Ranadok …finally remembered his login info

DHCP Cop – A Linux Script for DHCP lease email notification

In my job, sometimes I write little scripts (usually either Bash scripts if it's for Linux or VBS if it's for Windows) to make my life and the lives of my colleagues easier. Usually, they are quite specific to our environment, so there isn't much use in sharing them with the world at large. However, in this case, I think this is general enough that someone else may find a use for it. I'm not claiming to be the best scripter in the world or that this is the best way to do this, just that it works for me and I didn't find too many other things along the same lines when I looked originally. I did find one site that had something similar that put me on the right track, but I can't find it now to give proper credit (and it used a different method than I did, though it was one that got me thinking).

What this basic script does is monitor the active dynamic pool DHCP leases on the server (assuming CentOS, can't speak for other Linux variants) and email a given address with the lease information. My assumption when writing this (based on where I planned to use it) is that the server uses static DHCP leases for all permanent equipment, so you want to be notified by email when something gets a temporary lease, and that anything given a temporary lease is either going to be disconnected (if unauthorized) or given a static lease (if authorized), so the temporary lease pool should usually be empty. Perhaps, based on this, I should have called it 'DHCP Snitch', but it's too late to change it now. The script should be scheduled to run via cron at the desired interval (I use fifteen minutes, which is frequent enough for me), and it will only email once when it detects a new lease. As a downside, if a second lease is given out before the first is cleared, it will not send a second email. I do have vague plans to modify it to notify on each new lease, but that's for 'later'.

The logic is dead simple, it pretty much just greps the dhcpd.leases file for the 'active' string, then mails the specified email address with the lines above and below it in the file (for context), so long as the sent email file doesn't exist in the /tmp/ folder. If there are no leases active, and the sent email file exists, it deletes it. That's it:

#!/bin/sh
#DHCP Cop - alerts via email when new temporary DHCP address is leased
#Set to run at desired interval via cron. 
#Emails one time when there is a new active lease
#Will not email again until after there are no active leases for at least one check

if grep -q "binding state active" /var/lib/dhcp/dhcpd.leases; then
  if [ -e /tmp/dhcpemail.txt ]; then
    exit
  else
    SUBJECT="New DHCP Lease on $HOSTNAME"
    ADDRESS="user@example.com"
    BODY="/tmp/dhcpemail.txt"
    grep -A 8 -B 3 "binding state active;" /var/lib/dhcp/dhcpd.leases > $BODY
    /bin/mail -s "$SUBJECT" "$ADDRESS" < $BODY
  fi

else
  if [ -e /tmp/dhcpemail.txt ]; then
    rm -f /tmp/dhcpemail.txt
  else
    exit
  fi
fi

I feel that I should have some sort of disclaimer here: This script is offered without any guarantees of functionality. It's just something I threw together that seems to be working for me so far in my environment, and I figured I would share at the world at large in the hopes that someone else would find it useful. Use at your own risk.