(2019-05-27)
Problem
Need to detect DHCP servers on the local network.
Pretty Crude Solution
/etc/systemd/system/dhcp-monitor.service:
[Unit]
Description=dhcp-monitor
After=network-online.target
Wants=network-online.target[Service]
Type=forking
ExecStart=/usr/bin/flock /var/lock/dhcp-monitor /usr/local/sbin/start-dhcp-monitoring[Install]
WantedBy=multi-user.target
/usr/local/sbin/start-dhcp-monitoring:
#!/bin/bashtcpdump -i ens192 -nev udp src port 67 | egrep 'Broadcast|bootps' | logger -t dhcp-monitor &
Alerting on rogue DHCP servers is left as an exercise for the reader.
Like I said, crude.