Bash - rogue_ra_detector.sh

#!/bin/sh

DEVICE=eth0
TCPDUMP=/usr/sbin/tcpdump
PROGNAME="rogue_ra_detector.sh"
SLEEPTIME=3600
ALLOWED_RA_SERVERS="fe80::20e:cff:feb1:33a8"
EMAIL="root"

# load up a config
if [ -e "$1" ]; then
        source $1
else
        echo "Config file '$1' not found"
        exit
fi

MESSAGE1="$PROGNAME running on $(hostname) ($DEVICE) has detected what looks like \nrogue router advertisements:"
MESSAGE2="Sorry to be the bearer of bad news.  I'll sleep now for $SLEEPTIME seconds and start detecting again\n\n-- \n$PROGNAME\n"
TCPDUMP_COMMAND="$TCPDUMP -venxx -c 1 -i $DEVICE icmp6 and ip6[40] == 134 and src host not $ALLOWED_RA_SERVERS"
echo $TCPDUMP_COMMAND

# check tcpdump
[ ! -x "$TCPDUMP" ] && echo "$TCPDUMP not found or not executable" && exit 1

while (true); do
        COMMAND_OUTPUT=$($TCPDUMP_COMMAND)
        printf "$MESSAGE1\n\n$COMMAND_OUTPUT\n\n$MESSAGE2\n" | mail -s "Rogue IPv6 Router Adverts Detected on $DEVICE" $EMAIL
        sleep $SLEEPTIME
done