Monday, November 4, 2019

FortiOS config grabber using the API and cURL

As you probably know, I like curl and here's a simple configuration grabber than will work on Fortigates that has a API_USER.

https://en.wikipedia.org/wiki/CURL


This script will pull the complete configuration in a multi-vdom setup. And is simple and effective at grabbing a in-the-clear configuration from a fortigate using a API call

"/api/v2/monitor/system/config/backup/"

The basic meat of my script has the following, you can customize to meet your requirements.



SOCPUP1>cat fgtcfggrabber.sh 
#/bin/bash
# socpups  http://socpuppet.blogspot.com/
# rev 1.0  July 2 2019 test in fortiOS 6.Xs versions
#

# check for help

if [ "$1" == "-h" ]; then
  echo "Usage: scriptname hostname token_key "
  echo ""
  echo "Example:  <scriptname.sh> 193.0.2.88 MyBigLongAPI_KeyHereBlahBlahBlah"
  # bye bye 
  exit 0
fi

# check if no value set for cli 

if [ -z "$1" ]; then
  echo "Please provide hostname and key"
  echo "Use  -h  to see usage  example!"
  exit 0
fi



# grab confgurations from fortigate appliance that has API  
# NET-SEC Engineer "kfelix@socpuppets.com" Ken Felix
#
#  API_USER must have access write to FGT and vdoms

# set date for curl to write the file name

D=`date +%F_%T%S`

curl  -k -o $1_$D.conf  -H  "Authorization: Bearer $2" "https://$1/api/v2/monitor/system/config/backup/?scope=global&amp;access_token=$2"


exit 



The script will dump the configuration out via curl into the named filed






You can play around with the script to suit your needs and desires. You could probably apply the same API_KEY and for loop the scripts against a set of FGT on a cron job to grab the configurations like daily/weekly/monthly.

Other options would be to redirect to mail and sendmail the configuration file to a mail-list or user




Upon execution, the output would be direct to the systemmail.

 








NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o

        /  \


No comments:

Post a Comment