342 lines
9.9 KiB
Bash
342 lines
9.9 KiB
Bash
#!/bin/bash
|
|
|
|
# - VAR
|
|
|
|
# - Bash info
|
|
APPNAME=$(basename $0)
|
|
NAME="Check FireWall Fortinet"
|
|
AUTHOR="Kalarumeth"
|
|
VERSION="v0.1"
|
|
URL="https://github.com/Kalarumeth"
|
|
|
|
# - Default settings for connection
|
|
COMMUNITY="public"
|
|
HOST_NAME="localhost"
|
|
AP="authPriv"
|
|
AUTH="SHA-256"
|
|
PRIV="AES"
|
|
SNMPVERSION="3"
|
|
|
|
# - State Variables
|
|
STATE_OK=0
|
|
STATE_WARN=1
|
|
STATE_CRIT=2
|
|
STATE_UNK=3
|
|
STATE=$STATE_OK
|
|
|
|
|
|
|
|
# - OID
|
|
|
|
Fortinet.OIDS() {
|
|
#Info
|
|
OID_sysDescr="1.3.6.1.2.1.1.5"
|
|
OID_sysUptimeIstance="1.3.6.1.2.1.1.3"
|
|
|
|
#CPU
|
|
OID_fgProcessorUsage="1.3.6.1.4.1.12356.101.4.4.2.1.2" # Gauge32 '%'
|
|
|
|
#Memory
|
|
OID_fgProcModMemCapacity="1.3.6.1.4.1.12356.101.4.5.3.1.6" # Kb
|
|
OID_fgProcModMemUsage="1.3.6.1.4.1.12356.101.4.5.3.1.7"
|
|
|
|
#Sensors
|
|
OID_fgHwSensorEntIndex="1.3.6.1.4.1.12356.101.4.3.2.1.1"
|
|
OID_fgHwSensorEntName="1.3.6.1.4.1.12356.101.4.3.2.1.2"
|
|
OID_fgHwSensorEntValue="1.3.6.1.4.1.12356.101.4.3.2.1.3"
|
|
OID_fgHwSensorEntAlarmStatus="1.3.6.1.4.1.12356.101.4.3.2.1.4"
|
|
|
|
#HA
|
|
OID_fgHaStatsIndex="1.3.6.1.4.1.12356.101.13.2.1.1.1"
|
|
OID_fgHaStatsSerial="1.3.6.1.4.1.12356.101.13.2.1.1.2"
|
|
OID_fgHaStatsCpuUsage="1.3.6.1.4.1.12356.101.13.2.1.1.3"
|
|
OID_fgHaStatsMemUsage="1.3.6.1.4.1.12356.101.13.2.1.1.4"
|
|
OID_fgHaStatsNetUsage="1.3.6.1.4.1.12356.101.13.2.1.1.5"
|
|
OID_fgHaStatsSesCount="1.3.6.1.4.1.12356.101.13.2.1.1.6"
|
|
OID_fgHaStatsPktCount="1.3.6.1.4.1.12356.101.13.2.1.1.7"
|
|
OID_fgHaStatsByteCount="1.3.6.1.4.1.12356.101.13.2.1.1.8"
|
|
OID_fgHaStatsIdsCount="1.3.6.1.4.1.12356.101.13.2.1.1.9"
|
|
OID_fgHaStatsAvCount="1.3.6.1.4.1.12356.101.13.2.1.1.10"
|
|
OID_fgHaStatsHostname="1.3.6.1.4.1.12356.101.13.2.1.1.11"
|
|
OID_fgHaStatsSyncStatus="1.3.6.1.4.1.12356.101.13.2.1.1.12"
|
|
OID_fgHaStatsSyncDatimeSucc="1.3.6.1.4.1.12356.101.13.2.1.1.13"
|
|
OID_fgHaStatsSyncDatimeUnsucc="1.3.6.1.4.1.12356.101.13.2.1.1.14"
|
|
OID_fgHaStatsGlobalChecksum="1.3.6.1.4.1.12356.101.13.2.1.1.15"
|
|
OID_fgHaStatsMasterSerial="1.3.6.1.4.1.12356.101.13.2.1.1.16"
|
|
}
|
|
|
|
# - MAIN CODE
|
|
|
|
Script.HostAlive() {
|
|
for server in $HOST_NAME; do
|
|
ping -c1 -W1 -q $server &>/dev/null
|
|
if [[ $? != 0 ]] ; then
|
|
printf "%s\n" "$server is unreachable"
|
|
exit $STATE_UNK
|
|
fi
|
|
done
|
|
}
|
|
|
|
Script.SNMP() {
|
|
