#!/usr/bin/env python3
import argparse
import paramiko
import logging
import sys

parser = argparse.ArgumentParser(description="Obtains suricata status of an OPNsense firewall")

parser.add_argument(
    "-v",
    "--verbose",
    dest="verbose",
    action="store_true",
    help="sets logging level to info"
)

parser.add_argument(
    "-i",
    "--keyfile",
    dest="keyfile",
    help="ssh keyfile",
    required=True
)

parser.add_argument(
    "-H",
    "--hostname",
    dest="hostname",
    help="hostname of the device to check",
    required=True
)

parser.add_argument(
    "-U",
    "--username",
    dest="username",
    help="username to log into the device under",
    required=True
)

args = parser.parse_args()

client = paramiko.client.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(str(args.hostname), username=str(args.username), key_filename=str(args.keyfile))
stdin, stdout, stderr = client.exec_command('/usr/local/bin/sudo /bin/ps -p `cat /var/run/suricata.pid`')
stdin.close()
outlines = stdout.readline().strip()
if len(outlines) > 0:
    print("[OK] - Suricata is currently running.")
    sys.exit(0)
else:
    print("[CRITICAL] - Suricata is not currently running.")
    sys.exit(2)