mirror of
https://github.com/bashclub/check-opnsense.git
synced 2025-01-12 15:20:12 +01:00
Update opnsense_checkmk_agent.py
This commit is contained in:
parent
9661cc5da6
commit
ef78dda27d
@ -22,7 +22,7 @@
|
|||||||
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
|
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
|
||||||
##
|
##
|
||||||
|
|
||||||
__VERSION__ = "0.6"
|
__VERSION__ = "0.61"
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
@ -87,20 +87,19 @@ class checkmk_checker(object):
|
|||||||
_lines.append("AgentOS: {os}".format(**self._info))
|
_lines.append("AgentOS: {os}".format(**self._info))
|
||||||
_lines.append(f"Version: {__VERSION__}")
|
_lines.append(f"Version: {__VERSION__}")
|
||||||
_lines.append("Hostname: {hostname}".format(**self._info))
|
_lines.append("Hostname: {hostname}".format(**self._info))
|
||||||
_lines += self.check_cpu()
|
for _check in dir(self):
|
||||||
_lines += self.check_uptime()
|
if _check.startswith("check_"):
|
||||||
_lines += self.check_df()
|
try:
|
||||||
_lines += self.check_ps()
|
_lines += getattr(self,_check)()
|
||||||
_lines += self.check_zfs()
|
except:
|
||||||
_lines += self.check_mounts()
|
pass
|
||||||
_lines += self.check_netctr()
|
|
||||||
_lines += self.check_net()
|
|
||||||
_lines += self.check_tcp()
|
|
||||||
_lines += self.check_ntp()
|
|
||||||
_lines += self.check_dhcp()
|
|
||||||
_lines.append("<<<local:sep(0)>>>")
|
_lines.append("<<<local:sep(0)>>>")
|
||||||
_lines += self.check_firmware()
|
for _check in dir(self):
|
||||||
_lines += self.check_openvpn()
|
if _check.startswith("checklocal_"):
|
||||||
|
try:
|
||||||
|
_lines += getattr(self,_check)()
|
||||||
|
except:
|
||||||
|
pass
|
||||||
_lines.append("")
|
_lines.append("")
|
||||||
return "\n".join(_lines)
|
return "\n".join(_lines)
|
||||||
|
|
||||||
@ -135,9 +134,9 @@ class checkmk_checker(object):
|
|||||||
@staticmethod
|
@staticmethod
|
||||||
def get_common_name(certrdn):
|
def get_common_name(certrdn):
|
||||||
try:
|
try:
|
||||||
return next(filter(lambda x: x.oid == x509.oid.NameOID.COMMON_NAME,certrdn)).value
|
return next(filter(lambda x: x.oid == x509.oid.NameOID.COMMON_NAME,certrdn)).value.strip()
|
||||||
except:
|
except:
|
||||||
return "fail"
|
return str(certrdn)
|
||||||
|
|
||||||
def _certificate_parser(self):
|
def _certificate_parser(self):
|
||||||
self._certificate_timestamp = time.time()
|
self._certificate_timestamp = time.time()
|
||||||
@ -181,9 +180,24 @@ class checkmk_checker(object):
|
|||||||
continue
|
continue
|
||||||
_desc = _interface.get("descr")
|
_desc = _interface.get("descr")
|
||||||
_ifs[_interface.get("if","_")] = _desc if _desc else _name.upper()
|
_ifs[_interface.get("if","_")] = _desc if _desc else _name.upper()
|
||||||
|
|
||||||
|
try:
|
||||||
|
_wgserver = self._config_reader().get("OPNsense").get("wireguard").get("server").get("servers").get("server")
|
||||||
|
if type(_wgserver) == dict:
|
||||||
|
_wgserver = [_wgserver]
|
||||||
|
_ifs.update(
|
||||||
|
dict(
|
||||||
|
map(
|
||||||
|
lambda x: ("wg{}".format(x.get("instance")),x.get("name")),
|
||||||
|
_wgserver
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
except:
|
||||||
|
raise
|
||||||
return _ifs
|
return _ifs
|
||||||
|
|
||||||
def check_firmware(self):
|
def checklocal_firmware(self):
|
||||||
if self._info.get("os_version") != self._info.get("latest_version"):
|
if self._info.get("os_version") != self._info.get("latest_version"):
|
||||||
return ["1 Firmware update_available=1 Version {os_version} ({latest_version} available)".format(**self._info)]
|
return ["1 Firmware update_available=1 Version {os_version} ({latest_version} available)".format(**self._info)]
|
||||||
return ["0 Firmware update_available=0 Version {os_version}".format(**self._info)]
|
return ["0 Firmware update_available=0 Version {os_version}".format(**self._info)]
|
||||||
@ -260,7 +274,28 @@ class checkmk_checker(object):
|
|||||||
_ret.append(_ip)
|
_ret.append(_ip)
|
||||||
return _ret
|
return _ret
|
||||||
|
|
||||||
def check_openvpn(self):
|
@staticmethod
|
||||||
|
def _read_from_openvpnsocket(vpnsocket,cmd):
|