snmpwalk -v $SNMPVERSION -r 1 -t 10 -Oev -l $AP -u $USER -a $AUTH -A $PHAUTH -x $PRIV -X $PHPRIV $HOST_NAME $1
|
|
}
|
|
|
|
Script.SNMP.Hex() {
|
|
snmpwalk -v $SNMPVERSION -r 1 -t 10 -Oav -l $AP -u $USER -a $AUTH -A $PHAUTH -x $PRIV -X $PHPRIV $HOST_NAME $1
|
|
}
|
|
|
|
Fortinet.Main() {
|
|
Script.HostAlive
|
|
|
|
case $1 in
|
|
uptime)
|
|
Fortinet.UpTime
|
|
exit $STATE ;;
|
|
cpu)
|
|
Fortinet.CPU
|
|
exit $STATE ;;
|
|
memory)
|
|
Fortinet.Memory
|
|
exit $STATE ;;
|
|
sensors)
|
|
Fortinet.Sensors
|
|
exit $STATE ;;
|
|
ha)
|
|
Fortinet.HAStatus
|
|
exit $STATE ;;
|
|
*)
|
|
echo "Unknown check!"
|
|
Help.Fortinet
|
|
exit $STATE_UNK ;;
|
|
esac
|
|
}
|
|
|
|
Fortinet.GetData() {
|
|
Fortinet.OIDS
|
|
|
|
case $1 in
|
|
uptime)
|
|
sysUptimeIstance=$(Script.SNMP $OID_sysUptimeIstance | cut -d ')' -f 2 )
|
|
;;
|
|
cpu)
|
|
sysCpuPerc=($(Script.SNMP $OID_fgProcessorUsage | cut -d ' ' -f 2))
|
|
;;
|
|
memory)
|
|
ramUsage=$(Script.SNMP $OID_fgProcModMemUsage | cut -d ' ' -f 2)
|
|
;;
|
|
sensors)
|
|
sensIndex=($(Script.SNMP $OID_fgHwSensorEntIndex | cut -d ' ' -f 2))
|
|
sensName=($(Script.SNMP $OID_fgHwSensorEntName | tr ' ' '_' | cut -d '"' -f 2))
|
|
sensValue=($(Script.SNMP $OID_fgHwSensorEntValue | cut -d '"' -f 2))
|
|
sensStatus=($(Script.SNMP $OID_fgHwSensorEntAlarmStatus | cut -d ' ' -f 2))
|
|
;;
|
|
ha)
|
|
fgHaStatsIndex=($(Script.SNMP $OID_fgHaStatsIndex | cut -d ' ' -f 2))
|
|
fgHaStatsSerial=($(Script.SNMP $OID_fgHaStatsSerial | cut -d '"' -f 2))
|
|
fgHaStatsCpuUsage=($(Script.SNMP $OID_fgHaStatsCpuUsage | cut -d ' ' -f 2))
|
|
fgHaStatsMemUsage=($(Script.SNMP $OID_fgHaStatsMemUsage | cut -d ' ' -f 2))
|
|
fgHaStatsNetUsage=($(Script.SNMP $OID_fgHaStatsNetUsage | cut -d ' ' -f 2))
|
|
fgHaStatsSesCount=($(Script.SNMP $OID_fgHaStatsSesCount | cut -d ' ' -f 2))
|
|
fgHaStatsPktCount=($(Script.SNMP $OID_fgHaStatsPktCount | cut -d ' ' -f 2))
|
|
fgHaStatsByteCount=($(Script.SNMP $OID_fgHaStatsByteCount | cut -d ' ' -f 2))
|
|
fgHaStatsIdsCount=($(Script.SNMP $OID_fgHaStatsIdsCount | cut -d ' ' -f 2))
|
|
fgHaStatsAvCount=($(Script.SNMP $OID_fgHaStatsAvCount | cut -d ' ' -f 2))
|
|
fgHaStatsHostname=($(Script.SNMP $OID_fgHaStatsHostname | cut -d '"' -f 2))
|
|
fgHaStatsSyncStatus=($(Script.SNMP $OID_fgHaStatsSyncStatus | cut -d ' ' -f 2))
|
|
fgHaStatsGlobalChecksum=($(Script.SNMP $OID_fgHaStatsGlobalChecksum | cut -d '"' -f 2))
|
|
fgHaStatsMasterSerial=($(Script.SNMP $OID_fgHaStatsMasterSerial | cut -d '"' -f 2))
