def run_check(self):
tables = ['connections', 'fwx_cache']
for t in tables:
out, err = func.execute_command("fw tab -t " + t + " | grep limit")
out = out.read().strip('\n').split(',')
if out[len(out) - 1].strip(' ') == "unlimited":
self.add_result(self.title + " [" + t + "]", "PASS",
"unlimited")
else:
t_limit = int(out[len(out) - 1].replace('limit ',
'').strip(' '))
out, err = func.execute_command("fw tab -t " + t +
" -s | grep " + t)
out = out.read().strip('\n').split()
t_peak = int(out[4])
t_val = int(out[3])
m = False
if t_peak > (t_limit * 0.9):
self.add_result(
self.title + " [" + t + "]", "WARN",
"peak: " + str(t_peak) + "/" + str(t_limit))
m = True
if t_val > (t_limit * 0.9):
self.add_result(
self.title + " [" + t + "]", "FAIL",
"current: " + str(t_val) + "/" + str(t_limit))
m = True
if not m:
self.add_result(self.title + " [" + t + "]", "PASS",
str(t_val) + "/" + str(t_limit))
def check_blades(printRes=False):
global results
title = "Checking active Blades"
logme.loader()
out, err = func.execute_command("fw stat -b AMW")
for line in out:
logme.loader()
if ":" in line:
tmp = line.strip('\n').split(":")
blade = tmp[0].strip(' ')
status = tmp[1].strip(' ')
else:
blade = ""
status = ""
if ("enable" in status.lower() or "disable" in status.lower()
) and "fileapp_ctx_enabled" not in status.lower():
results.append(
[title + " (" + blade + ")", status, "INFO", "Blades"])
if blade == "IPS" and "enable" in status.lower():
out, err = func.execute_command(
'cat $FWDIR/state/local/AMW/local.set | grep -A15 malware_profiles | grep ":name" | awk "{print $2}" | tr -d "()"'
)
for l in out:
results.append([
"Thread Prevention Policy",
l.strip('\n').replace(':name ', ''), "INFO", "Blades"
])
if printRes:
print_results()
def check_crash(printRes=False):
global results
title = "Checking crashes"
logme.loader()
out, err = func.execute_command("ls -l /var/log/crash")
for line in out:
logme.loader()
tmp = line.strip('\n')
if 'total 0' == tmp:
results.append(
[title + " [/var/log/crash]", "", "PASS", "Process"])
if 'admin' in tmp:
f = tmp.split()
f = f[len(f) - 1]
results.append([title + " [/var/log/crash]", f, "FAIL", "Process"])
out, err = func.execute_command("ls -l /var/log/dump/usermode")
for line in out:
logme.loader()
tmp = line.strip('\n')
if 'total 0' == tmp:
results.append(
[title + " [/var/log/dump/usermode]", "", "PASS", "Process"])
if 'admin' in tmp:
f = tmp.split()
f = f[len(f) - 1]
results.append(
[title + " [/var/log/dump/usermode]", f, "FAIL", "Process"])
if printRes:
print_results()
def print_vpn():
vpn_table_tab = "local_meta_sas"
vpn_table = []
vpn_links = {}
logme.loader()
out, err = func.execute_command("fw tab -t " + vpn_table_tab + " -u | awk 'NR>3 { print $0 }' | grep -v '\->'")
for line in out:
logme.loader()
tmp = line.strip("\n").strip("<").strip(">")
tmp = tmp.split(",")
if len(tmp) > 10:
vpn_table.append(tmp)
out, err = func.execute_command("fw tab -t resolved_link -u | awk 'NR>3 { print $0 }'")
for line in out:
logme.loader()
tmp = line.strip("\n").strip("<").strip(">")
remote_id = tmp.split(';')[0]
data = tmp.split(',')
if not remote_id in vpn_links and len(data) > 10:
vpn_links[remote_id] = data[1].strip(' ')
print(" %-8s %17s %17s %20s %20s" % ("ID", "Remote IP", "Resolved Link", "Local Subnet", "Remote Subnet"))
print(" " + 86*"=")
for e in vpn_table:
tunnel_id = e[10].strip(' ')
remote_ip = func.hex2ip(e[0])
if e[0] in vpn_links:
remote_link = func.hex2ip(vpn_links[e[0]])
else:
remote_link = "0.0.0.0"
local_subnet = func.calc_subnet(func.hex2ip(e[1]), func.hex2ip(e[2]))
remote_subnet = func.calc_subnet(func.hex2ip(e[3]), func.hex2ip(e[4]))
print(" %-8s %17s %17s %20s %20s" % (tunnel_id, remote_ip, remote_link, local_subnet, remote_subnet))
def print_kernel(printRes = False, ktype = "fw", search = "", vorgabe = []):
global results
