#!/bin/bash # - VAR # - Bash info APPNAME=$(basename $0) NAME="Check FireWall Fortinet" AUTHOR="Kalarumeth" VERSION="v0.1" URL="https://github.com/Kalarumeth" # - Default settings for connection COMMUNITY="public" HOST_NAME="localhost" AP="authPriv" AUTH="SHA-256" PRIV="AES" SNMPVERSION="3" # - State Variables STATE_OK=0 STATE_WARN=1 STATE_CRIT=2 STATE_UNK=3 STATE=$STATE_OK # - OID Fortinet.OIDS() { #Info OID_sysDescr="1.3.6.1.2.1.1.5" OID_sysUptimeIstance="1.3.6.1.2.1.1.3" #CPU OID_fgProcessorUsage="1.3.6.1.4.1.12356.101.4.4.2.1.2" # Gauge32 '%' #Memory OID_fgProcModMemCapacity="1.3.6.1.4.1.12356.101.4.5.3.1.6" # Kb OID_fgProcModMemUsage="1.3.6.1.4.1.12356.101.4.5.3.1.7" #Sensors OID_fgHwSensorEntIndex="1.3.6.1.4.1.12356.101.4.3.2.1.1" OID_fgHwSensorEntName="1.3.6.1.4.1.12356.101.4.3.2.1.2" OID_fgHwSensorEntValue="1.3.6.1.4.1.12356.101.4.3.2.1.3" OID_fgHwSensorEntAlarmStatus="1.3.6.1.4.1.12356.101.4.3.2.1.4" #HA OID_fgHaStatsIndex="1.3.6.1.4.1.12356.101.13.2.1.1.1" OID_fgHaStatsSerial="1.3.6.1.4.1.12356.101.13.2.1.1.2" OID_fgHaStatsCpuUsage="1.3.6.1.4.1.12356.101.13.2.1.1.3" OID_fgHaStatsMemUsage="1.3.6.1.4.1.12356.101.13.2.1.1.4" OID_fgHaStatsNetUsage="1.3.6.1.4.1.12356.101.13.2.1.1.5" OID_fgHaStatsSesCount="1.3.6.1.4.1.12356.101.13.2.1.1.6" OID_fgHaStatsPktCount="1.3.6.1.4.1.12356.101.13.2.1.1.7" OID_fgHaStatsByteCount="1.3.6.1.4.1.12356.101.13.2.1.1.8" OID_fgHaStatsIdsCount="1.3.6.1.4.1.12356.101.13.2.1.1.9" OID_fgHaStatsAvCount="1.3.6.1.4.1.12356.101.13.2.1.1.10" OID_fgHaStatsHostname="1.3.6.1.4.1.12356.101.13.2.1.1.11" OID_fgHaStatsSyncStatus="1.3.6.1.4.1.12356.101.13.2.1.1.12" OID_fgHaStatsSyncDatimeSucc="1.3.6.1.4.1.12356.101.13.2.1.1.13" OID_fgHaStatsSyncDatimeUnsucc="1.3.6.1.4.1.12356.101.13.2.1.1.14" OID_fgHaStatsGlobalChecksum="1.3.6.1.4.1.12356.101.13.2.1.1.15" OID_fgHaStatsMasterSerial="1.3.6.1.4.1.12356.101.13.2.1.1.16" } # - MAIN CODE Script.HostAlive() { for server in $HOST_NAME; do ping -c1 -W1 -q $server &>/dev/null if [[ $? != 0 ]] ; then printf "%s\n" "$server is unreachable" exit $STATE_UNK fi done } Script.SNMP() { snmpwalk -v $SNMPVERSION -r 1 -t 10 -Oev -l $AP -u $USER -a $AUTH -A $PHAUTH -x $PRIV -X $PHPRIV $HOST_NAME $1 } Script.SNMP.Hex() { snmpwalk -v $SNMPVERSION -r 1 -t 10 -Oav -l $AP -u $USER -a $AUTH -A $PHAUTH -x $PRIV -X $PHPRIV $HOST_NAME $1 } Fortinet.Main() { Script.HostAlive case $1 in uptime) Fortinet.UpTime exit $STATE ;; cpu) Fortinet.CPU exit $STATE ;; memory) Fortinet.Memory exit $STATE ;; sensors) Fortinet.Sensors exit $STATE ;; ha) Fortinet.HAStatus exit $STATE ;; *) echo "Unknown check!" Help.Fortinet exit $STATE_UNK ;; esac } Fortinet.GetData() { Fortinet.OIDS case $1 in uptime) sysUptimeIstance=$(Script.SNMP $OID_sysUptimeIstance | cut -d ')' -f 2 ) ;; cpu) sysCpuPerc=($(Script.SNMP $OID_fgProcessorUsage | cut -d ' ' -f 2)) ;; memory) ramUsage=$(Script.SNMP $OID_fgProcModMemUsage | cut -d ' ' -f 2) ;; sensors) sensIndex=($(Script.SNMP $OID_fgHwSensorEntIndex | cut -d ' ' -f 2)) sensName=($(Script.SNMP $OID_fgHwSensorEntName | tr ' ' '_' | cut -d '"' -f 2)) sensValue=($(Script.SNMP $OID_fgHwSensorEntValue | cut -d '"' -f 2)) sensStatus=($(Script.SNMP $OID_fgHwSensorEntAlarmStatus | cut -d ' ' -f 2)) ;; ha) fgHaStatsIndex=($(Script.SNMP $OID_fgHaStatsIndex | cut -d ' ' -f 2)) fgHaStatsSerial=($(Script.SNMP $OID_fgHaStatsSerial | cut -d '"' -f 2)) fgHaStatsCpuUsage=($(Script.SNMP $OID_fgHaStatsCpuUsage | cut -d ' ' -f 2)) fgHaStatsMemUsage=($(Script.SNMP $OID_fgHaStatsMemUsage | cut -d ' ' -f 2)) fgHaStatsNetUsage=($(Script.SNMP $OID_fgHaStatsNetUsage | cut -d ' ' -f 2)) fgHaStatsSesCount=($(Script.SNMP $OID_fgHaStatsSesCount | cut -d ' ' -f 2)) fgHaStatsPktCount=($(Script.SNMP $OID_fgHaStatsPktCount | cut -d ' ' -f 2)) fgHaStatsByteCount=($(Script.SNMP $OID_fgHaStatsByteCount | cut -d ' ' -f 2)) fgHaStatsIdsCount=($(Script.SNMP $OID_fgHaStatsIdsCount | cut -d ' ' -f 2)) fgHaStatsAvCount=($(Script.SNMP $OID_fgHaStatsAvCount | cut -d ' ' -f 2)) fgHaStatsHostname=($(Script.SNMP $OID_fgHaStatsHostname | cut -d '"' -f 2)) fgHaStatsSyncStatus=($(Script.SNMP $OID_fgHaStatsSyncStatus | cut -d ' ' -f 2)) fgHaStatsGlobalChecksum=($(Script.SNMP $OID_fgHaStatsGlobalChecksum | cut -d '"' -f 2)) fgHaStatsMasterSerial=($(Script.SNMP $OID_fgHaStatsMasterSerial | cut -d '"' -f 2)) ;; esac } Fortinet.ErrorCounter() { for Error in "$(( WarningCounter + CriticalCounter ))"; do if [[ $WarningCounter == 0 ]] && [[ $CriticalCounter == 0 ]] ; then printf "%s\t%s\n\n" "OK!" "All $1 are on range" elif [[ $WarningCounter != 0 ]] && [[ $CriticalCounter == 0 ]] ; then printf "%s\t%s\n\n" "WARNING!" "$Error $1 with problem" STATE=$STATE_WARN elif [[ $CriticalCounter != 0 ]] ; then printf "%s\t%s\n\n" "CRITICAL!" "$Error $1 with problem" STATE=$STATE_CRIT fi done } # Device Information Fortinet.UpTime() { Fortinet.GetData uptime printf "%s\n" "$sysUptimeIstance" } # CPU Fortinet.CPU() { Fortinet.GetData cpu Fortinet.CPU.Header for((i=0; i<${#sysCpuPerc[@]}; i++)) do printf "%s\t" "${i} CPU" "${sysCpuPerc[$i]}%" printf "\n" done } Fortinet.CPU.Header() { WarningCounter=0 CriticalCounter=0 for((i=0; i<${#sysCpuPerc[@]}; i++)); do if [[ ${sysCpuPerc[$i]} > 80 ]]; then WarningCounter=$(( WarningCounter + 1 )) elif [[ ${sysCpuPerc[$i]} > 90 ]]; then CriticalCounter=$(( CriticalCounter + 1 )) fi done Fortinet.ErrorCounter "CPU" printf "%s\t%s\n%s\n" "Id CPU" "Percentage" "======================" } # Memory Fortinet.Memory() { Fortinet.GetData memory case 1 in $(($ramUsage <= 85-1))) printf "%s\n" "OK! RAM used: $ramUsage%" && exit $STATE_OK ;; $(($ramUsage <= 