FortiGateで「fnsysctl [コマンド名]」と実行するとLinuxコマンドが実行できます。
検証環境
FortiGate-VM v6.4.3
Linuxコマンド
使用できるLinuxコマンドです。他にもあるかもしれません。
基本的なコマンド
ls
fortigate # fnsysctl ls -h usage: ls [-aAl] [file ...] fortigate # fnsysctl ls bin boot cdrom data data2 dev etc fortidev init lib migadmin node-scripts proc root sbin sys tmp usr var
pwd
fortigate # fnsysctl pwd /
cat
v6.4.3ではprocファイルしか見られませんでした。制限が掛かっているのか、procファイル以外だと「Not allowed」となります。
ファームウェアによってはprocファイル以外も見られるみたいです。
fortigate # fnsysctl cat /proc/version Linux version 3.2.16 (root@build) (gcc version 7.3.1 20180425 (Linaro GCC 7.3-2018.05) ) #2 SMP Wed Oct 21 19:53:17 UTC 2020 fortigate # fnsysctl cat /etc/nsswitch.conf cat: /etc/nsswitch.conf: Not allowed
grep
fortigate # fnsysctl grep
Usage: grep [-ilHhnqvscABC] PATTERN [FILE...]
Options:
-i Ignore case distinctions
-l List names of files that match
-H Prefix output lines with filename where match was found
-h Suppress the prefixing filename on output
-n Print line number with output lines
-q Quiet
-v Select non-matching lines
-s Suppress file open/read error messages
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context
cli_grep
fortigate # fnsysctl cli_grep
Usage: grep [-ilHhnqvscABC] PATTERN [FILE...]
Options:
-i Ignore case distinctions
-l List names of files that match
-H Prefix output lines with filename where match was found
-h Suppress the prefixing filename on output
-n Print line number with output lines
-q Quiet
-v Select non-matching lines
-s Suppress file open/read error messages
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context
mv
「super_admin」で認証が必要です。
# fnsysctl mv Admin: Password: usage: mv [-f] src dst
ネットワーク
ifconfig
fortigate # fnsysctl ifconfig port1
port1 Link encap:Ethernet HWaddr 00:0D:3A:CD:ED:01
inet addr:10.1.0.4 Bcast:10.1.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60305 errors:0 dropped:0 overruns:0 frame:0
TX packets:49399 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48333018 (46.1 MB) TX bytes:19417886 (18.5 MB)
fortigate # fnsysctl ifconfig ssl.root
ssl.root Link encap:Unknown
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:580 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:2 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43970 (42.9 KB) TX bytes:0 (0 Bytes)
プロセス管理
ps
fortigate # fnsysctl ps PID UID GID STATE CMD 1 0 0 S /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2 0 0 S [kthreadd] 3 0 0 S [ksoftirqd/0] 6 0 0 S [migration/0] 7 0 0 S [watchdog/0] 8 0 0 S [migration/1] ...
kill
fortigate # fnsysctl kill
usage: kill [ -s signal ] pid ...
kill -l [ signal ]
killall
fortigate # fnsysctl killall
usage: killall [ -s signal ] Name ...
killall -l [ signal ]
ディスク使用量
du
fortigate # fnsysctl du -h
Summarize disk space used for each FILE and/or directory
-a Show file sizes too
-L Follow all symlinks
-H Follow symlinks on command line
-d N Limit output to directories (and files with -a) of depth < N
-c Show grand total
-l Count sizes many times if hard linked
-s Display only a total for each argument
-x Skip directories on different filesystems
-i Show number of inodes
fortigate # fnsysctl du
0 ./cdrom
28 ./migadmin/api/v2/monitor_schema/extender-controller
40 ./migadmin/api/v2/monitor_schema/firewall
4 ./migadmin/api/v2/monitor_schema/fortianalyzer
40 ./migadmin/api/v2/monitor_schema/wifi
...
df
fortigate # fnsysctl df Usage: df [-hkm] [FILE] ... fortigate # fnsysctl df -h Filesystem Size Used Available Use% Mounted on none 7.2G 40.7M 7.1G 1% /tmp none 7.2G 1.6M 7.2G 0% /dev/shm none 7.2G 309.7M 6.9G 4% /dev/cmdb /dev/sda1 123.9M 103.7M 13.8M 88% /data /dev/sda2 1.8G 105.0M 1.6G 6% /data2 /dev/sdc1 29.5G 173.1M 27.8G 1% /var/log