||||||
|
_sock = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
|
||||||
|
try:
|
||||||
|
_sock.connect(vpnsocket)
|
||||||
|
assert (_sock.recv(4096).decode("utf-8")).startswith(">INFO")
|
||||||
|
cmd = cmd.strip() + "\n"
|
||||||
|
_sock.send(cmd.encode("utf-8"))
|
||||||
|
_data = ""
|
||||||
|
while True:
|
||||||
|
_socket_data = _sock.recv(4096).decode("utf-8")
|
||||||
|
_data += _socket_data
|
||||||
|
if _socket_data.strip().endswith("END") or _socket_data.strip().startswith("SUCCESS:"):
|
||||||
|
break
|
||||||
|
return _data
|
||||||
|
finally:
|
||||||
|
_sock.send("quit\n".encode("utf-8"))
|
||||||
|
_sock.close()
|
||||||
|
_sock = None
|
||||||
|
return ""
|
||||||
|
|
||||||
|
def checklocal_openvpn(self):
|
||||||
_ret = [""]
|
_ret = [""]
|
||||||
_cfr = self._config_reader().get("openvpn")
|
_cfr = self._config_reader().get("openvpn")
|
||||||
if type(_cfr) != dict:
|
if type(_cfr) != dict:
|
||||||
@ -283,10 +318,12 @@ class checkmk_checker(object):
|
|||||||
if not _server.get("maxclients"):
|
if not _server.get("maxclients"):
|
||||||
_max_clients = ipaddress.IPv4Network(_server.get("tunnel_network")).num_addresses -2
|
_max_clients = ipaddress.IPv4Network(_server.get("tunnel_network")).num_addresses -2
|
||||||
if _server.get("topology_subnet") != "yes":
|
if _server.get("topology_subnet") != "yes":
|
||||||
_max_clients = int(_max_clients/4)
|
_max_clients = max(1,int(_max_clients/4)) ## p2p
|
||||||
_server["maxclients"] = _max_clients
|
_server["maxclients"] = _max_clients
|
||||||
|
|
||||||
_server_cert = self._get_certificate(_server.get("certref"))
|
_server_cert = self._get_certificate(_server.get("certref"))
|
||||||
|
_nclients, _server["bytesin"], _server["bytesout"] = 0,0,0
|
||||||
|
_server["expiredays"] = 0
|
||||||
_server["expiredate"] = "no certificate found"
|
_server["expiredate"] = "no certificate found"
|
||||||
if _server_cert:
|
if _server_cert:
|
||||||
_notvalidafter = _server_cert.get("not_valid_after")
|
_notvalidafter = _server_cert.get("not_valid_after")
|
||||||
@ -294,48 +331,43 @@ class checkmk_checker(object):
|
|||||||
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
|
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
|
||||||
try:
|
try:
|
||||||
_unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server)
|
_unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server)
|
||||||
_sock = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
|
|
||||||
try:
|
try:
|
||||||
_sock.connect(_unix)
|
_nclients, _server["bytesin"], _server["bytesout"] = re.findall("=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))
|
||||||
_sock.send("status 2\n".encode("utf-8"))
|
except:
|
||||||
_data = ""
|
pass
|
||||||
while True:
|
|
||||||
_socket_data = _sock.recv(4096).decode("utf-8")
|
_number_of_clients = 0
|
||||||
if _socket_data:
|
_now = int(time.time())
|
||||||
_data += _socket_data
|
_response = self._read_from_openvpnsocket(_unix,"status 2")
|
||||||
if _socket_data.find("\nEND\r\n") > -1:
|
for _client_match in re.finditer("^CLIENT_LIST,(.*?)$",_response,re.M):
|
||||||
break
|
_number_of_clients += 1
|
||||||
_number_of_clients = 0
|
_client_raw = _client_match.group(1).split(",")
|
||||||
_now = int(time.time())
|
_client = {
|
||||||
for _client_match in re.finditer("^CLIENT_LIST,(.*?)$",_data,re.M):
|
"server" : _server.get("name"),
|
||||||
_number_of_clients += 1
|
"common_name" : _client_raw[0],
|
||||||
_client_raw = _client_match.group(1).split(",")
|
"remote_ip" : _client_raw[1].split(":")[0],
|
||||||
_client = {
|
"vpn_ip" : _client_raw[2],
|
||||||
"server" : _server.get("name"),
|
"vpn_ipv6" : _client_raw[3],
|
||||||
"common_name" : _client_raw[0],
|
"bytes_received" : int(_client_raw[4]),
|
||||||
"remote_ip" : _client_raw[1].split(":")[0],
|
"bytes_sent" : int(_client_raw[5]),
|
||||||
"vpn_ip" : _client_raw[2],
|
"uptime" : _now - int(_client_raw[7]),
|
||||||
"vpn_ipv6" : _client_raw[3],
|
"username" : _client_raw[8] if _client_raw[8] != "UNDEF" else _client_raw[0],
|
||||||
"bytes_received" : int(_client_raw[4]),
|
"clientid" : int(_client_raw[9]),
|
||||||