95-1))) printf "%s\n" "WARRING! RAM used: $ramUsage%" && exit $STATE_WARN ;; $(($ramUsage > 95-1))) printf "%s\n" "CRITICAL! RAM used: $ramUsage%"&& exit $STATE_CRIT ;; esac } # Sensors Fortinet.Sensors() { Fortinet.GetData sensors Fortinet.Sensors.Header for((i=0; i<${#sensName[@]}; i++)); do Fortinet.Sensors.Status Fortinet.Sensors.Value Fortinet.Sensors.Name printf "\n" done } Fortinet.Sensors.Value() { value=$(echo ${sensValue[$i]} | cut -d "." -f 1) printf "%s\t" "${value}" } Fortinet.Sensors.Status() { case ${sensStatus[$i]} in 0) printf "%s\t" "Ok" ;; 1) printf "%s\t" "Crit!" ;; esac } Fortinet.Sensors.Name() { name=$(echo ${sensName[$i]} | tr '_' ' ') printf "%s\t" "${name}" } Fortinet.Sensors.Header() { WarningCounter=0 CriticalCounter=0 for((i=0; i<${#sensStatus[@]}; i++)); do if [[ ${sensStatus[$i]} != 0 ]]; then CriticalCounter=$(( CriticalCounter + 1 )) fi done Fortinet.ErrorCounter "Sensors" printf "%s\t%s\t%s\n%s\n" "Status" "Value" "Name" "===============================" } # HA Fortinet.HAStatus(){ Fortinet.GetData ha Fortinet.HAStatus.Header for((i=0; i<${#fgHaStatsIndex[@]}; i++)); do printf "%s\t%s\n" "Index :" ${fgHaStatsIndex[$i]} printf "%s\t%s\n" "HostName :" ${fgHaStatsHostname[$i]} printf "%s\t%s\n" "Serial :" ${fgHaStatsSerial[$i]} printf "%s\t%s\n" "CPUUsage :" "${fgHaStatsCpuUsage[$i]} %" printf "%s\t%s\n" "RamUsage :" "${fgHaStatsMemUsage[$i]} %" printf "%s\t%s\n" "NetUsage :" "${fgHaStatsNetUsage[$i]} kbs" printf "%s\t%s\n" "Session :" ${fgHaStatsSesCount[$i]} printf "%s\t%s\n" "PktCount :" ${fgHaStatsPktCount[$i]} printf "%s\t%s\n" "ByteCount :" ${fgHaStatsByteCount[$i]} printf "%s\t%s\n" "IdsCount :" ${fgHaStatsIdsCount[$i]} printf "%s\t%s\n" "AvCount :" ${fgHaStatsAvCount[$i]} Fortinet.HAStatus.SyncStatus printf "%s\t%s\n" "GlobalChecksum :" ${fgHaStatsGlobalChecksum[$i]} printf "%s\t%s\n" "MasterSerial :" ${fgHaStatsMasterSerial[$i]} printf '\n' done } Fortinet.HAStatus.Header(){ WarningCounter=0 CriticalCounter=0 for((i=0; i<${#fgHaStatsSyncStatus[@]}; i++)); do if [[ ${fgHaStatsSyncStatus[$i]} == 0 ]]; then CriticalCounter=$(( CriticalCounter + 1 )) fi done Fortinet.ErrorCounter "HA value" printf "%s\n" "==================================" } Fortinet.HAStatus.SyncStatus(){ case ${fgHaStatsSyncStatus[$i]} in 0) printf "%s\t%s\n" "SyncStatus :" "unsynchronized" ;; 1) printf "%s\t%s\n" "SyncStatus :" "synchronized" ;; esac } # - COMMAND LINE ENCODER while test -n "$1"; do case "$1" in --host | -h) HOST_NAME=$2 shift ;; --user | -u) USER=$2 shift ;; --phAuth | -pa) PHAUTH=$2 shift ;; --phPriv | -pp) PHPRIV=$2 shift ;; --type | -t) Fortinet.Main $2 shift ;; --help | -H) Help.Main ;; --version | -V) Help.Info exit $STATE ;; *) echo "Unknown argument: $1" print_help exit $STATE_UNK ;; esac shift done Fortinet.Main