title = "Kernel/"+ktype
if ktype == "fw":
ktxt = "$FWDIR/boot/modules/fw_kern*.o"
else:
ktxt = "$PPKDIR/boot/modules/sim_kern*.o"
if search == "":
out, err = func.execute_command('modinfo -p ' + ktxt + ' | sort -u | grep int | cut -d ":" -f1 | xargs -n1 fw ctl get int')
elif len(vorgabe) > 0:
sStr = ""
for entry in vorgabe:
if sStr != "":
sStr = sStr + "|"
sStr = sStr + entry[0]
out, err = func.execute_command('modinfo -p ' + ktxt + ' | sort -u | grep int | cut -d ":" -f1 | grep -E "(' + sStr + ')" | xargs -n1 fw ctl get int')
else:
out, err = func.execute_command('modinfo -p ' + ktxt + ' | sort -u | grep int | cut -d ":" -f1 | grep ' + search + ' | xargs -n1 fw ctl get int')
for line in out:
logme.loader()
raw = line.strip('\n').split('=')
if len(raw) < 2:
continue
field = raw[0].strip(' ')
val = raw[1].strip(' ')
state = "INFO"
for entry in vorgabe:
if entry[0] == field:
if str(entry[1]) != str(val):
state = "WARN"
results.append([title + " (" + str(field) + ")", str(val), str(state), "Kernel"])
if printRes:
print_results()
def check_securexl(printRes = False):
global results
title = "SecureXL"
feature = False
out, err = func.execute_command("fwaccel stat | grep -v Template")
for line in out:
state = "FAIL"
data = line.strip('\n').split('|')
if len(data) < 4 or data[1].replace(" ","") == "" or data[1].replace(" ","") == "Id":
continue
id = data[1].replace(" ", "")
type = data[2].replace(" ", "")
status = data[3].replace(" ", "")
if status != "enabled":
state = "WARN"
else:
state = "PASS"
feature = True
results.append([title + " (Instance: " + id + ", Name: " + type + ", Status: " + status + ")", "", state, "SecureXL"])
if feature:
out, err = func.execute_command("fwaccel stat| grep Templates | sed s/\ \ */\/g| sed s/Templates//g")
for line in out:
state = "FAIL"
data = line.strip('\n').split(":")
if len(data) < 2:
continue
if "disabled" in data[1]:
state = "WARN"
if "enabled" in data[1]:
state = "PASS"
results.append([title + " (" + data[0] + " Templates)", data[1], state, "SecureXL"])
out, err = func.execute_command("fwaccel stats -s | sed 's/ */ /g' | sed 's/\t/ /g'")
for line in out:
state = "PASS"
data = line.strip('\n').split(":")
if len(data) < 2:
continue
field = data[0].strip(' ')
valraw = data[1].strip(' ').split(" ")
valnum = valraw[0]
valper = int(str(valraw[1]).replace('(','').replace(')','').replace('%',''))
if "Accelerated conns" in field and valper < 30:
state = "WARN"
if "Accelerated pkts" in field and valper < 50:
state = "WARN"
if "F2Fed" in field and valper > 40:
state = "FAIL"
results.append([title + " (" + field + ")", valnum + "(" + str(valper) + "%)", state, "SecureXL"])
if printRes:
print_results()
def check_multiq(printRes = False):
global results
title = "Multi Queue"
if func.fwVersion == "R80.40":
out, err = func.execute_command("mq_mng --show -a")
else:
out, err = func.execute_command("cpmq get -a")
multiq_enabled = "FAIL"
multiq_possible = "FAIL"
detail_pos = ""
detail_en = ""
out_str = out.read()
err_str = err.read()
if "NO MULTIQUEUE SUPPORTED" in out_str.upper() or "NO MULTIQUEUE SUPPORTED" in err_str.upper():
multiq_possible = "WARN"
detail_pos = "No IGBx interfaces"
multiq_enabled = "INFO"
detail_en = "not possible"
else:
add_if = False
iflist = ""
iflist_on = ""
for line in out_str.split('\n'):
if "Active igb" in line or "Active ixgbe" in line:
multiq_enabled = "WARN"
multiq_possible = "INFO"
add_if = True
if "[On]" in line:
multiq_enabled = "PASS"
multiq_possible = "PASS"
if iflist_on != "":
iflist_on = iflist_on + ", "
iflist_on = iflist_on + line.split(" ")[0]
if line == "":
add_if = False
if add_if and not "ACTIVE" in line.upper():
if iflist != "":
iflist = iflist + ", "
iflist = iflist + line.split(" ")[0]
detail_pos = iflist
if iflist_on != "":
detail_en = iflist_on
else:
detail_en = "none"
