bashclub/check-opnsense
1
0
Fork 0
mirror of https://github.com/bashclub/check-opnsense.git synced 2024-11-08 00:31:58 +01:00
Code Issues Projects Releases Wiki Activity

Update opnsense_checkmk_agent.py

Browse Source
This commit is contained in:
Thorsten Spille 2022-01-20 09:42:52 +01:00 committed by GitHub
parent 9661cc5da6
commit ef78dda27d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 88 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
opnsense_checkmk_agent.py
View File

@ -22,7 +22,7 @@
## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x ## copy to /usr/local/etc/rc.syshook.d/start/99-checkmk_agent and chmod +x
## ##
__VERSION__ = "0.6" __VERSION__ = "0.61"
import sys import sys
import os import os
@ -87,20 +87,19 @@ class checkmk_checker(object):
_lines.append("AgentOS: {os}".format(**self._info)) _lines.append("AgentOS: {os}".format(**self._info))
_lines.append(f"Version: {__VERSION__}") _lines.append(f"Version: {__VERSION__}")
_lines.append("Hostname: {hostname}".format(**self._info)) _lines.append("Hostname: {hostname}".format(**self._info))
_lines += self.check_cpu() for _check in dir(self):
_lines += self.check_uptime() if _check.startswith("check_"):
_lines += self.check_df() try:
_lines += self.check_ps() _lines += getattr(self,_check)()
_lines += self.check_zfs() except:
_lines += self.check_mounts() pass
_lines += self.check_netctr()
_lines += self.check_net()
_lines += self.check_tcp()
_lines += self.check_ntp()
_lines += self.check_dhcp()
_lines.append("<<<local:sep(0)>>>") _lines.append("<<<local:sep(0)>>>")
_lines += self.check_firmware() for _check in dir(self):
_lines += self.check_openvpn() if _check.startswith("checklocal_"):
try:
_lines += getattr(self,_check)()
except:
pass
_lines.append("") _lines.append("")
return "\n".join(_lines) return "\n".join(_lines)
@ -135,9 +134,9 @@ class checkmk_checker(object):
@staticmethod @staticmethod
def get_common_name(certrdn): def get_common_name(certrdn):
try: try:
return next(filter(lambda x: x.oid == x509.oid.NameOID.COMMON_NAME,certrdn)).value return next(filter(lambda x: x.oid == x509.oid.NameOID.COMMON_NAME,certrdn)).value.strip()
except: except:
return "fail" return str(certrdn)
def _certificate_parser(self): def _certificate_parser(self):
self._certificate_timestamp = time.time() self._certificate_timestamp = time.time()
@ -181,9 +180,24 @@ class checkmk_checker(object):
continue continue
_desc = _interface.get("descr") _desc = _interface.get("descr")
_ifs[_interface.get("if","_")] = _desc if _desc else _name.upper() _ifs[_interface.get("if","_")] = _desc if _desc else _name.upper()
try:
_wgserver = self._config_reader().get("OPNsense").get("wireguard").get("server").get("servers").get("server")
if type(_wgserver) == dict:
_wgserver = [_wgserver]
_ifs.update(
dict(
map(
lambda x: ("wg{}".format(x.get("instance")),x.get("name")),
_wgserver
)
)
)
except:
raise
return _ifs return _ifs
def check_firmware(self): def checklocal_firmware(self):
if self._info.get("os_version") != self._info.get("latest_version"): if self._info.get("os_version") != self._info.get("latest_version"):
return ["1 Firmware update_available=1 Version {os_version} ({latest_version} available)".format(**self._info)] return ["1 Firmware update_available=1 Version {os_version} ({latest_version} available)".format(**self._info)]
return ["0 Firmware update_available=0 Version {os_version}".format(**self._info)] return ["0 Firmware update_available=0 Version {os_version}".format(**self._info)]
@ -260,7 +274,28 @@ class checkmk_checker(object):
_ret.append(_ip) _ret.append(_ip)
return _ret return _ret
