Check um zu Überprüfen ob ein Mailserver auf einer Blacklist ist. Der Check lässt sich auch in Check_MK einbinden, dazu das Script in ~/local/lib/nagios/plugins/ ablegen und eine Regel „Classical active and passive Monitoring checks“ für den Mailserver erstellen. Eine native Check_MK Implementierung folgt noch 😉
check_dnsbl.py
1 Datei(en) 2.05 KB
#!/usr/bin/env python # -*- encoding: utf-8; py-indent-offset: 4 -*- # # check_dnspl.py - Check IP against Blacklist # Use it on your own risk! # # Written 2017 - Maximilian Thoma # # This program is free software; you can redistribute it and/or modify it under the terms of the GNU # General Public License as published by the Free Software Foundation; either version 2 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License along with this program; if not, # write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA # import getopt import sys import socket # Define blacklists to be checked blacklists = [ 'all.s5h.net', 'b.barracudacentral.org', 'bl.emailbasura.org', 'bl.spamcannibal.org', 'bl.spamcop.net', 'blacklist.woody.ch', 'bogons.cymru.com', 'cbl.abuseat.org', # 'cdl.anti-spam.org.cn', 'combined.abuse.ch', 'db.wpbl.info', 'dnsbl-1.uceprotect.net', 'dnsbl-2.uceprotect.net', 'dnsbl-3.uceprotect.net', 'dnsbl.anticaptcha.net', 'dnsbl.cyberlogic.net', 'dnsbl.dronebl.org', 'dnsbl.inps.de', 'dnsbl.sorbs.net', 'drone.abuse.ch', 'drone.abuse.ch', 'duinv.aupads.org', 'dul.dnsbl.sorbs.net', 'dyna.spamrats.com', 'dynip.rothen.com', 'exitnodes.tor.dnsbl.sectoor.de', 'http.dnsbl.sorbs.net', 'ips.backscatterer.org', 'ix.dnsbl.manitu.net', 'korea.services.net', 'misc.dnsbl.sorbs.net', 'noptr.spamrats.com', 'orvedb.aupads.org', 'pbl.spamhaus.org', 'proxy.bl.gweep.ca', 'psbl.surriel.com', 'relays.bl.gweep.ca', 'relays.nether.net', 'sbl.spamhaus.org', 'short.rbl.jp', 'singular.ttk.pte.hu', 'smtp.dnsbl.sorbs.net', 'socks.dnsbl.sorbs.net', 'spam.abuse.ch', 'spam.dnsbl.sorbs.net', 'spam.spamrats.com', 'spambot.bls.digibase.ca', 'spamrbl.imp.ch', 'spamsources.fabel.dk', 'ubl.lashback.com', 'ubl.unsubscore.com', 'virus.rbl.jp', 'web.dnsbl.sorbs.net', 'wormrbl.imp.ch', 'xbl.spamhaus.org', 'z.mailspike.net', 'zen.spamhaus.org', 'zombie.dnsbl.sorbs.net', ] def check_if_valid_host_ip(ip): try: socket.inet_aton(ip) return True except socket.error: return False def revert_ip(ip): x = ip.split('.') return x[3] + '.' + x[2] + '.' + x[1] + '.' + x[0] def bls(olist): x = '' for bl in olist: x += bl + " " return x def log(debug, s): if debug: print s def usage(): print "check_dnsbl.py - Check IP against DNS blacklists.\n" \ " -H, --host <hostname or ip> Hostname or IP\n" \ " -d, --debug Debug Modus\n" \ " -h, --help Help" def main(): try: opts, args = getopt.getopt(sys.argv[1:], "H:dh", ['host=', 'debug', 'help']) except getopt.GetoptError as err: print str(err) sys.exit(2) found_h = False host = None debug = False for o, a in opts: if o in ('-H', '--host'): host = a found_h = True if o in ('-d', '--debug'): debug = True if o in ('-h', '--help'): usage() sys.exit(2) if not found_h: print "-H is not given" usage() sys.exit(2) # print host # print debug # Check if valid Host IP if check_if_valid_host_ip(host) is not True: try: resolved_ip = socket.gethostbyname(host) except socket.gaierror: sys.stderr.write('Unable to make an DNS lookup, provided IP or hostname is invalid.') sys.exit(2) if check_if_valid_host_ip(resolved_ip) is not True: sys.stderr.write('Error no valid IP address.') sys.exit(2) else: ip = resolved_ip else: ip = host # Revert IP rip = revert_ip(ip) # Init variables negative_result_buffer = [] for bl in blacklists: # Init Result result = '' # Build query string q = rip + '.' + bl log(debug, q) # Query DNS try: result = socket.gethostbyname(q) log(debug, "Result: %s" % result) except socket.error: log(debug, "No result") pass if "127.0.0" in result: log(debug, "Found 127.0.0 in result.") negative_result_buffer.append(bl) if len(negative_result_buffer) == 0: print "OK - %s (%s) is not listed at: %s" % (host, ip, bls(blacklists)) sys.exit(0) else: print "CRITICAL - %s (%s) ist listed at: %s" % (host, ip, bls(negative_result_buffer)) sys.exit(2) if __name__ == "__main__": main()
This seems like a great tool for checking RBL. I am looking for a solution that is not related to a agent based check. Is your check able to be used in this method? I am using check_mk 1.4.0p23
1. Have the host check performed by TCP via the Public IP. (already working).
2. Have the host check if it is on a RBL via the same Public IP.
All of this would need to be accomplished without Agent or SNMP.
Thanks, Greg