Module: check_mk Branch: master Commit: b2594066c76e3437bdbd6182944ed515c7def36d URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b2594066c76e34… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Apr 10 15:19:02 2018 +0200 5965 fortigate_signatures: Extended database signature of anti-virus and intrusion prevention are configurable Change-Id: Ifd8c5e778bacfaf63e423f94f88ad7d2748d5977 --- .werks/5965 | 10 +++++ checks/fortigate_signatures | 72 ++++++++++++++++++++---------------- web/plugins/wato/check_parameters.py | 72 ++++++++++++++++++++++++++++-------- 3 files changed, 108 insertions(+), 46 deletions(-) diff --git a/.werks/5965 b/.werks/5965 new file mode 100644 index 0000000..3facdc0 --- /dev/null +++ b/.werks/5965 @@ -0,0 +1,10 @@ +Title: fortigate_signatures: Extended database signature of anti-virus and intrusion prevention are configurable +Level: 1 +Component: checks +Compatible: compat +Edition: cre +Version: 1.5.0i4 +Date: 1523362627 +Class: feature + + diff --git a/checks/fortigate_signatures b/checks/fortigate_signatures index 93777b2..3085cad 100644 --- a/checks/fortigate_signatures +++ b/checks/fortigate_signatures @@ -32,17 +32,11 @@ # signature ages (defaults are 1/2 days) factory_settings['fortigate_signature_default_levels'] = { 'av_age': (86400, 172800), - 'ips_age': (86400, 172800) + 'ips_age': (86400, 172800), } -def inventory_fortigate_signatures(info): - if info: - return [(None, {})] - else: - return [] - -def check_fortigate_signatures(_no_item, params, info): +def parse_fortigate_signatures(info): def parse_version(ver): # sample: 27.00768(2015-09-01 15:10) ver_regex = regex("([0-9.]*)\(([0-9-: ]*)\)") @@ -54,39 +48,55 @@ def check_fortigate_signatures(_no_item, params, info): ts = time.mktime(t) return match.group(1), time.time() - ts - def age_status(age, levels): - if age >= levels[1]: - return 2 - elif age >= levels[0]: - return 1 - else: - return 0 + parsed = [] + for (key, title), value in zip([ + ("av_age", "AV"), + ("ips_age", "IPS"), + ("av_ext_age", "AV extended"), + ("ips_ext_age", "IPS extended") + ], info[0]): + version, age = parse_version(value) + parsed.append((key, title, version, age)) + return parsed - def output_status(typ, signature_info, levels): - version, age = parse_version(signature_info) - status = age_status(age, levels) - if status != 0: - return status, "%s Signature %s is %s old (warn/crit at %s/%s)" %\ - (typ, version, - get_age_human_readable(age), - get_age_human_readable(levels[0]), - get_age_human_readable(levels[1])) - else: - return 0, "%s Signature %s is current" % (typ, version) +def inventory_fortigate_signatures(parsed): + if parsed: + return [(None, {})] - if info: - yield output_status("AV", info[0][0], params['av_age']) - yield output_status("IPS", info[0][1], params['ips_age']) + +def check_fortigate_signatures(_no_item, params, parsed): + for key, title, version, age in parsed: + if age is None: + continue + infotext = "[%s] %s age: %s" % (version, title, get_age_human_readable(age)) + state = 0 + levels = params.get(key) + if levels is not None: + warn, crit = levels + if crit is not None and age >= crit: + state = 2 + elif warn is not None and age >= warn: + state = 1 + if state: + infotext += " (warn/crit at %s/%s)" % ( + get_age_human_readable(warn), + get_age_human_readable(crit)) + yield state, infotext check_info['fortigate_signatures'] = { + 'parse_function' : parse_fortigate_signatures, 'inventory_function' : inventory_fortigate_signatures, 'check_function' : check_fortigate_signatures, 'service_description' : "Signatures", 'snmp_scan_function' : lambda oid: ".1.3.6.1.4.1.12356.101.1" in oid(".1.3.6.1.2.1.1.2.0"), - 'snmp_info' : (".1.3.6.1.4.1.12356.101.4.2", [1, 2]), + 'snmp_info' : (".1.3.6.1.4.1.12356.101.4.2", [ + "1", # FORTINET-FORTIGATE-MIB::fgSysVersionAv + "2", # FORTINET-FORTIGATE-MIB::fgSysVersionIps + "3", # FORTINET-FORTIGATE-MIB::fgSysVersionAvEt + "4", # FORTINET-FORTIGATE-MIB::fgSysVersionIpsEt + ]), 'default_levels_variable' : "fortigate_signature_default_levels", 'group' : 'fortinet_signatures' } - diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py index 4107a7e..2092288 100644 --- a/web/plugins/wato/check_parameters.py +++ b/web/plugins/wato/check_parameters.py @@ -96,26 +96,68 @@ register_check_parameters( "dict" ) +def transform_fortinet_signatures_to_gui(p): + for k in ["av_age", "av_ext_age", "ips_age", "ips_ext_age"]: + p.setdefault(k, None) + return p + register_check_parameters( subgroup_networking, "fortinet_signatures", "Fortigate Signatures", - Dictionary( + Transform(Dictionary( elements = [ - ('av_age', - Tuple(title = "Age of Anti-Virus signature", - elements = [ - Age(title=_("Warning at"), default_value = 86400), - Age(title=_("Critical at"), default_value = 2*86400), - ])), - ('ips_age', - Tuple(title = "Age of Intrusion Prevention signature", - elements = [ - Age(title=_("Warning at"), default_value = 86400), - Age(title=_("Critical at"), default_value = 2*86400), - ])), - ] - ), + ('av_age', Alternative( + title=_("Age of Anti-Virus signature"), + style="dropdown", + elements=[ + FixedValue(None, title=_("No levels"), totext=""), + Tuple(title=_("Set levels"), + elements = [ + Age(title=_("Warning at"), default_value = 86400), + Age(title=_("Critical at"), default_value = 2*86400), + ]), + ]), + ), + ('av_ext_age', Alternative( + title=_("Age of Anti-Virus signature extended database"), + style="dropdown", + elements=[ + FixedValue(None, title=_("No levels"), totext=""), + Tuple(title=_("Set levels"), + elements = [ + Age(title=_("Warning at"), default_value = 86400), + Age(title=_("Critical at"), default_value = 2*86400), + ]), + ]), + ), + ('ips_age', Alternative( + title=_("Age of Intrusion Prevention signature"), + style="dropdown", + elements=[ + FixedValue(None, title=_("No levels"), totext=""), + Tuple(title=_("Set levels"), + elements = [ + Age(title=_("Warning at"), default_value = 86400), + Age(title=_("Critical at"), default_value = 2*86400), + ]), + ]), + ), + ('ips_ext_age', Alternative( + title=_("Age of Intrusion Prevention signature extended database"), + style="dropdown", + elements=[ + FixedValue(None, title=_("No levels"), totext=""), + Tuple(title=_("Set levels"), + elements = [ + Age(title=_("Warning at"), default_value = 86400), + Age(title=_("Critical at"), default_value = 2*86400), + ]), + ]), + ), + ], + optional_keys=[], + ), forth=transform_fortinet_signatures_to_gui), None, "dict" )