == "1" ]];then                          echo $"WARNNING, this mac $MAC is good record, no duplicate record has found! "                          exit 0                  fi      TOREMOVE="$MAC    Cleartext-Password :='$MAC'"      sed -i "/^$TOREMOVE$/d" $USERCONFIG      add $MAC      fi  }    function restart()  {      service radiusd restart  }    function reload()  {      service radiusd reload  }    function status()  {      service radiusd status  }    case "$1" in       find)          find          RETVAL=$?      ;;      add)          add          RETVAL=$?      ;;      modify)          modify          RETVAL=$?      ;;      delete)          delete          RETVAL=$?      ;;      check)          check          RETVAL=$?      ;;      remove)          remove          RETVAL=$?      ;;      start)          start          RETVAL=$?      ;;      stop)          stop          RETVAL=$?      ;;      status)          status          RETVAL=$?      ;;      restart)          restart          RETVAL=$?      ;;      reload)          reload          RETVAL=$?      ;;      *)          help          exit 1      ;;  esac
原文来自:urey_pp 的BLOG