#!/bin/sh # # OpenBSD's pf(4) monitoring for OpenBSD # 2007, Originally by Gergely Czuczy # for FreeBSD systems. Ported and splitted by the # immerda admin team admin(at)immerda.ch # this version is adapted for openbsd and is only tested on # openbsd systems. # # Needs to run as root. # Add "user root" for the [pf] into plugins.conf. # # Options: # - env.do_searches yes: to enable state table search monitoring` # #%# family=auto #%# capabilities=autoconf pfctl='/sbin/pfctl' case $1 in config) cat < /dev/null | awk ' /states/ {print "states.warning "$4*0.9; print "states.critical "$4*0.95}' exit 0 ;; autoconf) # FreeBSD ostype=`uname -s` if [ ${ostype} = "FreeBSD" ]; then # pf(4) module loaded? if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then echo "no (pf(4) is not loaded)" exit 0 fi # enabled? if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then echo "no (pf(4) is not enabled, consult pfctl(8)" exit 0 fi # OpenBSD elif [ ${ostype} = "OpenBSD" ]; then # enabled? if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then echo "no (pf(4) is not enabled, consult pfctl(8)" exit 0 fi # Other OSes else echo "no (this plugin is not supported on your OS)" exit 0 fi echo "yes" exit 0 ;; suggest) exit 0; ;; esac # ${pfctl} -si 2>/dev/null | awk ' /current entries/{print "states.value",$3} /searches/ { print "searches.value",$2}'