DNS Blacklist Check

Check um zu Überprüfen ob ein Mailserver auf einer Blacklist ist. Der Check lässt sich auch in Check_MK einbinden, dazu das Script in ~/local/lib/nagios/plugins/ ablegen und eine Regel „Classical active and passive Monitoring checks“ für den Mailserver erstellen. Eine native Check_MK Implementierung folgt noch 😉

#!/usr/bin/env python
# -*- encoding: utf-8; py-indent-offset: 4 -*-

#
# check_dnspl.py - Check IP against Blacklist
# Use it on your own risk!
#
# Written 2017 - Maximilian Thoma
#
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU
# General Public License as published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this program; if not,
# write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
#

import getopt
import sys
import socket

# Define blacklists to be checked
blacklists = [
    'all.s5h.net',
    'b.barracudacentral.org',
    'bl.emailbasura.org',
    'bl.spamcannibal.org',
    'bl.spamcop.net',
    'blacklist.woody.ch',
    'bogons.cymru.com',
    'cbl.abuseat.org',
    # 'cdl.anti-spam.org.cn',
    'combined.abuse.ch',
    'db.wpbl.info',
    'dnsbl-1.uceprotect.net',
    'dnsbl-2.uceprotect.net',
    'dnsbl-3.uceprotect.net',
    'dnsbl.anticaptcha.net',
    'dnsbl.cyberlogic.net',
    'dnsbl.dronebl.org',
    'dnsbl.inps.de',
    'dnsbl.sorbs.net',
    'drone.abuse.ch',
    'drone.abuse.ch',
    'duinv.aupads.org',
    'dul.dnsbl.sorbs.net',
    'dyna.spamrats.com',
    'dynip.rothen.com',
    'exitnodes.tor.dnsbl.sectoor.de',
    'http.dnsbl.sorbs.net',
    'ips.backscatterer.org',
    'ix.dnsbl.manitu.net',
    'korea.services.net',
    'misc.dnsbl.sorbs.net',
    'noptr.spamrats.com',
    'orvedb.aupads.org',
    'pbl.spamhaus.org',
    'proxy.bl.gweep.ca',
    'psbl.surriel.com',
    'relays.bl.gweep.ca',
    'relays.nether.net',
    'sbl.spamhaus.org',
    'short.rbl.jp',
    'singular.ttk.pte.hu',
    'smtp.dnsbl.sorbs.net',
    'socks.dnsbl.sorbs.net',
    'spam.abuse.ch',
    'spam.dnsbl.sorbs.net',
    'spam.spamrats.com',
    'spambot.bls.digibase.ca',
    'spamrbl.imp.ch',
    'spamsources.fabel.dk',
    'ubl.lashback.com',
    'ubl.unsubscore.com',
    'virus.rbl.jp',
    'web.dnsbl.sorbs.net',
    'wormrbl.imp.ch',
    'xbl.spamhaus.org',
    'z.mailspike.net',
    'zen.spamhaus.org',
    'zombie.dnsbl.sorbs.net',
]


def check_if_valid_host_ip(ip):
    try:
        socket.inet_aton(ip)
        return True
    except socket.error:
        return False


def revert_ip(ip):
    x = ip.split('.')
    return x[3] + '.' + x[2] + '.' + x[1] + '.' + x[0]


def bls(olist):
    x = ''
    for bl in olist:
        x += bl + " "
    return x


def log(debug, s):
    if debug:
        print s


def usage():
    print "check_dnsbl.py - Check IP against DNS blacklists.\n" \
          " -H, --host <hostname or ip> Hostname or IP\n" \
          " -d, --debug Debug Modus\n" \
          " -h, --help Help"


def main():
    try:
        opts, args = getopt.getopt(sys.argv[1:], "H:dh", ['host=', 'debug', 'help'])
    except getopt.GetoptError as err:
        print str(err)
        sys.exit(2)

    found_h = False
    host = None
    debug = False

    for o, a in opts:
        if o in ('-H', '--host'):
            host = a
            found_h = True
        if o in ('-d', '--debug'):
            debug = True
        if o in ('-h', '--help'):
            usage()
            sys.exit(2)

    if not found_h:
        print "-H is not given"
        usage()
        sys.exit(2)

    # print host
    # print debug



    # Check if valid Host IP
    if check_if_valid_host_ip(host) is not True:
        try:
            resolved_ip = socket.gethostbyname(host)
        except socket.gaierror:
            sys.stderr.write('Unable to make an DNS lookup, provided IP or hostname is invalid.')
            sys.exit(2)
        if check_if_valid_host_ip(resolved_ip) is not True:
            sys.stderr.write('Error no valid IP address.')
            sys.exit(2)
        else:
            ip = resolved_ip
    else:
        ip = host

    # Revert IP
    rip = revert_ip(ip)

    # Init variables
    negative_result_buffer = []

    for bl in blacklists:
        # Init Result
        result = ''
        # Build query string
        q = rip + '.' + bl
        log(debug, q)

        # Query DNS
        try:
            result = socket.gethostbyname(q)
            log(debug, "Result: %s" % result)
        except socket.error:
            log(debug, "No result")
            pass

        if "127.0.0" in result:
            log(debug, "Found 127.0.0 in result.")
            negative_result_buffer.append(bl)

    if len(negative_result_buffer) == 0:
        print "OK - %s (%s) is not listed at: %s" % (host, ip, bls(blacklists))
        sys.exit(0)
    else:
        print "CRITICAL - %s (%s) ist listed at: %s" % (host, ip, bls(negative_result_buffer))
        sys.exit(2)


if __name__ == "__main__":
    main()

 

Ein Gedanke zu „DNS Blacklist Check

  1. Greg

    This seems like a great tool for checking RBL. I am looking for a solution that is not related to a agent based check. Is your check able to be used in this method? I am using check_mk 1.4.0p23
    1. Have the host check performed by TCP via the Public IP. (already working).
    2. Have the host check if it is on a RBL via the same Public IP.
    All of this would need to be accomplished without Agent or SNMP.
    Thanks, Greg

    Antworten

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.