3.5.1
Code: Select all
#!/usr/bin/perl -w
#
# check_bl plugin for nagios
# $Revision: 1.0 $
#
# Nagios plugin designed to warn you if you mail servers appear in one of the
# many anti-spam 'blacklists'
#
# By Sam Bashton, Bashton Ltd
# bashton.com/content/nagios-plugins
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
use strict;
#use lib "/usr/lib/nagios/plugins";
use lib "/usr/local/nagios/libexec";
use utils qw($TIMEOUT %ERRORS &print_revision &support);
use Net::DNS;
use vars qw($PROGNAME);
my ($verbose,$host),;
my ($opt_V,$opt_h,$opt_B,$opt_H,$opt_c);
$opt_V = $opt_h = $opt_B = $opt_H = $opt_c = '';
my $state = 'UNKNOWN';
sub print_help();
sub print_usage();
$PROGNAME = "check_bl";
$ENV{'BASH_ENV'}='';
$ENV{'ENV'}='';
$ENV{'PATH'}='';
$ENV{'LC_ALL'}='C';
use Getopt::Long;
Getopt::Long::Configure('bundling');
GetOptions(
"V" => \$opt_V, "version" => \$opt_V,
"h" => \$opt_h, "help" => \$opt_h,
"H=s" => \$opt_H, "hostname=s" => \$opt_H,
"B=s" => \$opt_B, "blacklists=s" => \$opt_B,
"c=s" => \$opt_c, "critical=s" => \$opt_c
);
# -h means display verbose help screen
if ($opt_h) { print_help(); exit $ERRORS{'OK'}; }
# -V means display version number
if ($opt_V) {
print_revision($PROGNAME,'$Revision: 1.0 $ ');
exit $ERRORS{'OK'};
}
# First check the hostname is OK..
unless ($opt_H) { print_usage(); exit $ERRORS{'UNKNOWN'}; }
if (! utils::is_hostname($opt_H)){
print "$opt_H is not a valid host name\n";
print_usage();
exit $ERRORS{"UNKNOWN"};
}else{
if ($opt_H =~ /[a-zA-Z]/ )
# If the host contains letters we assume it's a hostname, not an IP
{
$host = lookup($opt_H);
}
else { $host = $opt_H }
}
# $opt_c is a count of the blacklists a mail server is in,
# after which state will be CRITICAL rather than WARNING
# By default any listing is CRITICAL
my $critcount = 0;
if ($opt_c) { $critcount = $opt_c };
# $opt_B is a comma seperated list of blacklists
$opt_B = shift unless ($opt_B);
unless ($opt_B) { print_usage(); exit -1 }
my @bls = split(/,/, $opt_B);
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print ("ERROR: No response from BL server (alarm)\n");
exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);
my %listed; # Hash of blacklists we're listed in.
foreach(@bls)
{
if (blcheck($host,$_)) { $listed{$_} = 1 }
}
if (scalar(keys(%listed)) == 0) { $state = 'OK' }
elsif (scalar(keys(%listed)) < $critcount) { $state = 'WARNING' }
else { $state = 'CRITICAL' }
if (%listed)
{
print "Listed at";
foreach (keys(%listed)) { print " $_" }
print "\n";
}
else { print "Not black-listed\n" }
exit $ERRORS{$state};
######## Subroutines ==========================
sub print_help() {
print_revision($PROGNAME,'$Revision: 1.0 $ ');
print "\n";
support();
}
sub print_usage () {
print "Usage: \n";
print " $PROGNAME -H host -B [blacklist1],[blacklist2] [-c critnum]\n";
print " $PROGNAME [-h | --help]\n";
print " $PROGNAME [-V | --version]\n";
}
sub blcheck
{
my ($ip, $bl) = @_;
my $lookupip = $ip;
$lookupip =~
s/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/$4.$3.$2.$1.$bl/;
if (lookup($lookupip)) { return 1 }
else { return 0 }
}
sub lookup
{
my $tolookup = shift;
my $res = Net::DNS::Resolver->new;
my $query = $res->search($tolookup);
if ($query)
{
foreach my $rr ($query->answer)
{
next unless $rr->type eq "A"; # We're not interested in TXT records
return $rr->address;
}
}
}The usage for the script is this:
Code: Select all
-H host -B [blacklist1],[blacklist2] [-c critnum]Code: Select all
bash-4.1$ whoami
nagios
bash-4.1$ ./check_bl -H <ip address> -B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net
Not black-listed
So, as you can see, it returns "Not black-listed".
My nagios command.cfg directive:
Code: Select all
# Command for blacklist checking
define command{
command_name check_mailserver_bl
command_line $USER1$/check_bl -H $HOSTADDRESS$ $ARG1$
}
Code: Select all
define service{
use unix-service
host_name mail.server.net
service_description Blacklist Status
check_command check_mailserver_bl!<ip address>!-B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net
normal_check_interval 30
retry_check_interval 15
notification_period workhours
notifications_enabled 1
}