#!/usr/bin/perl # # A script to add, remove, and list client blacklist info from the Aruba Controllers # # kslate@mtholyoke.edu # 8-12-2014 # ############################################################################# # use Expect; # ############################################################################# # --------------------- # variables # # running log location # -------------------- $aruba_blacklist_running_log=">>/var/log/aruba-blacklist.log"; # # list of controllers to cycle through # ------------------------------------ @hosts = ("controller1", "controller2", "controller3", "controller4", "controller5"); # # initial creds # ------------- $user = "admin"; $pass = "login_password"; $enablepass = "enable_password"; # # other variables # --------------- $add_blacklist="no"; $print_output="yes"; $remove_blacklist="no"; $timeout = 40; $ksout=""; # # commands to execute on the controllers # -------------------------------------- @cmd=("no paging", "show ap blacklist-clients", "exit", "exit"); @cmd2=("no paging", "stm add-blacklist-clients $black_mac", "exit", "exit"); @cmd3=("no paging", "stm remove-blacklist-clients $black_mac", "exit", "exit"); # #---------------------------------------------------------------------------- ############################################################################# #---------------------------------------------------------------------------- # Main # ---- # # check for command line switches # ------------------------------- # # if -h show help # -------------------------- &show_helpks if ( @ARGV[0] =~ /-h/i ); # # if -a add blacklist # -------------------------- if ( @ARGV[0] =~ /-a/i ){ # $add_blacklist="yes"; $print_output="no"; $black_mac=$ARGV[1]; &check_mac_format; # } # # if -r remove blacklist # -------------------------- if ( @ARGV[0] =~ /-r/i ){ # $remove_blacklist="yes"; $print_output="no"; $black_mac=$ARGV[1]; &check_mac_format; # } # # Main body loop # -------------- foreach (@hosts){ # # $host=$_; $host_short=$_; $host_short=~s/\.domainname\.edu//; # chomp $host; chomp $host_short; # # $ssh = "ssh $user\@$host"; # # # get blacklist info from the Aruba # --------------------------------- # Note: # I use a separate output (if statement) for each controller due to the way # expect seems to grab the output from it's current variable grab (i.e. before() ). # When I had it in a loop with a single if statement for all controllers # the output ($ksout_print) would tend to be unpredictable. Would love to know why. # # It also allowed me to change the ssh and enable passwords for each controller. (Not # shown below - but you could add it.) # # Also every once in a while the printed output from a single controller doesn't show # up correctly. Re-running the command causes it to work correctly again. Again I think # it's expect - before() . Would love to know why for this one too. # # if ($host =~ /controller1.domainname.edu/){ # #print"----------------------------------------\n"; #print"Dealing with: $host\n"; #print"---------------------\n"; # if ($add_blacklist=~ /yes/){ # &add_blacklist_mac; next; # } if ($remove_blacklist=~ /yes/){ # &remove_blacklist_mac; next; # } # &connect_aruba_all; # # @ksout_print=(@ksout_print, "------------"); @ksout_print=(@ksout_print, "controller1"); @ksout_print=(@ksout_print, "------------"); @ksout_print=(@ksout_print, $ksout); } # # if ($host =~ /controller2.domainname.edu/){ # $host_short="Aruba-local2"; # #print"----------------------------------------\n"; #print"Dealing with: $host\n"; #print"---------------------\n"; # if ($add_blacklist=~ /yes/){ # &add_blacklist_mac; next; # } if ($remove_blacklist=~ /yes/){ # &remove_blacklist_mac; next; # } # &connect_aruba_all; # @ksout_print=(@ksout_print, "------------"); @ksout_print=(@ksout_print, "controller2"); @ksout_print=(@ksout_print, "------------"); @ksout_print=(@ksout_print, $ksout); } # if ($host =~ /controller3.domainname.edu/){ # # #print"----------------------------------------\n"; #print"Dealing with: $host\n"; #print"---------------------\n"; # if ($add_blacklist=~ /yes/){ # &add_blacklist_mac; next; # } if ($remove_blacklist=~ /yes/){ # &remove_blacklist_mac; next; # } # &connect_aruba_all; # @ksout_print=(@ksout_print, "------"); @ksout_print=(@ksout_print, "controller3"); @ksout_print=(@ksout_print, "------"); @ksout_print=(@ksout_print, $ksout); } # if ($host =~ /controller4.domainname.edu/){ # #print"----------------------------------------\n"; #print"Dealing with: $host\n"; #print"---------------------\n"; # if ($add_blacklist=~ /yes/){ # &add_blacklist_mac; next; # } if ($remove_blacklist=~ /yes/){ # &remove_blacklist_mac; next; # } # &connect_aruba_all; # @ksout_print=(@ksout_print, "-------"); @ksout_print=(@ksout_print, "controller4"); @ksout_print=(@ksout_print, "-------"); @ksout_print=(@ksout_print, $ksout); } # if ($host =~ /controller5.domainname.edu/){ # #print"----------------------------------------\n"; #print"Dealing with: $host\n"; #print"---------------------\n"; # if ($add_blacklist=~ /yes/){ # &add_blacklist_mac; next; # } if ($remove_blacklist=~ /yes/){ # &remove_blacklist_mac; next; # } # &connect_aruba_all; # @ksout_print=(@ksout_print, "-------"); @ksout_print=(@ksout_print, "controller5"); @ksout_print=(@ksout_print, "-------"); @ksout_print=(@ksout_print, $ksout); } # # # # # null out the printed output # --------------------------- $ksout=""; # # loop end # -------- } # # print output # ------------ if ($print_output=~ /yes/){ # print output # ------------ &print_output; # # get date for log file # --------------------- &get_mydate; # # write out log file # ------------------ &write_it_out; } # # exit; #---------------------------------------------------------------------------- ############################################################################# # # show usage # -------------------- # sub show_helpks{ # print"\n"; print"-----------------------------------------\n"; print"- AP blacklisted client info -\n"; print"- ---------------------------- -\n"; print"- Collects -\n"; print"- Aruba AP blacklisted Client Info -\n"; print"- ---------------------------- -\n"; print"- Created 8/12/2014 -\n"; print"- kslate\@mtholyoke.edu -\n"; print"-----------------------------------------\n"; print"\n"; print"---------------------------------------------------------------\n"; print"Usage:\n"; print" aruba-blacklist.pl \t\tPrint current blacklisted clients.\n"; print" aruba-blacklist.pl -h\t\tThis message.\n"; print" aruba-blacklist.pl -a\t\tAdd a Mac Address to blacklist list.\n"; print" aruba-blacklist.pl -r\t\tRemove Mac Address from blacklist list.\n"; print"\n"; print"\n"; print" Example:\n"; print" To add:\n"; print" aruba-blacklist.pl -a de:ad:be:ef:ca:fe\n"; print" to remove:\n"; print" aruba-blacklist.pl -r de:ad:be:ef:ca:fe\n"; print"---------------------------------------------------------------\n"; exit; # } ############################################################################# sub print_output{ # print"------------------------------------------------------------------------------------\n"; # foreach (@ksout_print){ # print"$_\n"; # } # print"------------------------------------------------------------------------------------\n"; # return; # } ############################################################################# sub write_it_out{ # open (FILE, "$aruba_blacklist_running_log") or die "can't open $aruba_blacklist_running_log"; # # print(FILE "-----------------------------------------------------------------------\n"); print(FILE "$pdate\n"); print(FILE "--------------\n"); foreach (@ksout_print){ # print(FILE "$_\n"); # } # Close the file # close(FILE); # # } ############################################################################# # #Computer name and date # ---------------------- sub get_mydate{ # # ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); $mon ++; $newyear=($year + 1900); # # if needed add the leading 0 # --------------------------- if ($mday < 10){ # $mday="0$mday"; # } # if ($mon < 10){ # $mon="0$mon"; # } # if ($min < 10){ # $min="0$min"; # } # if ($hour < 10){ # $hour="0$hour"; # } # # $pdate="$newyear$mon$mday.$hour$min"; # # } ############################################################################# # connect to the aruba # ------------------- sub connect_aruba_all { # my $exp = Expect->spawn($ssh) or die "Cannot spawn $ssh: $!\n"; # # to turn off output to stdout #---------------------------- $exp->log_stdout(0); # # $exp->expect($timeout, [ qr/admin\@$host\'s password: $/ => sub{ my $fh = shift; print $fh "$pass\n"; exp_continue; } ], [ qr/\($host_short\) \>$/ => sub{ my $fh = shift; print $fh "enable\n"; exp_continue; } ], [ qr/Password:$/ => sub{ my $fh = shift; print $fh "$enablepass\n"; exp_continue; } ], [ qr/\($host_short\) \#/ => sub{ my $fh = shift; foreach(@cmd){ if ($_ =~ /show ap blacklist-clients/){ #can output to a file if needed #$fh->log_file("$kstmpfilename1"); $ksout = $fh->before(); } $fh->send("$_\n"); } #print $fh "$cmd\n"; exp_continue; } ], ); $exp->soft_close(); # return; # } ############################################################################# # add Mac to blacklist # -------------------- sub add_blacklist_mac { # #@cmd2=("no paging", "stm add-blacklist-client $black_mac", "exit", "exit"); # my $exp = Expect->spawn($ssh) or die "Cannot spawn $ssh: $!\n"; # # to turn off output to stdout #---------------------------- $exp->log_stdout(0); # # # $exp->expect($timeout, [ qr/admin\@$host\'s password: $/ => sub{ my $fh = shift; print $fh "$pass\n"; exp_continue; } ], [ qr/\($host_short\) \>$/ => sub{ my $fh = shift; print $fh "enable\n"; exp_continue; } ], [ qr/Password:$/ => sub{ my $fh = shift; print $fh "$enablepass\n"; exp_continue; } ], [ qr/\($host_short\) \#/ => sub{ my $fh = shift; foreach(@cmd2){ $fh->send("$_\n"); } #print $fh "$cmd\n"; exp_continue; } ], ); $exp->soft_close(); # return; # } ############################################################################# # remove Mac from blacklist # ------------------------- sub remove_blacklist_mac { # #@cmd3=("no paging", "stm remove-blacklist-client $black_mac", "exit", "exit"); # my $exp = Expect->spawn($ssh) or die "Cannot spawn $ssh: $!\n"; # # to turn off output to stdout #---------------------------- $exp->log_stdout(0); # # # $exp->expect($timeout, [ qr/admin\@$host\'s password: $/ => sub{ my $fh = shift; print $fh "$pass\n"; exp_continue; } ], [ qr/\($host_short\) \>$/ => sub{ my $fh = shift; print $fh "enable\n"; exp_continue; } ], [ qr/Password:$/ => sub{ my $fh = shift; print $fh "$enablepass\n"; exp_continue; } ], [ qr/\($host_short\) \#/ => sub{ my $fh = shift; foreach(@cmd3){ $fh->send("$_\n"); } #print $fh "$cmd\n"; exp_continue; } ], ); $exp->soft_close(); # return; # } # ############################################################################# # check mac address format # sub check_mac_format { # # $black_mac = lc($black_mac); $black_mac =~ s/[^a-f0-9]//g; # if ($black_mac =~ m|^[a-f0-9]{12}$| ) { $black_mac =~ s/(..)(..)(..)(..)(..)(..)/$1:$2:$3:$4:$5:$6/; return; } # print"Mac address: $black_mac does not appear to be formated correctly.\n"; print"It should be in the form of: XX:XX:XX:XX:XX:XX\n"; print"Quiting without doing anything....\n"; exit; # # }