FortiGateで「fnsysctl [コマンド名]」と実行するとLinuxコマンドが実行できます。
検証環境
FortiGate-VM v6.4.3
Linuxコマンド
使用できるLinuxコマンドです。他にもあるかもしれません。
基本的なコマンド
ls
fortigate # fnsysctl ls -h usage: ls [-aAl] [file ...] fortigate # fnsysctl ls bin boot cdrom data data2 dev etc fortidev init lib migadmin node-scripts proc root sbin sys tmp usr var
pwd
fortigate # fnsysctl pwd /
cat
v6.4.3ではprocファイルしか見られませんでした。制限が掛かっているのか、procファイル以外だと「Not allowed」となります。
ファームウェアによってはprocファイル以外も見られるみたいです。
fortigate # fnsysctl cat /proc/version Linux version 3.2.16 (root@build) (gcc version 7.3.1 20180425 (Linaro GCC 7.3-2018.05) ) #2 SMP Wed Oct 21 19:53:17 UTC 2020 fortigate # fnsysctl cat /etc/nsswitch.conf cat: /etc/nsswitch.conf: Not allowed
grep
fortigate # fnsysctl grep Usage: grep [-ilHhnqvscABC] PATTERN [FILE...] Options: -i Ignore case distinctions -l List names of files that match -H Prefix output lines with filename where match was found -h Suppress the prefixing filename on output -n Print line number with output lines -q Quiet -v Select non-matching lines -s Suppress file open/read error messages -c Only print count of matching lines -A Print NUM lines of trailing context -B Print NUM lines of leading context -C Print NUM lines of output context
cli_grep
fortigate # fnsysctl cli_grep Usage: grep [-ilHhnqvscABC] PATTERN [FILE...] Options: -i Ignore case distinctions -l List names of files that match -H Prefix output lines with filename where match was found -h Suppress the prefixing filename on output -n Print line number with output lines -q Quiet -v Select non-matching lines -s Suppress file open/read error messages -c Only print count of matching lines -A Print NUM lines of trailing context -B Print NUM lines of leading context -C Print NUM lines of output context
mv
「super_admin」で認証が必要です。
# fnsysctl mv Admin: Password: usage: mv [-f] src dst
ネットワーク
ifconfig
fortigate # fnsysctl ifconfig port1 port1 Link encap:Ethernet HWaddr 00:0D:3A:CD:ED:01 inet addr:10.1.0.4 Bcast:10.1.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60305 errors:0 dropped:0 overruns:0 frame:0 TX packets:49399 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:48333018 (46.1 MB) TX bytes:19417886 (18.5 MB) fortigate # fnsysctl ifconfig ssl.root ssl.root Link encap:Unknown UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:580 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:2 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:43970 (42.9 KB) TX bytes:0 (0 Bytes)
プロセス管理
ps
fortigate # fnsysctl ps PID UID GID STATE CMD 1 0 0 S /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2 0 0 S [kthreadd] 3 0 0 S [ksoftirqd/0] 6 0 0 S [migration/0] 7 0 0 S [watchdog/0] 8 0 0 S [migration/1] ...
kill
fortigate # fnsysctl kill usage: kill [ -s signal ] pid ... kill -l [ signal ]
killall
fortigate # fnsysctl killall usage: killall [ -s signal ] Name ... killall -l [ signal ]
ディスク使用量
du
fortigate # fnsysctl du -h Summarize disk space used for each FILE and/or directory -a Show file sizes too -L Follow all symlinks -H Follow symlinks on command line -d N Limit output to directories (and files with -a) of depth < N -c Show grand total -l Count sizes many times if hard linked -s Display only a total for each argument -x Skip directories on different filesystems -i Show number of inodes fortigate # fnsysctl du 0 ./cdrom 28 ./migadmin/api/v2/monitor_schema/extender-controller 40 ./migadmin/api/v2/monitor_schema/firewall 4 ./migadmin/api/v2/monitor_schema/fortianalyzer 40 ./migadmin/api/v2/monitor_schema/wifi ...
df
fortigate # fnsysctl df Usage: df [-hkm] [FILE] ... fortigate # fnsysctl df -h Filesystem Size Used Available Use% Mounted on none 7.2G 40.7M 7.1G 1% /tmp none 7.2G 1.6M 7.2G 0% /dev/shm none 7.2G 309.7M 6.9G 4% /dev/cmdb /dev/sda1 123.9M 103.7M 13.8M 88% /data /dev/sda2 1.8G 105.0M 1.6G 6% /data2 /dev/sdc1 29.5G 173.1M 27.8G 1% /var/log