Module: check_mk
Branch: master
Commit: 43bf758bec26cfe9b304f0a0297c40f9d50075fe
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=43bf758bec26cf…
Author: Sebastian Herbord <sh(a)mathias-kettner.de>
Date: Wed Mar 2 11:28:32 2016 +0100
#3085 fortigate_signatures: new check to monitor av and ips signatures on fortigate
firewalls
This new check monitors the age and version of Signatures of the Anti-Virus and Intrusion
Prevention System.
---
.werks/3085 | 10 ++++
ChangeLog | 1 +
checkman/fortigate_signatures | 16 ++++++
checks/fortigate_signatures | 92 ++++++++++++++++++++++++++++++++++
web/plugins/wato/check_parameters.py | 24 +++++++++
5 files changed, 143 insertions(+)
diff --git a/.werks/3085 b/.werks/3085
new file mode 100644
index 0000000..568549f
--- /dev/null
+++ b/.werks/3085
@@ -0,0 +1,10 @@
+Title: fortigate_signatures: new check to monitor av and ips signatures on fortigate
firewalls
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.2.9i1
+Date: 1456914423
+Class: feature
+
+This new check monitors the age and version of Signatures of the Anti-Virus and
Intrusion
+Prevention System.
diff --git a/ChangeLog b/ChangeLog
index e58171f..66b7ebe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,7 @@
* 3081 mk_jolokia: plugin now supports setting custom CAs for verifying server
certificate as well as sending a client certificate...
* 3191 cisco_redundancy: new check which monitors the status of the redundant unit of
Cisco devices supporting the CISCO-RF-MIB
* 3083 mk_jolokia: The plugin can now be configured with a service url to treat the
jolokia server as a jmx proxy
+ * 3085 fortigate_signatures: new check to monitor av and ips signatures on fortigate
firewalls...
* 3073 FIX: windows agent: relative paths to mrpe scripts are now treated as relative
to the agent installation directory...
* 3061 FIX: mk_jolokia: Fixed debugging of the agent plugin
* 3074 FIX: windows agent: fixed incorrect values for 32-bit performance counters
diff --git a/checkman/fortigate_signatures b/checkman/fortigate_signatures
new file mode 100644
index 0000000..6bc63d7
--- /dev/null
+++ b/checkman/fortigate_signatures
@@ -0,0 +1,16 @@
+title: FortiGate firewalls: Age and version of AV and IPS signatures
+agents: snmp
+catalog: hw/network/fortinet
+license: GPL
+distribution: check_mk
+description:
+ This check monitors the version of Antivirus and Intrusion Protection Signature
+ checks.
+ If the last signature update is too long ago, it will go into {WARN} or {CRIT} state.
+
+ Please note: There is no documentation on which timezone the signature date is stored
in
+ and whether it reports the date the signature file was published or when it was
installed.
+ If you know these details, please let us know.
+
+inventory:
+ One service is discovered on supported devices.
diff --git a/checks/fortigate_signatures b/checks/fortigate_signatures
new file mode 100644
index 0000000..93777b2
--- /dev/null
+++ b/checks/fortigate_signatures
@@ -0,0 +1,92 @@
+#!/usr/bin/python
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2016 mk(a)mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at
http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# .1.3.6.1.4.1.12356.101.4.2.1.0 27.00768(2015-09-01 15:10)
+# .1.3.6.1.4.1.12356.101.4.2.2.0 6.00689(2015-09-01 00:15)
+
+
+# signature ages (defaults are 1/2 days)
+factory_settings['fortigate_signature_default_levels'] = {
+ 'av_age': (86400, 172800),
+ 'ips_age': (86400, 172800)
+}
+
+
+def inventory_fortigate_signatures(info):
+ if info:
+ return [(None, {})]
+ else:
+ return []
+
+def check_fortigate_signatures(_no_item, params, info):
+ def parse_version(ver):
+ # sample: 27.00768(2015-09-01 15:10)
+ ver_regex = regex("([0-9.]*)\(([0-9-: ]*)\)")
+ match = ver_regex.match(ver)
+ if match is None:
+ return None, None
+ # what timezone is this in?
+ t = time.strptime(match.group(2), "%Y-%m-%d %H:%S")
+ ts = time.mktime(t)
+ return match.group(1), time.time() - ts
+
+ def age_status(age, levels):
+ if age >= levels[1]:
+ return 2
+ elif age >= levels[0]:
+ return 1
+ else:
+ return 0
+
+ def output_status(typ, signature_info, levels):
+ version, age = parse_version(signature_info)
+ status = age_status(age, levels)
+
+ if status != 0:
+ return status, "%s Signature %s is %s old (warn/crit at %s/%s)" %\
+ (typ, version,
+ get_age_human_readable(age),
+ get_age_human_readable(levels[0]),
+ get_age_human_readable(levels[1]))
+ else:
+ return 0, "%s Signature %s is current" % (typ, version)
+
+ if info:
+ yield output_status("AV", info[0][0], params['av_age'])
+ yield output_status("IPS", info[0][1], params['ips_age'])
+
+
+check_info['fortigate_signatures'] = {
+ 'inventory_function' : inventory_fortigate_signatures,
+ 'check_function' : check_fortigate_signatures,
+ 'service_description' : "Signatures",
+ 'snmp_scan_function' : lambda oid: ".1.3.6.1.4.1.12356.101.1"
in oid(".1.3.6.1.2.1.1.2.0"),
+ 'snmp_info' : (".1.3.6.1.4.1.12356.101.4.2", [1,
2]),
+ 'default_levels_variable' : "fortigate_signature_default_levels",
+ 'group' : 'fortinet_signatures'
+}
+
diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py
index 7c4a2bb..c99ad00 100644
--- a/web/plugins/wato/check_parameters.py
+++ b/web/plugins/wato/check_parameters.py
@@ -94,6 +94,30 @@ register_check_parameters(
"dict"
)
+register_check_parameters(
+ subgroup_networking,
+ "fortinet_signatures",
+ "Fortigate Signatures",
+ Dictionary(
+ elements = [
+ ('av_age',
+ Tuple(title = "Age of Anti-Virus signature",
+ elements = [
+ Age(title=_("Warning at"), default_value = 86400),
+ Age(title=_("Critical at"), default_value = 2*86400),
+ ])),
+ ('ips_age',
+ Tuple(title = "Age of Intrusion Prevention signature",
+ elements = [
+ Age(title=_("Warning at"), default_value = 86400),
+ Age(title=_("Critical at"), default_value = 2*86400),
+ ])),
+ ]
+ ),
+ None,
+ "dict"
+)
+
#.
# .--Inventory-----------------------------------------------------------.
# | ___ _ |