Add files via upload

check_pf_cpu

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && [ "$3" = "-c" ] && [ "$4" -gt "0" ] ; then
+        warn=$2
+        crit=$4
+        IDLE=$(top -b -d2 | grep 'CPU:' | cut -d',' -f5 | cut -d'%' -f1 | cut -d'.' -f1 | sed -e 's/^[ \t]*//')||exit 3
+        #UTIL=`echo "100-$IDLE"| bc`
+        UTIL=`expr 100 - $IDLE`
+        #UTIL_RND=`echo "100-$IDLE"| bc | awk '{printf("%d\n",$1 + 0.5)}'`
+        #echo "DEBUG:   IDLE:$IDLE"
+        #echo "DEBUG:   UTIL:$UTIL"
+        #echo "DEBUG:   UTIL_RND:$UTIL_RND"
+        if [ $UTIL -ge $warn ];then
+                if [ $UTIL -ge $crit ]; then
+                echo "CRITICAL - CPU Usage = $UTIL%|CPU=$UTIL;;;;"
+                exit 2
+        else
+                echo "WARNING - CPU Usage = $UTIL%|CPU=$UTIL;;;;"
+                exit 1
+        fi
+else
+                echo "OK - CPU Usage = $UTIL%|CPU=$UTIL;;;;"
+        exit 0
+fi
+
+else
+        echo "check_cpu.sh - Nagios Plugin for checking CPU idle percentage "
+        echo ""
+        echo "Usage:    check_pf_cpu.sh -w <warnlevel> -c <critlevel>"
+        exit 3
+fi
+
+

check_pf_interface

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+if [ "$1" = "-i" ] && [ ! -z "$2" ]; then
+	INT=$2
+	NAME_INSTEAD=$4
+
+	IFCONFIG_ACTIVE=$( /sbin/ifconfig $INT | grep "status: active" | wc -l | sed -e 's/^[ \t]*//') ||exit 3
+	IFCONFIG_UP=$( /sbin/ifconfig $INT | grep "<UP," | wc -l | sed -e 's/^[ \t]*//') ||exit 3
+
+	if [ "$NAME_INSTEAD" != "" ]; then
+		INT="$NAME_INSTEAD($INT)"
+	fi
+
+	if [ $IFCONFIG_ACTIVE -eq "1" ] && [ $IFCONFIG_UP -eq "1" ] ; then
+		echo "OK - $INT up and active"
+		exit 0
+        elif [ $IFCONFIG_ACTIVE -eq "0" ] && [ $IFCONFIG_UP -eq "1" ] ; then
+                echo "CRITICAL - $INT up, but not active"
+                exit 2
+        elif [ $IFCONFIG_ACTIVE -eq "1" ] && [ $IFCONFIG_UP -eq "0" ] ; then
+                echo "CRITICAL - $INT down, but active"
+                exit 2
+        elif [ $IFCONFIG_ACTIVE -eq "0" ] && [ $IFCONFIG_UP -eq "0" ] ; then
+                echo "CRITICAL - $INT down and not active"
+                exit 2
+	else  
+		echo "UNKNOWN status on interface $INT"
+		exit 3
+        fi
+
+else
+        echo "check_pf_interface.sh - Nagios Plugin for checking an interface on pfSense "
+        echo ""
+        echo "Usage:	check_pf_interface.sh -i <interface_name> [-name alt name instead of one from ifconfig]"
+	echo "Example:  check_pf_interface.sh -i re0 -name LAN"
+        exit 3
+fi