def check_openvpn(self): @staticmethod
def _read_from_openvpnsocket(vpnsocket,cmd):
_sock = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
try:
_sock.connect(vpnsocket)
assert (_sock.recv(4096).decode("utf-8")).startswith(">INFO")
cmd = cmd.strip() + "\n"
_sock.send(cmd.encode("utf-8"))
_data = ""
while True:
_socket_data = _sock.recv(4096).decode("utf-8")
_data += _socket_data
if _socket_data.strip().endswith("END") or _socket_data.strip().startswith("SUCCESS:"):
break
return _data
finally:
_sock.send("quit\n".encode("utf-8"))
_sock.close()
_sock = None
return ""
def checklocal_openvpn(self):
_ret = [""] _ret = [""]
_cfr = self._config_reader().get("openvpn") _cfr = self._config_reader().get("openvpn")
if type(_cfr) != dict: if type(_cfr) != dict:
@ -283,10 +318,12 @@ class checkmk_checker(object):
if not _server.get("maxclients"): if not _server.get("maxclients"):
_max_clients = ipaddress.IPv4Network(_server.get("tunnel_network")).num_addresses -2 _max_clients = ipaddress.IPv4Network(_server.get("tunnel_network")).num_addresses -2
if _server.get("topology_subnet") != "yes": if _server.get("topology_subnet") != "yes":
_max_clients = int(_max_clients/4) _max_clients = max(1,int(_max_clients/4)) ## p2p
_server["maxclients"] = _max_clients _server["maxclients"] = _max_clients
_server_cert = self._get_certificate(_server.get("certref")) _server_cert = self._get_certificate(_server.get("certref"))
_nclients, _server["bytesin"], _server["bytesout"] = 0,0,0
_server["expiredays"] = 0
_server["expiredate"] = "no certificate found" _server["expiredate"] = "no certificate found"
if _server_cert: if _server_cert:
_notvalidafter = _server_cert.get("not_valid_after") _notvalidafter = _server_cert.get("not_valid_after")
@ -294,48 +331,43 @@ class checkmk_checker(object):
_server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter)) _server["expiredate"] = time.strftime("Cert Expire: %d.%m.%Y",time.localtime(_notvalidafter))
try: try:
_unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server) _unix = "/var/etc/openvpn/server{vpnid}.sock".format(**_server)
_sock = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
try: try:
_sock.connect(_unix) _nclients, _server["bytesin"], _server["bytesout"] = re.findall("=(\d+)",self._read_from_openvpnsocket(_unix,"load-stats"))
_sock.send("status 2\n".encode("utf-8")) except:
_data = "" pass
while True:
_socket_data = _sock.recv(4096).decode("utf-8") _number_of_clients = 0
if _socket_data: _now = int(time.time())
_data += _socket_data _response = self._read_from_openvpnsocket(_unix,"status 2")
if _socket_data.find("\nEND\r\n") > -1: for _client_match in re.finditer("^CLIENT_LIST,(.*?)$",_response,re.M):
break _number_of_clients += 1
_number_of_clients = 0 _client_raw = _client_match.group(1).split(",")
_now = int(time.time()) _client = {
for _client_match in re.finditer("^CLIENT_LIST,(.*?)$",_data,re.M): "server" : _server.get("name"),
_number_of_clients += 1 "common_name" : _client_raw[0],
_client_raw = _client_match.group(1).split(",") "remote_ip" : _client_raw[1].split(":")[0],
_client = { "vpn_ip" : _client_raw[2],
"server" : _server.get("name"), "vpn_ipv6" : _client_raw[3],
"common_name" : _client_raw[0], "bytes_received" : int(_client_raw[4]),
"remote_ip" : _client_raw[1].split(":")[0], "bytes_sent" : int(_client_raw[5]),
"vpn_ip" : _client_raw[2], "uptime" : _now - int(_client_raw[7]),
"vpn_ipv6" : _client_raw[3], "username" : _client_raw[8] if _client_raw[8] != "UNDEF" else _client_raw[0],
"bytes_received" : int(_client_raw[4]), "clientid" : int(_client_raw[9]),
"bytes_sent" : int(_client_raw[5]), "cipher" : _client_raw[11].strip("\r\n")