results.append([title + " (Available Interfaces)", detail_pos, multiq_possible, "Firewall"])
results.append([title + " (Enabled Interfaces)", detail_en, multiq_enabled, "Firewall"])
if printRes:
print_results()
def modify_access_rule(alname, ruid, mod):
global modified
api_checklogin()
out, err = func.execute_command(
"mgmt_cli -s " + sessionid + " set access-rule uid " + ruid +
" layer '" + alname + "' " + mod + " --format json", True)
modified = True
def run_check(self):
stat = [["URL Filtering", "urlf", 0], ["AntiBot", "antimalware", 0],
["AntiVirus", "antimalware", 1],
["Application Control", "appi", 0]]
i = 0
oldcmd = ""
while i < len(stat):
newcmd = "cpstat -f update_status " + stat[i][
1] + " | grep 'Update status'"
if oldcmd != newcmd:
out, err = func.execute_command(newcmd)
oldcmd = newcmd
data = out.read().split('\n')
val = stat[i][2]
line = data[val].split(':')[1].strip(' ').strip('\n')
state = "FAIL"
detail = ""
if line == "-" or line == "":
state = "INFO"
detail = "not active"
if line == "up-to-date":
state = "PASS"
detail = "up-to-date"
self.add_result(self.title + " (" + stat[i][0] + ")", state,
detail)
i = i + 1
def mgmt_api_fetcher(cmd, loopobj=""):
results = []
logme.loader()
last = 0
moreData = True
pager = ""
while moreData:
logme.loader()
if loopobj != "":
pager = " limit 50 offset " + str(last)
out, err = func.execute_command("mgmt_cli -r true " + cmd + pager +
" --format json")
logme.loader()
data = json.load(out)
if 'to' in data:
if data['to'] >= data['total']:
moreData = False
else:
last = data['to']
else:
moreData = False
if loopobj != "":
for o in data[loopobj]:
logme.loader()
results.append(o)
else:
return data
return results
def delete_access_rule(alname, ruid):
global modified
api_checklogin()
out, err = func.execute_command(
"mgmt_cli -s " + sessionid + " delete access-rule uid " + ruid +
" layer " + alname, True)
modified = True
def mgmt_check_malware_classification(printRes=False):
global results
title = "Check Malware Classification Config"
out, err = func.execute_command(
'cat /opt/CPsuite-R80.30/fw1/conf/malware_config | grep -A 5 "resource_classification_mode"'
)
for line in out:
if "=" in line:
tmp = line.strip('\n').strip(' ').split('=')
state = "WARN"
service = tmp[0]
if tmp[1] == "bg":
action = "background"
else:
action = tmp[1]
if service == "dns" and action == "background":
state = "PASS"
if (service == "http" or service == "smb" or service == "smtp"
or service == "ftp") and action == "policy":
state = "PASS"
results.append([
title + " [Service: " + service + "]", action, state,
"Threat Prevention"
])
if printRes:
print_results()
def check_clusterxl_release(printRes=False):
global results
title = "Checking ClusterXL Multiversion"
state = "INFO"
handle = False
out, err = func.execute_command("cphaprob release")
for line in out:
tmp = line.strip('\n')
if handle and tmp != "":
a = tmp.split()
if "Mismatch" in a[len(a) - 1]:
detail = a[len(a) - 3] + " " + a[len(a) - 2] + " " + a[len(a) -
1]
state = "WARN"
else:
detail = a[len(a) - 2] + " " + a[len(a) - 1]
id = tmp.replace(detail, '').strip(' ')
results.append(
[title + " [ID: " + id + "]", detail, state, "ClusterXL"])
if "ID" in tmp:
handle = True
if printRes:
print_results()
def fetch_all_objects():
global hosts
global networks
cmds = ['hosts', 'networks']
for c in cmds:
if c == 'hosts' and len(hosts) > 0:
break
if c == 'networks' and len(networks) > 0:
break
last = 0
moreData = True
while moreData:
out, err = func.execute_command("mgmt_cli -r true show " + c +
" limit 50 offset " + str(last) +
" --format json")
data = json.load(out)
if data['to'] >= data['total']:
moreData = False
else:
last = data['to']
for o in data['objects']:
if c == "hosts":
hosts.append(o)
if c == "networks":
networks.append(o)
print(hosts)
print(networks)
def check_log_system(printRes=False):