|
|
;;
|
|
esac
|
|
}
|
|
|
|
Fortinet.ErrorCounter() {
|
|
for Error in "$(( WarningCounter + CriticalCounter ))"; do
|
|
if [[ $WarningCounter == 0 ]] && [[ $CriticalCounter == 0 ]] ; then
|
|
printf "%s\t%s\n\n" "OK!" "All $1 are on range"
|
|
elif [[ $WarningCounter != 0 ]] && [[ $CriticalCounter == 0 ]] ; then
|
|
printf "%s\t%s\n\n" "WARNING!" "$Error $1 with problem"
|
|
STATE=$STATE_WARN
|
|
elif [[ $CriticalCounter != 0 ]] ; then
|
|
printf "%s\t%s\n\n" "CRITICAL!" "$Error $1 with problem"
|
|
STATE=$STATE_CRIT
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Device Information
|
|
Fortinet.UpTime() {
|
|
Fortinet.GetData uptime
|
|
|
|
printf "%s\n" "$sysUptimeIstance"
|
|
}
|
|
|
|
# CPU
|
|
Fortinet.CPU() {
|
|
Fortinet.GetData cpu
|
|
Fortinet.CPU.Header
|
|
|
|
for((i=0; i<${#sysCpuPerc[@]}; i++))
|
|
do
|
|
printf "%s\t" "${i} CPU" "${sysCpuPerc[$i]}%"
|
|
printf "\n"
|
|
done
|
|
}
|
|
|
|
Fortinet.CPU.Header() {
|
|
WarningCounter=0
|
|
CriticalCounter=0
|
|
|
|
for((i=0; i<${#sysCpuPerc[@]}; i++)); do
|
|
if [[ ${sysCpuPerc[$i]} > 80 ]]; then
|
|
WarningCounter=$(( WarningCounter + 1 ))
|
|
elif [[ ${sysCpuPerc[$i]} > 90 ]]; then
|
|
CriticalCounter=$(( CriticalCounter + 1 ))
|
|
fi
|
|
done
|
|
|
|
Fortinet.ErrorCounter "CPU"
|
|
|
|
printf "%s\t%s\n%s\n" "Id CPU" "Percentage" "======================"
|
|
}
|
|
|
|
# Memory
|
|
Fortinet.Memory() {
|
|
Fortinet.GetData memory
|
|
|
|
case 1 in
|
|
$(($ramUsage <= 85-1)))
|
|
printf "%s\n" "OK! RAM used: $ramUsage%" && exit $STATE_OK ;;
|
|
$(($ramUsage <= 95-1)))
|
|
printf "%s\n" "WARRING! RAM used: $ramUsage%" && exit $STATE_WARN ;;
|
|
$(($ramUsage > 95-1)))
|
|
printf "%s\n" "CRITICAL! RAM used: $ramUsage%"&& exit $STATE_CRIT ;;
|
|
esac
|
|
}
|
|
|
|
# Sensors
|
|
Fortinet.Sensors() {
|
|
Fortinet.GetData sensors
|
|
Fortinet.Sensors.Header
|
|
|
|
for((i=0; i<${#sensName[@]}; i++)); do
|
|
Fortinet.Sensors.Status
|
|
Fortinet.Sensors.Value
|
|
Fortinet.Sensors.Name
|
|
printf "\n"
|
|
done
|
|
}
|
|
|
|
Fortinet.Sensors.Value() {
|
|
value=$(echo ${sensValue[$i]} | cut -d "." -f 1)
|
|
printf "%s\t" "${value}"
|
|
}
|
|
|
|
Fortinet.Sensors.Status() {
|
|
case ${sensStatus[$i]} in
|
|
0) printf "%s\t" "Ok" ;;
|
|
1) printf "%s\t" "Crit!" ;;
|
|
esac
|
|
}
|
|
|
|
Fortinet.Sensors.Name() {
|
|
name=$(echo ${sensName[$i]} | tr '_' ' ')
|
|
printf "%s\t" "${name}"
|
|
}
|
|
|
|
Fortinet.Sensors.Header() {
|
|
WarningCounter=0
