用Linux Shell脚本轻松管理Radius服务器
jopen
10年前
公司的无线环境采用mac地址认证的方式,mac地址被绑定到Radius的users配置文件中,将注册了的mac地址作为用户名和密码。为了方便的管理这些mac地址,自己写了一个shell脚本来管理。
shell脚本所特有的强大文本处理能力和各种命令函数的组合,使得管理员的工作能轻松不少。
下面就列出该脚本的功能以示参考:
- 添加mac地址
- 删除mac地址
- 查找mac地址
- 去除重复mac地址
- 检查mac地址合法性
- TODO,导入导出mac地址,添加注释
其中用到的Shell脚本技术包括但不限于:
- 文本文件的列处理和行处理,如sed、awk等命令
- 字符串查找、过滤、大小写转换,bash和grep等命令
- 获取、计算、比较字符串长度,bash和wc等命令
- mac地址正则表达式的处理和类型转换
- shell编程操作、包括文件包含、函数、参数传递、返回值等
- 其他
代码示例:
#!/bin/bash # # Source function library. . /etc/rc.d/init.d/functions RADIUSD=/usr/sbin/radiusd LOCKF=/var/lock/subsys/radiusd CONFIG=/etc/raddb/radiusd.conf USERCONFIG=/etc/raddb/users [ -f $RADIUSD ] || exit 0 [ -f $CONFIG ] || exit 0 [ -f $USERCONFIG ] || exit 0 RETVAL=0 OPERATION=$1 MACADDRESS=$2 function help() { clear echo $"" echo $"====================================================================================" echo $"For Radius on Fedora/CentOS/RadHat Linux Server, Written by Chris" echo $"====================================================================================" echo $"A tool to manage Radius server" echo $"" echo $"Usage: $0 {find|add|modify|delete|check|remove|start|stop|status|restart|reload} mac" #TODO echo $"Usage: $0 {import|export|debug}" echo $"" echo $"For more information please contract dgdenterprise@gmail.com" echo $"====================================================================================" echo $"" exit 1 } function mac() { if [ -z $MACADDRESS ];then echo $"no mac address is signed! " echo $"\$2 is $MACADDRESS" exit 1 else if [[ "${#MACADDRESS}" != "12" ]] && [[ "${#MACADDRESS}" != "17" ]] ;then echo "mac length is ${#MACADDRESS}" echo "mac address is illegal! " exit 1 # else # echo $"mac which you input is $MACADDRESS" fi #echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}/p' #echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}/p' #echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{12}/p' if [[ `echo $MACADDRESS | grep -` ]];then PROMAC=`echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}-[A-Fa-f0-9]{2}/p' | tr '[:upper:]' '[:lower:]' | sed 's/-//g'` elif [[ `echo $MACADDRESS | grep :` ]];then PROMAC=`echo $MACADDRESS | sed -nr '/[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}:[A-Fa-f0-9]{2}/p' | tr '[:upper:]' '[:lower:]' | sed 's/://g'` else PROMAC=`echo $MACADDRESS | tr '[:upper:]' '[:lower:]'` fi echo $PROMAC fi } function find() { MAC=`mac` echo $"accepted mac is $MAC" if [[ `grep $MAC $USERCONFIG` ]]; then MACLINE=`grep -n $MAC $USERCONFIG | awk -F ':' '{print $1}'` #echo $MACLINE MACLINECOUNT=$(echo $MACLINE | wc -w) #echo $MACLINECOUNT if [[ "$MACLINECOUNT" != "1" ]];then echo $"ERROR, this mac $MAC has duplicate record, you should use $0 remove $MAC to remove duplicate record" exit 1 fi echo $"Successfully find $MAC in $MACLINE line of file $USERCONFIG! " echo REVAL=$? else echo $"Can not find $MAC in file $USERCONFIG! " echo exit 1 REVAL=$? fi } function add() { MAC=`mac` echo $"accepted mac is $MAC" #find $MAC LINENUM=`grep -n "Cleartext-Password :='" users | grep -v \# | head -n1 | awk -F ":" '{print $1}'` SEDOPERATION=$LINENUM"a" sed -i "$SEDOPERATION $MAC Cleartext-Password :='$MAC'" $USERCONFIG find $MAC restart } function modify() { MAC=`mac` find $MAC #TODO } function delete() { MAC=`mac` echo $"accepted mac is $MAC" if [[ `grep $MAC $USERCONFIG` ]]; then MACLINE=`grep -n $MAC $USERCONFIG | awk -F ':' '{print $1}'` ##echo $MACLINE #MACLINECOUNT=$(echo $MACLINE | wc -w) ##echo $MACLINECOUNT #if [[ "$MACLINECOUNT" != "1" ]];then # echo $"ERROR, this mac $MAC has duplicate record, you should use $0 remove $MAC to remove duplicate record" # exit 1 #fi echo $"Successfully find $MAC in $MACLINE line of file $USERCONFIG! " echo $"It will be deleted! " sed -i "$MACLINE d" $USERCONFIG #TODO echo $"If you see 'Can not find $MAC in file $USERCONFIG! ', it means successfully! " find $MAC echo REVAL=$? else echo $"Can not find $MAC in file $USERCONFIG! " echo REVAL=$? fi } function check() { MAC=`mac` find $MAC remove $MAC } function remove() { MAC=`mac` echo $"accepted mac is $MAC" #TODO #echo $"backuped file to file $FILENAME" if [[ `grep $MAC $USERCONFIG` ]]; then MACLINE=`grep -n $MAC $USERCONFIG | awk -F ':' '{print $1}'` #echo $MACLINE MACLINECOUNT=$(echo $MACLINE | wc -w) #echo $MACLINECOUNT if [[ "$MACLINECOUNT" == "1" ]];then echo $"WARNNING, this mac $MAC is good record, no duplicate record has found! " exit 0 fi TOREMOVE="$MAC Cleartext-Password :='$MAC'" sed -i "/^$TOREMOVE$/d" $USERCONFIG add $MAC fi } function restart() { service radiusd restart } function reload() { service radiusd reload } function status() { service radiusd status } case "$1" in find) find RETVAL=$? ;; add) add RETVAL=$? ;; modify) modify RETVAL=$? ;; delete) delete RETVAL=$? ;; check) check RETVAL=$? ;; remove) remove RETVAL=$? ;; start) start RETVAL=$? ;; stop) stop RETVAL=$? ;; status) status RETVAL=$? ;; restart) restart RETVAL=$? ;; reload) reload RETVAL=$? ;; *) help exit 1 ;; esac原文来自:urey_pp 的BLOG