#! /bin/bash

# check_rogue - Nagios Plugin to check for rogue DHCP Server
#		in the local network using dhcp_probe from
#		http://www.net.princeton.edu/software/dhcp_probe/
#
# 2008-12:	Jan Toenjes <jan@atw.goe.net>


#### dhcp_probe configuration #####
DHCP_PROBE=/usr/local/sbin/dhcp_probe
LOGFILE=/tmp/dhcp_probe_log
PIDFILE=/var/run/dhcp_probe.pid
IFACE=eth0:1



TOUCH=/usr/bin/touch
SUDO=/usr/bin/sudo
GREP=/bin/grep
UNIQ=/usr/bin/uniq
AWK=/usr/bin/awk
SED=/bin/sed
RM=/bin/rm
KILL=/bin/kill
SLEEP=/bin/sleep


# get information about possible rogue dhcp servers 
$TOUCH $LOGFILE
$SUDO $DHCP_PROBE -l $LOGFILE -p $PIDFILE $IFACE
$SLEEP 10
$KILL -9 `cat $PIDFILE`


# parse the collected information
IP=`$GREP warn $LOGFILE | $UNIQ | $AWK '{print $16}'`
MAC=`$GREP warn $LOGFILE | $UNIQ | $AWK '{print $19}' | $SED 's/)//g'`


# remove logfile, not needed anymore
$RM -rf $LOGFILE


# create nagios message
if [ "$IP" != "" ]; then
  echo "ROGUE DHCP DETECTED: $IP - $MAC"
  exit 2
fi;

if [ "$IP" == "" ]; then
  echo "alles dufte!! :-)"
  exit 0
fi;