"uptime" : _now - int(_client_raw[7]), }
"username" : _client_raw[8] if _client_raw[8] != "UNDEF" else _client_raw[0], if _client_raw[0].upper() in _monitored_clients:
"clientid" : int(_client_raw[9]), _monitored_clients[_client_raw[0].upper()]["current"].append(_client)
"cipher" : _client_raw[11].strip("\r\n")
} _server["status"] = 0
if _client_raw[0].upper() in _monitored_clients:
_monitored_clients[_client_raw[0].upper()]["current"].append(_client)
finally:
_server["status"] = 0
_sock.close()
if _server["expiredays"] < 61: if _server["expiredays"] < 61:
_server["status"] = 2 if _server["expiredays"] < 31 else 1 _server["status"] = 2 if _server["expiredays"] < 31 else 1
else: else:
_server["expiredate"] = "\\n" + _server["expiredate"] _server["expiredate"] = "\\n" + _server["expiredate"]
_server["clientcount"] = _number_of_clients _server["clientcount"] = _number_of_clients
_ret.append('{status} "OpenVPN Server: {name}" connections_ssl_vpn={clientcount};;{maxclients}|expiredays={expiredays} {clientcount}/{maxclients} Connections Port:{local_port}/{protocol} {expiredate}'.format(**_server)) _ret.append('{status} "OpenVPN Server: {name}" connections_ssl_vpn={clientcount};;{maxclients}|if_in_octets={bytesin}|if_out_octets={bytesout}|expiredays={expiredays} {clientcount}/{maxclients} Connections Port:{local_port}/{protocol} {expiredate}'.format(**_server))
except: except:
raise
_server["status"] = 2 _server["status"] = 2
_ret.append('2 "OpenVPN Server: {name}" connections_ssl_vpn=0;;{maxclients}|expiredays={expiredays} Server down Port:{local_port}/{protocol} {expiredate}'.format(**_server)) _ret.append('2 "OpenVPN Server: {name}" connections_ssl_vpn=0;;{maxclients}|expiredays={expiredays} Server down Port:{local_port}/{protocol} {expiredate}'.format(**_server))
@ -345,6 +377,7 @@ class checkmk_checker(object):
_client["description"] = _client.get("common_name") _client["description"] = _client.get("common_name")
_client["expiredays"] = 0 _client["expiredays"] = 0
_client["expiredate"] = "no certificate found" _client["expiredate"] = "no certificate found"
_client["status"] = 0
_cert = self._get_certificate_by_cn(_client.get("common_name")) _cert = self._get_certificate_by_cn(_client.get("common_name"))
if _cert: if _cert:
_notvalidafter = _cert.get("not_valid_after") _notvalidafter = _cert.get("not_valid_after")
@ -363,10 +396,9 @@ class checkmk_checker(object):
_client["longdescr"] = "" _client["longdescr"] = ""
for _conn in _current_conn: for _conn in _current_conn:
_client["longdescr"] += "Server:{server} {remote_ip}->{vpn_ip} {cipher} ".format(**_conn) _client["longdescr"] += "Server:{server} {remote_ip}->{vpn_ip} {cipher} ".format(**_conn)
_client["status"] = 0 _ret.append('{status} "OpenVPN Client: {description}" connectiontime={uptime}|connections_ssl_vpn={count}|if_in_octets={bytes_received}|if_out_octets={bytes_sent}|expiredays={expiredays} {longdescr} {expiredate}'.format(**_client))
_ret.append('{status} "OpenVPN Client: {description}" uptime={uptime}|connections_ssl_vpn={count}|net_data_recv={bytes_received}|net_data_sent={bytes_sent}|expiredays={expiredays} {longdescr} {expiredate}'.format(**_client))
else: else:
_ret.append('2 "OpenVPN Client: {description}" uptime=0|connections_ssl_vpn=0|net_data_recv=0|net_data_sent=0|expiredays={expiredays} Nicht verbunden {expiredate}'.format(**_client)) _ret.append('2 "OpenVPN Client: {description}" connectiontime=0|connections_ssl_vpn=0|if_in_octets=0|if_out_octets=0|expiredays={expiredays} Nicht verbunden {expiredate}'.format(**_client))
return _ret return _ret
def check_df(self): def check_df(self):