global results
logme.loader()
FWDIR = func.get_path("FWDIR")
CPDIR = func.get_path("CPDIR")
title = "Checking logs"
#
# Format: [file, search, exclude]
#
logfiles = [["/var/log/messages*", "fail|error", "xpand|failover"],
[CPDIR + "/log/cpd.elg", "fail|error", "PROVIDER-1|PA_status"]]
if func.isFirewall():
logfiles.append(
["/var/log/routed.log", "fail|error", "xpand|failover"])
logfiles.append([FWDIR + "/log/fwd.elg", "failed", "discntd"])
if func.isManagement():
logfiles.append([FWDIR + "/log/fwm.elg", "failed", "none"])
for log in logfiles:
logme.loader()
out, err = func.execute_command('cat ' + log[0] + ' | grep -viE "(' +
log[2] + ')" | grep -icE "(' + log[1] +
')"')
out = out.read().strip('\n')
state = "PASS"
detail = ""
if out != "0":
state = "FAIL"
detail = out + " messages"
results.append(
[title + " (" + log[0] + ")", detail, state, "Log Files"])
if printRes:
print_results()
def check_clusterxl_pnote(printRes=False):
global results
title = "Checking ClusterXL PNotes"
logme.loader()
out, err = func.execute_command("cpstat ha -f all")
t = False
table = ""
for line in out:
if line.strip(" ").strip('\n') == "":
t = False
if t and "|" in line and not "Descr" in line and not "-----" in line:
data = line.split('|')
p_name = data[1].strip(' ')
p_stat = data[2].strip(' ')
if p_stat != "OK":
state = "FAIL"
detail = p_stat
else:
state = "PASS"
detail = ""
results.append(
[title + " [" + p_name + "]", detail, state, "ClusterXL"])
if "Problem Notification table" in line:
t = True
if printRes:
print_results()
def check_licensing(printRes=False):
global results
title = "Checking licensing"
logme.loader()
out, err = func.execute_command(
"cpstat os -f licensing | grep '|' | awk 'NR>1 {print $0}'")
for line in out:
logme.loader()
state = "FAIL"
data = line.strip('\n').split('|')
blade = data[2].strip(" ")
status = data[3].strip(" ")
expiration = data[4].strip(" ")
active = data[6].strip(" ")
quota = data[7].strip(" ")
used = data[8].strip(" ")
if status == "Not Entitled":
state = "INFO"
if status == "Expired" and active == "0":
state = "WARN"
if status == "Entitled":
state = "PASS"
results.append(
[title + " (Blade: " + blade + ")", status, state, "Licensing"])
if printRes:
print_results()
def check_multik_stat(printRes=False):
global results
title = "Checking CoreXL connections"
logme.loader()
stats = []
out, err = func.execute_command("fw ctl multik stat")
for line in out:
if not "ID" in line and not "-----" in line:
data = line.split('|')
id = data[0].strip(' ')
active = data[1].strip(' ')
cpu = int(data[2])
conns = int(data[3])
peak = int(data[4])
stats.append([active, cpu, conns, peak])
state = "PASS"
detail = ""
for a in stats:
for b in stats:
if int(a[2]) > (int(b[2]) * 1.5) or int(a[3]) > (int(b[3]) * 1.3):
#print(str(a[2]) + " vs " + str(b[2]))
state = "WARN"
detail = "check CoreXL balancing"
results.append([title, detail, state, "CoreXL"])
if printRes:
print_results()
def check_blade_update(printRes=False):
global results
title = "Check blade update status"
stat = [["URL Filtering", "urlf", 0], ["AntiBot", "antimalware", 0],
["AntiVirus", "antimalware", 1],
["Application Control", "appi", 0]]
i = 0
oldcmd = ""
while i < len(stat):
logme.loader()
newcmd = "cpstat -f update_status " + stat[i][
1] + " | grep 'Update status'"
if oldcmd != newcmd:
out, err = func.execute_command(newcmd)
oldcmd = newcmd
data = out.read().split('\n')
val = stat[i][2]
line = data[val].split(':')[1].strip(' ').strip('\n')
state = "FAIL"
detail = ""
if line == "-" or line == "":
state = "INFO"
detail = "not active"
if line == "up-to-date":
state = "PASS"
detail = "up-to-date"
results.append(
[title + " (" + stat[i][0] + ")", detail, state, "Updates"])
i = i + 1
if printRes:
print_results()
def run(self):
if self.supported:
self.debug(2, 'Class is supported, running check..')