check_pf_ipsec_tunnel

@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+
+if [ "$1" = "-e" ] && [ ! -z "$2" ]; then
+
+exitstatus=2 #default
+
+endpoint=$2
+name_instead=$4
+
+result=$(/usr/local/sbin/ipsec statusall | grep 'ESTABLISHED' | grep $endpoint | cut -d":" -f2 | cut -d "," -f1 | sed -e 's/^[ \t]*//')||exit 3
+if [ "$name_instead" != "" ]
+  then
+    endpoint=$name_instead
+fi
+
+if [ "$result" != "" ]
+  then
+    echo "OK - IPSEC VPN tunnel to $endpoint - $result"
+    exitstatus=0
+else
+    echo "CRITICAL - IPSEC VPN tunnel not found: $endpoint"
+    exitstatus=2
+fi
+
+#echo "exit: $exitstatus"
+exit $exitstatus
+
+else
+        echo "check_pf_ipsec_tunnel.sh - Nagios Plugin for checking IPSEC tunnel status on pfSense "
+        echo ""
+        echo "Usage:    check_pf_ipsec_tunnel.sh -e <remote gateway> [-name instead of IP address]"
+        echo "Note:     must be the same IP or hostname used in IPSEC config"
+	echo "Example:  check_pf_ipsec_tunnel.sh -e 4.4.4.4 -name Google"
+        exit 3
+fi

check_pf_mem

@@ -0,0 +1,63 @@
+#!/bin/sh
+
+if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && [ "$3" = "-c" ] && [ "$4" -gt "0" ] ; then
+	warn=$2
+	crit=$4
+	SYSCTL_FILE='/home/nagios/sysctl.temp'
+	SYSCTL=$(/sbin/sysctl -a > $SYSCTL_FILE)||exit 3
+	#echo $SYSCTL
+	TOTAL_MEM=`grep 'hw.physmem:' $SYSCTL_FILE | cut -d":" -f2`
+	#echo "total mem" $TOTAL_MEM 
+	TOTAL_MEM_MB=`expr $TOTAL_MEM / 1024 / 1024`
+	#echo "total mem in MB" $TOTAL_MEM_MB
+	PAGESIZE=`grep 'hw.pagesize:' $SYSCTL_FILE | cut -d":" -f2`
+	#echo "pagesize" $PAGESIZE
+        ACTIVE_COUNT=`grep 'vm.stats.vm.v_active_count:' $SYSCTL_FILE | cut -d":" -f2`
+        #echo "active_count" $ACTIVE_COUNT
+	MEM_ACTIVE=`expr $ACTIVE_COUNT \* $PAGESIZE` 
+        #echo "mem active" $MEM_ACTIVE
+        INACTIVE_COUNT=`grep 'vm.stats.vm.v_inactive_count:' $SYSCTL_FILE | cut -d":" -f2`
+        #echo "inactive_count" $INACTIVE_COUNT
+        MEM_INACTIVE=`expr $INACTIVE_COUNT \* $PAGESIZE`
+        #echo "mem inactive" $MEM_INACTIVE
+        CACHE_COUNT=`grep 'vm.stats.vm.v_cache_count:' $SYSCTL_FILE | cut -d":" -f2`
+        #echo "cache_count" $CACHE_COUNT
+        MEM_CACHE=`expr $CACHE_COUNT \* $PAGESIZE`
+        #echo "mem cache" $MEM_CACHE
+        FREE_COUNT=`grep 'vm.stats.vm.v_free_count:' $SYSCTL_FILE | cut -d":" -f2`
+        #echo "free_count" $FREE_COUNT
+        MEM_FREE=`expr $FREE_COUNT \* $PAGESIZE`
+        #echo "mem free" $MEM_FREE
+
+        FREE_MEM=`expr $MEM_INACTIVE + $MEM_CACHE + $MEM_FREE`
+        #echo "free mem" $FREE_MEM
+        #FREE_MEM_KB=`expr $FREE_MEM / 1024`
+        #echo "free mem in KB" $FREE_MEM_KB
+	FREE_MEM_MB=`expr $FREE_MEM / 1024 / 1024`
+	#echo "free mem in MB" $FREE_MEM_MB
+	USED_MEM=`expr $TOTAL_MEM - $FREE_MEM`
+	#echo "used mem" $USED_MEM
+	USED_MEM_MB=`expr $USED_MEM / 1024`
+	#echo "used mem in MB" $USED_MEM
+	USED_MEM_PER=`expr $USED_MEM \* 100 / $TOTAL_MEM` 
+	#echo "used mem %" $USED_MEM_PER
+
+        if [ $USED_MEM_PER -ge $warn ];then
+                if [ $USED_MEM_PER -ge $crit ]; then
+                echo "CRITICAL - Memory Usage = $USED_MEM_PER%|MEM=$USED_MEM_PER;;;;"
+                exit 2
+        	else
+                echo "WARNING - Memory Usage = $USED_MEM_PER%|MEM=$USED_MEM_PER;;;;"
+                exit 1
+        	fi
+	else
+                echo "OK - Memory Usage = $USED_MEM_PER%|MEM=$USED_MEM_PER;;;;"
+        	exit 0
+	fi
+	
+else
+        echo "check_mem.sh - Nagios Plugin for checking memory usage"
+        echo ""
+        echo "Usage:	check_mem.sh -w <warnlevel> -c <critlevel>"
+        exit 3
+fi

