DNS Blacklist Check

Check um zu Überprüfen ob ein Mailserver auf einer Blacklist ist. Der Check lässt sich auch in Check_MK einbinden, dazu das Script in ~/local/lib/nagios/plugins/ ablegen und eine Regel „Classical active and passive Monitoring checks“ für den Mailserver erstellen. Eine native Check_MK Implementierung folgt noch 😉

#!/usr/bin/env python
# -*- encoding: utf-8; py-indent-offset: 4 -*-

#
# check_dnspl.py - Check IP against Blacklist
# Use it on your own risk!
#
# Written 2017 - Maximilian Thoma
#
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU
# General Public License as published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this program; if not,
# write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
#

import getopt
import sys
import socket

# Define blacklists to be checked
blacklists = [
    'all.s5h.net',
    'b.barracudacentral.org',
    'bl.emailbasura.org',
    'bl.spamcannibal.org',
    'bl.spamcop.net',
    'blacklist.woody.ch',
    'bogons.cymru.com',
    'cbl.abuseat.org',
    # 'cdl.anti-spam.org.cn',
    'combined.abuse.ch',
    'db.wpbl.info',
    'dnsbl-1.uceprotect.net',
    'dnsbl-2.uceprotect.net',
    'dnsbl-3.uceprotect.net',
    'dnsbl.anticaptcha.net',
    'dnsbl.cyberlogic.net',
    'dnsbl.dronebl.org',
    'dnsbl.inps.de',
    'dnsbl.sorbs.net',
    'drone.abuse.ch',
    'drone.abuse.ch',
    'duinv.aupads.org',
    'dul.dnsbl.sorbs.net',
    'dyna.spamrats.com',
    'dynip.rothen.com',
    'exitnodes.tor.dnsbl.sectoor.de',
    'http.dnsbl.sorbs.net',
    'ips.backscatterer.org',
    'ix.dnsbl.manitu.net',
    'korea.services.net',
    'misc.dnsbl.sorbs.net',
    'noptr.spamrats.com',
    'orvedb.aupads.org',
    'pbl.spamhaus.org',
    'proxy.bl.gweep.ca',
    'psbl.surriel.com',
    'relays.bl.gweep.ca',
    'relays.nether.net',
    'sbl.spamhaus.org',
    'short.rbl.jp',
    'singular.ttk.pte.hu',
    'smtp.dnsbl.sorbs.net',
    'socks.dnsbl.sorbs.net',
    'spam.abuse.ch',
    'spam.dnsbl.sorbs.net',
    'spam.spamrats.com',
    'spambot.bls.digibase.ca',
    'spamrbl.imp.ch',
    'spamsources.fabel.dk',
    'ubl.lashback.com',
    'ubl.unsubscore.com',
    'virus.rbl.jp',
    'web.dnsbl.sorbs.net',
    'wormrbl.imp.ch',
    'xbl.spamhaus.org',
    'z.mailspike.net',
    'zen.spamhaus.org',
    'zombie.dnsbl.sorbs.net',
]


def check_if_valid_host_ip(ip):
    try:
        socket.inet_aton(ip)
        return True
    except socket.error:
        return False


def revert_ip(ip):
    x = ip.split('.')
    return x[3] + '.' + x[2] + '.' + x[1] + '.' + x[0]


def bls(olist):
    x = ''
    for bl in olist:
        x += bl + " "
    return x


def log(debug, s):
    if debug:
        print s


def usage():
    print "check_dnsbl.py - Check IP against DNS blacklists.\n" \
          " -H, --host <hostname or ip> Hostname or IP\n" \
          " -d, --debug Debug Modus\n" \
          " -h, --help Help"


def main():
    try:
        opts, args = getopt.getopt(sys.argv[1:], "H:dh", ['host=', 'debug', 'help'])
    except getopt.GetoptError as err:
        print str(err)
        sys.exit(2)

    found_h = False
    host = None
    debug = False

    for o, a in opts:
        if o in ('-H', '--host'):
            host = a
            found_h = True
        if o in ('-d', '--debug'):
            debug = True
        if o in ('-h', '--help'):
            usage()
            sys.exit(2)

    if not found_h:
        print "-H is not given"
        usage()
        sys.exit(2)

    # print host
    # print debug



    # Check if valid Host IP
    if check_if_valid_host_ip(host) is not True:
        try:
            resolved_ip = socket.gethostbyname(host)
        except socket.gaierror:
            sys.stderr.write('Unable to make an DNS lookup, provided IP or hostname is invalid.')
            sys.exit(2)
        if check_if_valid_host_ip(resolved_ip) is not True:
            sys.stderr.write('Error no valid IP address.')
            sys.exit(2)
        else:
            ip = resolved_ip
    else:
        ip = host

    # Revert IP
    rip = revert_ip(ip)

    # Init variables
    negative_result_buffer = []

    for bl in blacklists:
        # Init Result
        result = ''
        # Build query string
        q = rip + '.' + bl
        log(debug, q)

        # Query DNS
        try:
            result = socket.gethostbyname(q)
            log(debug, "Result: %s" % result)
        except socket.error:
            log(debug, "No result")
            pass

        if "127.0.0" in result:
            log(debug, "Found 127.0.0 in result.")
            negative_result_buffer.append(bl)

    if len(negative_result_buffer) == 0:
        print "OK - %s (%s) is not listed at: %s" % (host, ip, bls(blacklists))
        sys.exit(0)
    else:
        print "CRITICAL - %s (%s) ist listed at: %s" % (host, ip, bls(negative_result_buffer))
        sys.exit(2)


if __name__ == "__main__":
    main()

 

1 Gedanke zu „DNS Blacklist Check“

  1. This seems like a great tool for checking RBL. I am looking for a solution that is not related to a agent based check. Is your check able to be used in this method? I am using check_mk 1.4.0p23
    1. Have the host check performed by TCP via the Public IP. (already working).
    2. Have the host check if it is on a RBL via the same Public IP.
    All of this would need to be accomplished without Agent or SNMP.
    Thanks, Greg

    Antworten

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.