try:
vlans = dendrite.get_conf('vlans', timeout=5)
except ConnectionFailed:
vlans = None
if vlans is None:
# Default vlan conf: first 2 interfaces bridged
default_vlans = []
count = 0
for interface in physical_ifaces():
count += 1
default_vlans.append({'interface': interface})
if count == 2:
break
if args.default_conf_only and not NetworkConfigurator.vlans_conf_files_exists():
NetworkConfigurator.generate_vlans_conf_files(default_vlans)
if not args.default_conf_only:
configurator = AccessControlConfigurator()
# Generate nginx captive portal conf if needed
if vlans is None and not os.path.exists(NGINX_CAPTIVE_PORTAL):
configurator.new_vlan_conf(
default_vlans,
skip_vlans_conf_files=True
)
dendrite.subscribe_conf('vlans', cb=configurator.new_vlan_conf_cb)
# wait for changes
dendrite.wait_complete()
self.synapse = Synapse()
def agent_conf_updated(self, conf):
conf_changed = False
for key in self.KEYS:
if self.conf.get(key, {}) != conf[key]:
self.conf[key] = conf[key]
conf_changed = True
# save credentials for other program use...
if key == 'credentials':
self.synapse.set(SNMP_DEFAULT_CREDENTIALS_PATH, conf[key])
if conf_changed:
# Grab template
snmp_template = Template(filename="/elan-agent/nac/snmp/snmptrapd.conf")
with open ("/etc/snmp/snmptrapd.conf", "w") as server_file:
server_file.write(snmp_template.render(**self.conf))
restart_service('elan-snmp-notification-receiver')
if __name__ == "__main__":
dendrite = Dendrite()
conf = SnmpConfigurator()
dendrite.subscribe_conf('snmp', conf.agent_conf_updated)
dendrite.wait_complete()
#!/usr/bin/env python3
from elan.captive_portal import GuestAccessManager
from elan.neuron import Dendrite
if __name__ == "__main__":
dendrite = Dendrite()
manager = GuestAccessManager()
dendrite.subscribe_conf('guest-access/active-authorizations', manager.new_authorizations)
dendrite.wait_complete()
#!/usr/bin/env python3
import logging
from elan.network import NetworkConfigurator
from elan.neuron import Dendrite
logging.basicConfig()
if __name__ == "__main__":
dendrite = Dendrite()
configurator = NetworkConfigurator()
dendrite.subscribe_conf('ipv4', configurator.set_ipv4)
dendrite.subscribe_conf('ipv6', configurator.set_ipv6)
dendrite.wait_complete()
#!/usr/bin/env python3
from elan.authentication import AuthenticationProvider
from elan.neuron import Dendrite
if __name__ == "__main__":
dendrite = Dendrite()
provider = AuthenticationProvider(dendrite=dendrite)
dendrite.subscribe_conf('authentication', cb=provider.new_authentication_conf)
dendrite.wait_complete()
conf_changed = False
for key in self.KEYS:
if self.conf.get(key, "") != conf[key]:
self.conf[key] = conf[key]
conf_changed = True
if conf_changed:
# Grab template
server_template = Template(filename="/elan-agent/nac/freeradius/server")
with open ("/etc/freeradius/3.0/sites-enabled/nac", "w") as server_file:
server_file.write(server_template.render(**self.conf))
with open ("/etc/freeradius/3.0/certs/nac.pem", "w") as cert_file:
# reverse certchain so that freeradius/openssl finds the cert matching the private key in first position...
cert_list = [ cert + '-----END CERTIFICATE-----\n' for cert in self.conf['cert_chain'].split('-----END CERTIFICATE-----') if '-----BEGIN CERTIFICATE-----' in cert ]
cert_file.write(''.join(reversed(cert_list)))
cert_file.write(self.conf['cert_key'])
# Reload freeradius
restart_service('freeradius')
if __name__ == "__main__":
dendrite = Dendrite()
conf = RadiusConfigurator()
dendrite.subscribe_conf('radius', conf.agent_conf_updated)
dendrite.wait_complete()
#!/usr/bin/env python3
from elan.ids import generate_suricata_conf
from elan.neuron import Dendrite
from elan.utils import reload_service
def ip_conf_changed(*args, **kwargs):
if generate_suricata_conf():
reload_service('suricata')
if __name__ == "__main__":
dendrite = Dendrite()
dendrite.subscribe_conf('ipv4/current', ip_conf_changed)
dendrite.subscribe_conf('ipv6/current', ip_conf_changed)
dendrite.wait_complete()