commit 8bd19bd82604cee98a975e209f10714b7f1be0a2 Author: alexandrev-tibco Date: Wed May 7 13:22:13 2025 +0200 Init diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..abaa98f Binary files /dev/null and b/.DS_Store differ diff --git a/apply.sh b/apply.sh new file mode 100644 index 0000000..ef92608 --- /dev/null +++ b/apply.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +INTERFACES=("vmbr0" "vmbr1" "eno1" "enp1s0") + +echo "==> Aplicando arp_filter..." +for iface in "${INTERFACES[@]}"; do + if [ -f "/proc/sys/net/ipv4/conf/$iface/arp_filter" ]; then + echo 1 > "/proc/sys/net/ipv4/conf/$iface/arp_filter" + fi +done + +echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter +echo 1 > /proc/sys/net/ipv4/conf/default/arp_filter + +SYSCTL_FILE="/etc/sysctl.conf" +for iface in "${INTERFACES[@]}" all default; do + grep -q "net.ipv4.conf.$iface.arp_filter" "$SYSCTL_FILE" || echo "net.ipv4.conf.$iface.arp_filter = 1" >> "$SYSCTL_FILE" +done + +sysctl -p +echo "==> Configuración de arp_filter aplicada correctamente." diff --git a/check-arp-integrity.sh b/check-arp-integrity.sh new file mode 100644 index 0000000..31d266c --- /dev/null +++ b/check-arp-integrity.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +IP_LOCAL="192.168.1.100" +MAC_ESPERADA="e8:6a:64:8e:7e:2a" +INTERFAZ_SALIDA="vmbr0" +LOG_FILE="/var/log/arp-monitor.log" +REPO_FIX_SCRIPT="$(dirname "$0")/apply.sh" + +RESPUESTA=$(arping -c 3 -I "$INTERFAZ_SALIDA" "$IP_LOCAL" 2>/dev/null | grep reply | head -n1) +MAC_RESPUESTA=$(echo "$RESPUESTA" | awk -F" " '{print $5}' | tr '[:upper:]' '[:lower:]') +FECHA=$(date '+%Y-%m-%d %H:%M:%S') + +if [[ -z "$MAC_RESPUESTA" ]]; then + echo "$FECHA - ERROR: No se recibió respuesta ARP de $IP_LOCAL" >> "$LOG_FILE" +elif [[ "$MAC_RESPUESTA" != "$MAC_ESPERADA" ]]; then + echo "$FECHA - ALERTA: MAC inesperada para $IP_LOCAL. Esperada: $MAC_ESPERADA, Recibida: $MAC_RESPUESTA" >> "$LOG_FILE" + echo "$FECHA - Reaplicando configuración arp_filter" >> "$LOG_FILE" + bash "$REPO_FIX_SCRIPT" >> "$LOG_FILE" 2>&1 +else + echo "$FECHA - OK: ARP verificado correctamente para $IP_LOCAL (MAC $MAC_RESPUESTA)" >> "$LOG_FILE" +fi diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..4f0ac4c --- /dev/null +++ b/setup.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +REPO_URL="http://gitea:3000/baphemot/proxmox-node-config.git" +CLONE_DIR="/opt/proxmox-node-config" +MARKER_FILE="$CLONE_DIR/.apply-done" + +if [ ! -d "$CLONE_DIR/.git" ]; then + echo "==> Clonando repo desde $REPO_URL..." + git clone "$REPO_URL" "$CLONE_DIR" +else + echo "==> Actualizando repo..." + git -C "$CLONE_DIR" pull +fi + +cd "$CLONE_DIR" || exit 1 + +if [ ! -f "$MARKER_FILE" ]; then + echo "==> Ejecutando apply.sh por primera vez..." + bash "$CLONE_DIR/apply.sh" + touch "$MARKER_FILE" +else + echo "==> apply.sh ya fue ejecutado previamente, se omite." +fi + +install_unit() { + local service_name=$1 + local timer_name=$2 + + if ! systemctl list-timers | grep -q "$timer_name"; then + echo "==> Instalando $timer_name..." + cp "$CLONE_DIR/systemd/$service_name" /etc/systemd/system/ + cp "$CLONE_DIR/systemd/$timer_name" /etc/systemd/system/ + systemctl daemon-reexec + systemctl daemon-reload + systemctl enable --now "$timer_name" + else + echo "==> $timer_name ya está instalado." + fi +} + +install_unit apply.service apply.timer +install_unit arp-monitor.service arp-monitor.timer + +echo "==> Instalación y configuración completa." diff --git a/systemd/apply.service b/systemd/apply.service new file mode 100644 index 0000000..4c1ee0f --- /dev/null +++ b/systemd/apply.service @@ -0,0 +1,6 @@ +[Unit] +Description=Apply ARP Filter Fix to Network Interfaces + +[Service] +Type=oneshot +ExecStart=/opt/proxmox-node-config/apply.sh diff --git a/systemd/apply.timer b/systemd/apply.timer new file mode 100644 index 0000000..ae3a522 --- /dev/null +++ b/systemd/apply.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Run apply.sh every 15 minutes + +[Timer] +OnBootSec=5min +OnUnitActiveSec=15min +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/systemd/arp-monitor.service b/systemd/arp-monitor.service new file mode 100644 index 0000000..0d8ed47 --- /dev/null +++ b/systemd/arp-monitor.service @@ -0,0 +1,6 @@ +[Unit] +Description=Check ARP Table Integrity + +[Service] +Type=oneshot +ExecStart=/opt/proxmox-node-config/check-arp-integrity.sh diff --git a/systemd/arp-monitor.timer b/systemd/arp-monitor.timer new file mode 100644 index 0000000..8768d40 --- /dev/null +++ b/systemd/arp-monitor.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Run ARP monitor every 10 minutes + +[Timer] +OnBootSec=3min +OnUnitActiveSec=10min +Persistent=true + +[Install] +WantedBy=timers.target