|
|
CriticalCounter=0
|
|
|
|
for((i=0; i<${#sensStatus[@]}; i++)); do
|
|
if [[ ${sensStatus[$i]} != 0 ]]; then
|
|
CriticalCounter=$(( CriticalCounter + 1 ))
|
|
fi
|
|
done
|
|
|
|
Fortinet.ErrorCounter "Sensors"
|
|
|
|
printf "%s\t%s\t%s\n%s\n" "Status" "Value" "Name" "==============================="
|
|
}
|
|
|
|
# HA
|
|
Fortinet.HAStatus(){
|
|
Fortinet.GetData ha
|
|
|
|
Fortinet.HAStatus.Header
|
|
|
|
for((i=0; i<${#fgHaStatsIndex[@]}; i++)); do
|
|
printf "%s\t%s\n" "Index :" ${fgHaStatsIndex[$i]}
|
|
printf "%s\t%s\n" "HostName :" ${fgHaStatsHostname[$i]}
|
|
printf "%s\t%s\n" "Serial :" ${fgHaStatsSerial[$i]}
|
|
printf "%s\t%s\n" "CPUUsage :" "${fgHaStatsCpuUsage[$i]} %"
|
|
printf "%s\t%s\n" "RamUsage :" "${fgHaStatsMemUsage[$i]} %"
|
|
printf "%s\t%s\n" "NetUsage :" "${fgHaStatsNetUsage[$i]} kbs"
|
|
printf "%s\t%s\n" "Session :" ${fgHaStatsSesCount[$i]}
|
|
printf "%s\t%s\n" "PktCount :" ${fgHaStatsPktCount[$i]}
|
|
printf "%s\t%s\n" "ByteCount :" ${fgHaStatsByteCount[$i]}
|
|
printf "%s\t%s\n" "IdsCount :" ${fgHaStatsIdsCount[$i]}
|
|
printf "%s\t%s\n" "AvCount :" ${fgHaStatsAvCount[$i]}
|
|
Fortinet.HAStatus.SyncStatus
|
|
printf "%s\t%s\n" "GlobalChecksum :" ${fgHaStatsGlobalChecksum[$i]}
|
|
printf "%s\t%s\n" "MasterSerial :" ${fgHaStatsMasterSerial[$i]}
|
|
|
|
printf '\n'
|
|
done
|
|
}
|
|
|
|
Fortinet.HAStatus.Header(){
|
|
WarningCounter=0
|
|
CriticalCounter=0
|
|
|
|
for((i=0; i<${#fgHaStatsSyncStatus[@]}; i++)); do
|
|
if [[ ${fgHaStatsSyncStatus[$i]} == 0 ]]; then
|
|
CriticalCounter=$(( CriticalCounter + 1 ))
|
|
fi
|
|
done
|
|
|
|
Fortinet.ErrorCounter "HA value"
|
|
|
|
printf "%s\n" "=================================="
|
|
}
|
|
|
|
Fortinet.HAStatus.SyncStatus(){
|
|
case ${fgHaStatsSyncStatus[$i]} in
|
|
0) printf "%s\t%s\n" "SyncStatus :" "unsynchronized" ;;
|
|
1) printf "%s\t%s\n" "SyncStatus :" "synchronized" ;;
|
|
esac
|
|
}
|
|
|
|
# - COMMAND LINE ENCODER
|
|
|
|
while test -n "$1"; do
|
|
case "$1" in
|
|
--host | -h)
|
|
HOST_NAME=$2
|
|
shift ;;
|
|
--user | -u)
|
|
USER=$2
|
|
shift ;;
|
|
--phAuth | -pa)
|
|
PHAUTH=$2
|
|
shift ;;
|
|
--phPriv | -pp)
|
|
PHPRIV=$2
|
|
shift ;;
|
|
--type | -t)
|
|
Fortinet.Main $2
|
|
shift ;;
|
|
--help | -H)
|
|
Help.Main ;;
|
|
--version | -V)
|
|
Help.Info
|
|
exit $STATE ;;
|
|
*)
|
|
echo "Unknown argument: $1"
|
|
print_help
|
|
exit $STATE_UNK ;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
Fortinet.Main
|