if self.commandOut == "":
if self.isCommand:
out, err = func.execute_command(self.command)
self.commandOut = out.read().split('\n')
self.commandErr = err.read().split('\n')
else:
self.commandOut = eval(self.command)
if isinstance(self.commandOut, list):
self.commandOut = list(filter(None, self.commandOut))
self.debug(4, '-----------------------------')
self.debug(4, 'commandOut:')
for o in self.commandOut:
self.debug(5, str(o))
self.debug(4, '-----------------------------')
if isinstance(self.commandErr, list):
self.commandErr = list(filter(None, self.commandErr))
self.debug(5, 'commandErr:')
for o in self.commandErr:
self.debug(5, str(o))
self.debug(5, '-----------------------------')
self.run_check()
return self.results
else:
return self.supported
def mgmt_fetch_uid_firewall_properties():
logme.loader()
out, err = func.execute_command(
'mgmt_cli show-generic-objects name "firewall_properties" -r true -f json'
)
data = json.load(out)
return data['objects'][0]['uid']
def check_clusterxl_state(printRes=False):
global results
title = "Checking ClusterXL state"
logme.loader()
#kernel.print_kernel(False, "fw", "fwha_cluster_instance_id")
#kernel_clusterid = kernel.get_results(True)
if func.isCluster():
# clusterid is set
out, err = func.execute_command(
"cphaprob state | head -n 7 | tail -n 2 | sed 's/(local)//g' | awk '{ print $5,$4 }'"
)
for line in out:
data = line.strip('\n').split(" ")
node = data[0]
stat = data[1]
state = "PASS"
detail = stat
if stat != "ACTIVE" and stat != "STANDBY":
state = "FAIL"
detail = stat
results.append(
[title + " (" + node + ")", detail, state, "ClusterXL"])
else:
results.append([title, "not cluster member!", "PASS", "ClusterXL"])
if printRes:
print_results()
def api_logout():
global loggedin
global modified
if loggedin:
if modified:
api_publish()
out, err = func.execute_command('mgmt_cli logout -s ' + sessionid)
loggedin = False
def fwkern_get_ifaces():
global local_ips
ipaddr = []
out, err = func.execute_command("ifconfig | grep 'inet addr'")
for line in out:
tmp = line.replace('inet addr:','').split()
ipaddr.append(tmp[0])
local_ips = ipaddr
def check_memory(printRes=False):
global results
title = "Checking memory usage"
mem_total = 0
mem_avg = 0
mem_peak = 0
dbcur = func.execute_sqlite_query(
"select max(real_total) from UM_STAT_UM_MEMORY;")
for row in dbcur:
logme.loader()
mem_total = row[0]
dbcur = func.execute_sqlite_query(
"select avg(real_used) from UM_STAT_UM_MEMORY;")
for row in dbcur:
logme.loader()
mem_avg = row[0]
dbcur = func.execute_sqlite_query(
"select max(real_used) from UM_STAT_UM_MEMORY;")
for row in dbcur:
logme.loader()
mem_peak = row[0]
dbcur.close()
mem_avg_used = int(str(mem_avg / mem_total * 100).split(".")[0])
mem_peak_used = int(str(mem_peak / mem_total * 100).split(".")[0])
state = "PASS"
if mem_avg_used > 70:
state = "WARN"
if mem_avg_used > 90:
state = "FAIL"
results.append(
[title + " (average)",
str(mem_avg_used) + "%", state, "Memory"])
state = "PASS"
if mem_peak_used > 80:
state = "WARN"
results.append(
[title + " (peak)",
str(mem_peak_used) + "%", state, "Memory"])
out, err = func.execute_command(
"free -g | grep -i swap | awk '{print $3,$4}'")
data = out.read().strip('\n').split(" ")
used = data[0]
avail = data[1]
percent = str(int(used) / int(avail) * 100).split(".")[0]
state = "WARN"
if percent == "0":
state = "PASS"
results.append([title + " (swap)", percent + "%", state, "Memory"])
if printRes:
print_results()
def fetch_all_access_layer():
global layers
if len(layers) < 1:
out, err = func.execute_command(
'mgmt_cli -r true show access-layers --format json')
data = json.load(out)
for p in data['access-layers']:
if p['type'] == "access-layer":
layers.append([p['uid'], p['name']])
def mgmt_check_ica_certs(kind='SIC', printRes=False):
global results
logme.loader()
title = "Checking ICA/" + kind + " Certs"
certs = {}
process = True
out, err = func.execute_command("cpca_client lscert -kind " + kind)
for line in out:
logme.loader()
tmp = line.replace(" = ", "=")
if "Subject" in tmp:
tmp_subject = tmp.strip('\n').replace('Subject=', '')
if "Kind" in tmp:
tmp_line = tmp.strip('\n').split()
tmp_status = tmp_line[0].replace('Status=', '')
tmp_kind = tmp_line[1].replace('Kind=', '')
tmp_serial = tmp_line[2].replace('Serial=', '')
if "Revoked" in tmp:
process = False
else:
process = True
if tmp_subject in certs:
if "Valid" in tmp_status:
process = True
else:
process = False
if "Not_Before" in tmp:
tmp_dates = tmp.strip('\n').split('_')
tmp_from = tmp_dates[1].replace('Before: ',
'').replace('Not', '').strip(' ')
tmp_to = tmp_dates[2].replace('After: ', '').strip(' ')
if process:
certs[tmp_subject] = {
"status": tmp_status,
"kind": tmp_kind,
"serial": tmp_serial,
"valid_from": tmp_from,
"valid_to": tmp_to
}
date_w = datetime.datetime.now()
date_w = date_w + datetime.timedelta(weeks=+12)
date_f = datetime.datetime.now()
date_f = date_f + datetime.timedelta(weeks=+4)
for c in certs:
detail = certs[c]['valid_to']
date_a = datetime.datetime.strptime(certs[c]['valid_to'],
'%a %b %d %H:%M:%S %Y')
state = "PASS"
if date_w > date_a:
state = "WARN"
if date_f > date_a:
state = "FAIL"
results.append(
[title + " [" + c[:21] + "]", detail, state, "Certificates"])
if printRes:
print_results()
def mgmt_check_vpn_prop_s2s(table1, table2, fname):
global results
logme.loader()
title = "VPN-" + fname + " Proposals"
out, err = func.execute_command('mgmt_cli -r true ' + table1 + ' -f json')
data = json.load(out)
for p in data['objects']:
logme.loader()
out1, err1 = func.execute_command('mgmt_cli -r true ' + table2 +
' uid ' + p['uid'] + ' -f json')
data1 = json.load(out1)
logme.loader()
(detail, state) = mgmt_check_vpn_prop_s2s_item(data1['ike-phase-1'],
data1['ike-phase-2'])
results.append([
title + " [" + data1['name'] + "]", detail, state,
"VPN Communities"
])
logme.loader()
def check_table_overflow(printRes=False):
global results
title = "Check kernel table overflow"
logme.loader()
tables = ['connections', 'fwx_cache']
for t in tables:
logme.loader()
out, err = func.execute_command("fw tab -t " + t + " | grep limit")
out = out.read().strip('\n').split(',')
if out[len(out) - 1].strip(' ') == "unlimited":
results.append(
[title + " [" + t + "]", "unlimited", "PASS", "Firewall"])
else:
logme.loader()
t_limit = int(out[len(out) - 1].replace('limit ', '').strip(' '))
out, err = func.execute_command("fw tab -t " + t + " -s | grep " +
t)
out = out.read().strip('\n').split()
t_peak = int(out[4])
t_val = int(out[3])
m = False
if t_peak > (t_limit * 0.9):
results.append([
title + " [" + t + "]",
"peak: " + str(t_peak) + "/" + str(t_limit), "WARN",
"Firewall"
])
m = True
if t_val > (t_limit * 0.9):
results.append([
title + " [" + t + "]",
"current: " + str(t_val) + "/" + str(t_limit), "FAIL",
"Firewall"
])
m = True
if not m:
results.append([
title + " [" + t + "]",
str(t_val) + "/" + str(t_limit), "PASS", "Firewall"
])
if printRes:
print_results()
def mgmt_fetch_firewall_properties():
global config
logme.loader()
if not 'firewall_properties' in config:
uid = mgmt_fetch_uid_firewall_properties()
logme.loader()
out, err = func.execute_command('mgmt_cli show generic-object uid "' +
uid + '" -r true -f json')
data = json.load(out)
config['firewall_properties'] = data
return config
