Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nbuchwitz/check_opnsense

Check script for opnsense firewall
https://github.com/nbuchwitz/check_opnsense

hacktoberfest monitoring python

Last synced: 17 days ago
JSON representation

Check script for opnsense firewall

Host: GitHub
URL: https://github.com/nbuchwitz/check_opnsense
Owner: nbuchwitz
License: gpl-2.0
Created: 2018-04-09T11:57:18.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-07-01T23:20:32.000Z (6 months ago)
Last Synced: 2024-07-04T12:42:27.105Z (6 months ago)
Topics: hacktoberfest, monitoring, python
Language: Python
Homepage:
Size: 21.5 KB
Stars: 17
Watchers: 5
Forks: 12
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# check_opnsense
Icinga check command for OPNsense firewall monitoring

## Requirements

This check command depends on the following python modules:
* enum
* requests
* argparse

**Installation on Debian / Ubuntu**
```
apt install python3 python3-requests
```

**Installation on Rocky / Alma Linux 9**
```
yum install python3 python3-requests
```

**Installation on FreeBSD**
```
pkg install python3 py39-requests
```

## Usage

The ``icinga2`` folder contains the command defintion and service examples for use with Icinga2.

```shell
usage: check_opnsense.py [-h] -H HOSTNAME [-p PORT] --api-key API_KEY --api-secret
API_SECRET [-k] -m {updates} [-w TRESHOLD_WARNING]
[-c TRESHOLD_CRITICAL]

Check command OPNsense firewall monitoring

optional arguments:
-h, --help show this help message and exit

API Options:
-H HOSTNAME, --hostname HOSTNAME
OPNsense hostname or ip address
-p PORT, --port PORT OPNsense https-api port
OPNsense hostname or ip address
--api-key API_KEY API key (See OPNsense user manager)
--api-secret API_SECRET
API key (See OPNsense user manager)
-k, --insecure Don't verify HTTPS certificate

Check Options:
-m {updates}, --mode {updates}
Mode to use.
-w TRESHOLD_WARNING, --warning TRESHOLD_WARNING
Warning treshold for check value
-c TRESHOLD_CRITICAL, --critical TRESHOLD_CRITICAL
Critical treshold for check value

```

## Create API credentials

Go to the user manager and select the user you want to use for API access. Click the ``+`` icon in the ``API keys`` section to add a new API key, which triggers a download of a tex file containing the key and secret.

This file should look similar to this one:

```
key=w86XNZob/8Oq8aC5r0kbNarNtdpoQU781fyoeaOBQsBwkXUt
secret=XeD26XVrJ5ilAc/EmglCRC+0j2e57tRsjHwFepOseySWLM53pJASeTA3
```

For further information have a look at the [opnsense documentation](https://docs.opnsense.org/development/how-tos/api.html).

## Examples

**Check for updates**
```shell
./check_opnsense.py -H --api-key --api-secret -m updates
CRITICAL - 42 pending updates. Subsequent reboot required.

./check_opnsense.py -H --api-key --api-secret -m updates
WARNING - 14 pending updates.
```