Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

nagios check_bl plugin returning (null) in web interface

https://support.nagios.com/forum/viewtopic.php?t=41112

Page 1 of 1

nagios check_bl plugin returning (null) in web interface

Posted: Mon Nov 14, 2016 10:50 am
by linuser
I'm trying to use this perl plugin to check my mailserver for blacklisting. Running nagios core
3.5.1

Code: Select all

#!/usr/bin/perl -w
#
# check_bl plugin for nagios
# $Revision: 1.0 $ 
# 
# Nagios plugin designed to warn you if you mail servers appear in one of the 
# many anti-spam 'blacklists'
#
# By Sam Bashton, Bashton Ltd
# bashton.com/content/nagios-plugins
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

use strict;
#use lib "/usr/lib/nagios/plugins";
use lib "/usr/local/nagios/libexec";
use utils qw($TIMEOUT %ERRORS &print_revision &support);
use Net::DNS;
use vars qw($PROGNAME);
my ($verbose,$host),;
my ($opt_V,$opt_h,$opt_B,$opt_H,$opt_c);
$opt_V = $opt_h = $opt_B = $opt_H = $opt_c = '';
my $state = 'UNKNOWN';
sub print_help();
sub print_usage();

$PROGNAME = "check_bl";

$ENV{'BASH_ENV'}='';
$ENV{'ENV'}='';
$ENV{'PATH'}='';
$ENV{'LC_ALL'}='C';

use Getopt::Long;
Getopt::Long::Configure('bundling');
GetOptions(
       "V"   => \$opt_V,   "version"       => \$opt_V,
  "h"   => \$opt_h,   "help"          => \$opt_h,
  "H=s" => \$opt_H,   "hostname=s"    => \$opt_H,
  "B=s" => \$opt_B,   "blacklists=s"  => \$opt_B,
  "c=s" => \$opt_c,   "critical=s"    => \$opt_c
);

# -h means display verbose help screen
if ($opt_h) { print_help(); exit $ERRORS{'OK'}; }

# -V means display version number
if ($opt_V) {
  print_revision($PROGNAME,'$Revision: 1.0 $ ');
  exit $ERRORS{'OK'};
}

# First check the hostname is OK..
unless ($opt_H) { print_usage(); exit $ERRORS{'UNKNOWN'}; }

if (! utils::is_hostname($opt_H)){
  print "$opt_H is not a valid host name\n";
  print_usage();
  exit $ERRORS{"UNKNOWN"};
}else{
  if ($opt_H =~ /[a-zA-Z]/ )
  # If the host contains letters we assume it's a hostname, not an IP
  {
    $host = lookup($opt_H);
  }
  else { $host = $opt_H }
}


# $opt_c is a count of the blacklists a mail server is in,
# after which state will be CRITICAL rather than WARNING
# By default any listing is CRITICAL
my $critcount = 0;
if ($opt_c) { $critcount = $opt_c };

# $opt_B is a comma seperated list of blacklists
$opt_B = shift unless ($opt_B);
unless ($opt_B) { print_usage(); exit -1 }
my @bls = split(/,/, $opt_B);


# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
  print ("ERROR: No response from BL server (alarm)\n");
  exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);

my %listed; # Hash of blacklists we're listed in.
foreach(@bls)
{
  if (blcheck($host,$_)) { $listed{$_} = 1 }
}

if (scalar(keys(%listed)) == 0) { $state = 'OK' }
elsif (scalar(keys(%listed)) < $critcount) { $state = 'WARNING' }
else { $state = 'CRITICAL' }

if (%listed)
{
  print "Listed at";
  foreach (keys(%listed)) { print " $_" }
  print "\n";
}
else { print "Not black-listed\n" }

exit $ERRORS{$state};

########  Subroutines ==========================


sub print_help() {
  print_revision($PROGNAME,'$Revision: 1.0 $ ');
  print "\n";
  support();
}

sub print_usage () {
  print "Usage: \n";
  print " $PROGNAME -H host -B [blacklist1],[blacklist2] [-c critnum]\n";
  print " $PROGNAME [-h | --help]\n";
  print " $PROGNAME [-V | --version]\n";
}

sub blcheck
{
  my ($ip, $bl) = @_;
  my $lookupip = $ip;
  $lookupip =~
  s/([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/$4.$3.$2.$1.$bl/;
  if (lookup($lookupip)) { return 1 }
  else { return 0 }
}

sub lookup
{
  my $tolookup = shift;
  my $res = Net::DNS::Resolver->new;
  my $query = $res->search($tolookup);
  if ($query)
  {
    foreach my $rr ($query->answer)
    {
      next unless $rr->type eq "A"; # We're not interested in TXT records
      return $rr->address;
    }
  }
}
Just FYI - I found this plugin on our NagiosXI server. It seems to be working fine on my core 3.5.1 server, except when the application tries to perform a service check.

The usage for the script is this:

Code: Select all

-H host -B [blacklist1],[blacklist2] [-c critnum]
From command line I get this:

Code: Select all

bash-4.1$ whoami
nagios
bash-4.1$ ./check_bl -H <ip address> -B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net​
Not black-listed

So, as you can see, it returns "Not black-listed".

My nagios command.cfg directive:

Code: Select all

# Command for blacklist checking
define command{
        command_name    check_mailserver_bl
        command_line    $USER1$/check_bl -H $HOSTADDRESS$ $ARG1$
        }
Here is the relavent part of my server.cfg file

Code: Select all

define service{
        use                             unix-service
        host_name                       mail.server.net
        service_description             Blacklist Status 
        check_command                   check_mailserver_bl!<ip address>!-B zen.spamhaus.org bl.spamcop.net dnsbl.ahbl.org dnsbl.njabl.org dnsbl.sorbs.net virbl.dnsbl.bit.nl rbl.efnet.org phishing.rbl.msrbl.net 0spam.fusionzero.com list.dsbl.org multihop.dsbl.org unconfirmed.dsbl.org will-spam-for-food.eu.org blacklist.spambag.org blackholes.brainerd.net blackholes.uceb.org spamsources.dnsbl.info map.spam-rbl.com ns1.unsubscore.com psbl.surriel.com l2.spews.dnsbl.sorbs.net bl.csma.biz sbl.csma.biz dynablock.njabl.org no-more-funn.moensted.dk ubl.unsubscore.com dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net spamguard.leadmon.net opm.blitzed.org bl.spamcannibal.org rbl.schulte.org dnsbl.ahbl.org virbl.dnsbl.bit.nl combined.rbl.msrbl.net​
        normal_check_interval           30
        retry_check_interval            15
        notification_period             workhours
        notifications_enabled           1
        }
From nagios webUI, the service checks return (null) with a critical condition. Can anyone tell me why nagios is not "seeing" the "Not black-listed" result and displaying it?

Re: nagios check_bl plugin returning (null) in web interface

Posted: Mon Nov 14, 2016 11:12 am
by linuser
Resolved.

In the script I had to change this:

Code: Select all

#use lib "/usr/lib64/nagios/plugins";
use lib "/usr/local/nagios/libexec";
to this

Code: Select all

use lib "/usr/lib64/nagios/plugins";
#use lib "/usr/local/nagios/libexec";
Effectively pointing the script to where my plugin actually was.

Re: nagios check_bl plugin returning (null) in web interface

Posted: Mon Nov 14, 2016 11:20 am
by dwhitfield
Thanks for posting the solution for others!

Is it ok if we lock this up?

Re: nagios check_bl plugin returning (null) in web interface

Posted: Mon Nov 14, 2016 11:31 am
by linuser
Yes. All good!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited