FORTIGATE - Configuration Dump Script
From Wiki.IT-Arts.net
#!/bin/bash
#
# Usage: ./thisScript.sh {IPv4} {PORT}
##### VARIABLES
IP="$1"
PORT="$2"
MESSAGE="Usage: $0 {IPv4} {PORT}"
##### FUNTIONS
is_valid_ipv4() {
local -a octets=( ${1//\./ } )
local RETURNVALUE=0
# return an error if the IP doesn't have exactly 4 octets
[[ ${#octets[@]} -ne 4 ]] && return 1
# return an error if first octet is 0
[[ ${octets[0]} -eq 0 ]] && return 1
for octet in ${octets[@]}
do
if [[ ${octet} =~ ^[0-9]{1,3}$ ]]; then
# shift number by 8 bits, anything larger than 255 will be > 0
((RETURNVALUE += octet>>8 ))
else
# octet wasn't numeric, return error
return 1
fi
done
return ${RETURNVALUE}
}
##### TESTS
# SSH binary
if ! [ -x /usr/bin/ssh ]; then
echo "Hey Wake up!!! No SSH found!!!"
exit 0
fi
##### SCRIPT
echo "##################################################################"
echo "Dump Fortigate..."
# Test IPv4 validity
is_valid_ipv4 ${IP};
if ! [[ $? -eq 0 ]]; then
echo "IPv4 is not valid"
echo $MESSAGE
exit 1
fi
# Test if port in an integer between 1 and 65535
if ! [[ $PORT -eq $PORT && $PORT -gt 1 && $PORT -lt 65535 ]]; then
echo "Port is not valid"
echo $MESSAGE
exit 1
fi
# Too much arguments
if ! [[ -z "$3" ]]; then
echo "Hey! Have a pause and take coffee!!!"
echo "$0 $1 $2 $3 $4 $5"
echo ">"
echo $MESSAGE
exit 1
fi
# Launch SSH without interactive prompt for RSA key fingerprint
echo "Launch SSH..."
ssh -v -oStrictHostKeyChecking=no admin@$IP -p $PORT 'get sys performance status
diagnose hardware sysinfo cpu
get system interface
fnsysctl ifconfig
diagnose hardware sysinfo
diagnose hardware sysinfo interrupts
diagnose hardware sys mem
diagnose hardware sysinfo iomem
diagnose hardware sysinfo ioports
diagnose hardware sys shm
diagnose hardware sysinfo slab
diagnose firewall packet distribution
get sys performance firewall statistics
diagnose sys session full-stat
';
echo "##################################################################"
exit 0