check_pf_services

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+if [ "$1" = "-name" ] && [ ! -z "$2" ]; then
+        NAME=$2
+	OPTION3=$3
+	OPTION4=$4
+	if [ "$NAME" = "pinger" ]; then
+		
+		if [ -f /usr/local/bin/dpinger ]; then 
+        		CHECK=$(/usr/local/sbin/pfSsh.php playback svc status dpinger $OPTION3 $OPTION4 |grep 'running' |wc -l | sed -e 's/^[ \t]*//')||exit 3
+			NAME="d"$NAME
+		else
+        		CHECK=$(/usr/local/sbin/pfSsh.php playback svc status apinger $OPTION3 $OPTION4 |grep 'running' |wc -l | sed -e 's/^[ \t]*//')||exit 3
+			NAME="a"$NAME
+		fi
+
+		#CHECK=`expr $CHECK1 + $CHECK2`
+
+	else 
+		CHECK=$(/usr/local/sbin/pfSsh.php playback svc status $NAME $OPTION3 $OPTION4 |grep 'running' |wc -l | sed -e 's/^[ \t]*//')||exit 3
+	fi
+        #CHECK=$(/usr/local/sbin/pfSsh.php playback svc status $NAME)||exit 3
+        #echo "DEBUG:   NAME:$NAME CHECK:$CHECK"
+        if [ $CHECK -lt 1 ];then
+                echo "CRITICAL - $NAME service not running"
+                exit 2
+        else
+                echo "OK - $NAME service is running"
+                exit 0
+        fi
+
+else
+        echo "check_pf_services.sh - Nagios Plugin for checking services on pfSense "
+        echo ""
+        echo "Usage:    check_pf_services.sh -name <service_name>"
+	echo " "
+	echo "Note:     If captiveportal is the service getting checked, the zone name"
+	echo "          in all lowercase must follow the service_name parameter" 
+	echo "Example:  check_pf_services.sh -name captiveportal guest"
+	echo " "
+	echo "Note:     If openvpn is the service getting checked, two options must be"
+	echo "          specified -- the option "server" followed by the server id." 
+	echo "Example:  check_pf_services.sh -name openvpn server 1"
+	echo " "
+	echo "Note:     Specifying 'pinger' as the service will check both apinger"
+	echo "          as well as dpinger. You can specify directly as well."
+	echo "Example:  check_pf_services.sh -name pinger"
+        exit 3
+fi
+