"bytes_sent" : int(_client_raw[5]),
|
"cipher" : _client_raw[11].strip("\r\n")
|
||||||
"uptime" : _now - int(_client_raw[7]),
|
}
|
||||||
"username" : _client_raw[8] if _client_raw[8] != "UNDEF" else _client_raw[0],
|
if _client_raw[0].upper() in _monitored_clients:
|
||||||
"clientid" : int(_client_raw[9]),
|
_monitored_clients[_client_raw[0].upper()]["current"].append(_client)
|
||||||
"cipher" : _client_raw[11].strip("\r\n")
|
|
||||||
}
|
_server["status"] = 0
|
||||||
if _client_raw[0].upper() in _monitored_clients:
|
|
||||||
_monitored_clients[_client_raw[0].upper()]["current"].append(_client)
|
|
||||||
finally:
|
|
||||||
_server["status"] = 0
|
|
||||||
_sock.close()
|
|
||||||
if _server["expiredays"] < 61:
|
if _server["expiredays"] < 61:
|
||||||
_server["status"] = 2 if _server["expiredays"] < 31 else 1
|
_server["status"] = 2 if _server["expiredays"] < 31 else 1
|
||||||
else:
|
else:
|
||||||
_server["expiredate"] = "\\n" + _server["expiredate"]
|
_server["expiredate"] = "\\n" + _server["expiredate"]
|
||||||
|
|
||||||
_server["clientcount"] = _number_of_clients
|
_server["clientcount"] = _number_of_clients
|
||||||
_ret.append('{status} "OpenVPN Server: {name}" connections_ssl_vpn={clientcount};;{maxclients}|expiredays={expiredays} {clientcount}/{maxclients} Connections Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
_ret.append('{status} "OpenVPN Server: {name}" connections_ssl_vpn={clientcount};;{maxclients}|if_in_octets={bytesin}|if_out_octets={bytesout}|expiredays={expiredays} {clientcount}/{maxclients} Connections Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
||||||
except:
|
except:
|
||||||
|
raise
|
||||||
_server["status"] = 2
|
_server["status"] = 2
|
||||||
_ret.append('2 "OpenVPN Server: {name}" connections_ssl_vpn=0;;{maxclients}|expiredays={expiredays} Server down Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
_ret.append('2 "OpenVPN Server: {name}" connections_ssl_vpn=0;;{maxclients}|expiredays={expiredays} Server down Port:{local_port}/{protocol} {expiredate}'.format(**_server))
|
||||||
|
|
||||||
@ -345,6 +377,7 @@ class checkmk_checker(object):
|
|||||||
_client["description"] = _client.get("common_name")
|
_client["description"] = _client.get("common_name")
|
||||||
_client["expiredays"] = 0
|
_client["expiredays"] = 0
|
||||||
_client["expiredate"] = "no certificate found"
|
_client["expiredate"] = "no certificate found"
|
||||||
|
_client["status"] = 0
|
||||||
_cert = self._get_certificate_by_cn(_client.get("common_name"))
|
_cert = self._get_certificate_by_cn(_client.get("common_name"))
|
||||||
if _cert:
|
if _cert:
|
||||||
_notvalidafter = _cert.get("not_valid_after")
|
_notvalidafter = _cert.get("not_valid_after")
|
||||||
@ -363,10 +396,9 @@ class checkmk_checker(object):
|
|||||||
_client["longdescr"] = ""
|
_client["longdescr"] = ""
|
||||||
for _conn in _current_conn:
|
for _conn in _current_conn:
|
||||||
_client["longdescr"] += "Server:{server} {remote_ip}->{vpn_ip} {cipher} ".format(**_conn)
|
_client["longdescr"] += "Server:{server} {remote_ip}->{vpn_ip} {cipher} ".format(**_conn)
|
||||||
_client["status"] = 0
|
_ret.append('{status} "OpenVPN Client: {description}" connectiontime={uptime}|connections_ssl_vpn={count}|if_in_octets={bytes_received}|if_out_octets={bytes_sent}|expiredays={expiredays} {longdescr} {expiredate}'.format(**_client))
|
||||||
_ret.append('{status} "OpenVPN Client: {description}" uptime={uptime}|connections_ssl_vpn={count}|net_data_recv={bytes_received}|net_data_sent={bytes_sent}|expiredays={expiredays} {longdescr} {expiredate}'.format(**_client))
|
|
||||||
else:
|
else:
|
||||||
_ret.append('2 "OpenVPN Client: {description}" uptime=0|connections_ssl_vpn=0|net_data_recv=0|net_data_sent=0|expiredays={expiredays} Nicht verbunden {expiredate}'.format(**_client))
|
_ret.append('2 "OpenVPN Client: {description}" connectiontime=0|connections_ssl_vpn=0|if_in_octets=0|if_out_octets=0|expiredays={expiredays} Nicht verbunden {expiredate}'.format(**_client))
|
||||||
return _ret
|
return _ret
|
||||||
|
|
||||||
def check_df(self):
|
def check_df(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user