check_pf_state_table

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && [ "$3" = "-c" ] && [ "$4" -gt "0" ] ; then
+        WARN=$2
+        CRIT=$4
+STATES=`pfctl -si | grep "current entries" | awk '{ print $3 }'`
+LIMIT=`pfctl -sm | grep states | awk '{ print $4 }'`
+#PERC=`echo "$((($STATES*100)/$LIMIT))"|bc`
+PERC=`expr $STATES \* 100 / $LIMIT`
+
+#echo $PERC
+#echo $PERC2
+
+if [ $PERC -lt $WARN ]; then
+        MSG="OK"
+        STATUS="0"
+elif [ $PERC -ge $CRIT ]; then
+        MSG="CRITICAL"
+        STATUS="2"
+elif [ $PERC -ge $WARN ]; then
+        MSG="WARNING"
+        STATUS="1"
+fi
+echo "$MSG - PF state table: $STATES ( $PERC% full - limit: $LIMIT) | current_states=$STATES;state_limit=$LIMIT;percent_used=$PERC"
+exit $STATUS
+
+else
+        echo "check_pf_state_table.sh - Nagios Plugin for checking state table"
+        echo ""
+        echo "Usage:    check_pf_state_table.sh -w <warnlevel> -c <critlevel>"
+        exit 3
+fi
+

check_pf_version

@@ -0,0 +1,78 @@
+#!/usr/local/bin/php -f
+<?
+
+# This check used to pull the version from the website and compare them, 
+# but some variables changed recently and I haven't circled back to this. 
+# Thus, a majority of that code has been commented out. 
+#
+
+require("globals.inc");
+require("config.inc");
+require("functions.inc");
+
+$current_installed_buildtime = trim(file_get_contents("/etc/version.buildtime"));
+$current_installed_version = trim(file_get_contents("/etc/version"));
+# originally going to use same version file as web interface in tmp, but permission issues arose
+$remote_version = trim(@file_get_contents("/home/nagios/{$g['product_name']}_version"));
+$static_text = "";
+
+if(isset($config['system']['firmware']['alturl']['enable']))
+        $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}";
+else
+        $updater_url = $g['update_url'];
+
+$nanosize = "";
+if ($g['platform'] == "nanobsd") {
+        if (file_exists("/etc/nano_use_vga.txt"))
+                $nanosize = "-nanobsd-vga-";
+        else
+                $nanosize = "-nanobsd-";
+
+        $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt")));
+        $update_filename = "latest{$nanosize}.img.gz";
+} else {
+        $update_filename = "latest.tgz";
+}
+
+$autoupdateurl = "{$updater_url}/{$update_filename}";
+
+$tmp_filename = "/home/nagios/{$g['product_name']}_version";
+// check if file exists and see if it is over 6 (60*60*6) hours old, if it is grab a new one
+// do not drop your check under 6 hours as it will cause unnecessary calls to pfSense servers
+if ( (!file_exists($tmp_filename)) || ((time()-filemtime($tmp_filename))> 60*60*6) || (count(file($tmp_filename))>2) ) {
+        //echo "need new remote file\n";
+
+if(download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/home/nagios/{$g['product_name']}_version", 'read_body', 5, 5) === true)
+        { sleep (5); $remote_version = trim(@file_get_contents("/home/nagios/{$g['product_name']}_version")); }
+
+if ( (count(file($tmp_filename))>2) ) {
+        $static_text = gettext("UNKNOWN - unable to check for updates.") . "\n";
+        $exitcode = 3;
+        $remote_version = "Error";
+        if(isset($curcfg['alturl']['enable']))
+                $static_text .= gettext("Could not contact custom update server.") . "\n";
+        else
+                $static_text .= sprintf(gettext('Could not contact %1$s update server %2$s%3$s'), $g['product_name'], $updater_url, "\n");
+}
+
+}
+
+if ($static_text !== "")
+{ $additional_info = $static_text;  }
+/*
+elseif ( pfs_version_compare($current_installed_buildtime, $current_installed_version, $remote_version) == -1)
+{ $additional_info = "WARNING - new version available\n" ;  $exitcode = 1; }
+else
+{ $additional_info = "OK - already at latest version\n" ; $exitcode = 0; }
+*/
+$additional_info .= "Current version: ".$current_installed_version." / ".$current_installed_buildtime;
+#$additional_info .= "Current version: ".$current_installed_version."\n";
+#$additional_info .= "Built on: ".$current_installed_buildtime;
+#$additional_info .= "Remote version: ".$remote_version."\n";
+
+echo $additional_info;
+
+#exit ($exitcode);
+
+?>
+