Frater

1. #!/bin/bash
2. #####################################################
3. # check_rbl
4. #####################################################
5. # 17-12-2010 by JP van Melis
6. #
7. # Use at your own risk!
8. #####################################################
9. export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
10.  
11. # If you don't want to use your own DNS-server
12. # Use Google's, Blank it if you want to use the default always.
13. DNServer=8.8.8.8
14. # URL=http://blog.penumbra.be/files/zabbix/rbl_list.txt
15. URL=http://wd.mirmana.com/dnsbl.txt
16. dnsbl=/etc/dnsbl.txt
17. IPAUDITDIR=/home/ipaudit/reports/daily/server2/html
18.  
19. DNSBL=
20. TESTDNSBL=0
21. LISTIPS=0
22. ZABBIX_SENDER=0
23. ZABBIX_CONF=/etc/zabbix/zabbix_agentd.conf
24.  
25. TouchedToday=
26. Time=2
27. DEBUG=0
28.  
29. NAME="$0"
30. [ -z "`which readlink`" ] || NAME="`readlink -f "${NAME}"`"
31. BASENAME=`basename "${NAME}"`
32. reportfile=/var/log/${BASENAME}.report
33.  
34. while getopts zltr:d: name
35. do
36.   case $name in
37.     z)   ZABBIX_SENDER=1;;
38.     l)   LISTIPS=1;;
39.     t)   TESTDNSBL=1;;
40.     r)   reportfile="$OPTARG";;
41.     d)   DNSBL="$OPTARG";;
42.     ?)   printf "Usage: %s: [-d] [-l] [-t] [-r <reportfile>] [(<IP>|<domain>|<file>)]\n" $0
43.     exit 2;;
44.   esac
45. done
46. shift $(($OPTIND - 1))
47.  
48. _exit ()
49. {
50.   rm -f $ftmp1 2>/dev/null
51.   rm -f $ftmp2 2>/dev/null
52.   rm -f $ftmp3 2>/dev/null
53.   exit $1
54. }
55.  
56. if [ ${ZABBIX_SENDER} -eq 1 ] ; then
57.   [ -e ${ZABBIX_CONF} ] || ZABBIX_CONF=/opt${ZABCONF}
58.   if [ ! -e ${ZABBIX_CONF} ] ; then
59.     echo "Unable to find ${ZABBIX_CONF}, can't continue" >&2
60.     exit 1
61.   fi
62.   # zabHOSTNAME=`grep -i ^Hostname ${ZABBIX_CONF} | awk -F= '{print $2}' | awk '{print $1}'`
63. fi
64.  
65. ftmp1=`mktemp`
66. ftmp2=`mktemp`
67. ftmp3=`mktemp`
68.  
69. if [ ${LISTIPS} -eq 0 ] ; then
70.  
71.   # No DNSBL given... use standard file or create one by recursively calling myself
72.   [ -z "${DNSBL}" ] && [ -e ${dnsbl} ] && [ ! -d ${dnsbl} ] && DNSBL="${dnsbl}"
73.   if [ -z "${DNSBL}" ] ; then
74.     echo -e "No ${dnsbl} found...\nI will make an attempt to create one by downloading ${URL}!"
75.     if wget -O $ftmp3 ${URL} 2>/dev/null ; then
76.       lines1=`cat $ftmp3 | wc -l`
77.       # make it look older, so it will get checked next run
78.       touch -d "last week" $ftmp3
79.       echo "Downloaded ${lines1} DNSBL's, I will now recursively call myself to clean the file up!"
80.       $0 -d $ftmp3 -t >${dnsbl}
81.       lines2=`cat ${dnsbl} | wc -l`
82.       if [ $lines2 -eq $lines1 ] ; then
83.         echo "All DNSBL's seem to be valid!"
84.       else
85.         echo -e "Only $lines2 survived the test!\n\nThese were found to be invalid:\n"
86.         while read failed ; do
87.           grep -q "${failed}" ${dnsbl} || echo "${failed}" | awk '{print $1}' | sed 's/\.$//' | sed "s/.*/host -tA -W$Time 2.0.0.127.&. ; host -tA -W$Time 1.0.0.127.&./"
88.         done <$ftmp3
89.       fi
90.       echo -e "\nThe default DNSBL list (${dnsbl}) is created, you should not see this anymore"
91.       _exit 1
92.     else
93.       echo "Download from ${URL} failed"
94.       _exit 1
95.     fi
96.   elif  [[ $DNSBL =~ / ]]; then
97.     # Create list from file
98.     if [ -e "${DNSBL}" ] && [ ! -d "${DNSBL}" ] ; then
99.       if head -n1 "${DNSBL}" | grep -q '^[-0-9A-Za-z_.]* [01]$' ; then
100.         cp -p "${DNSBL}" $ftmp2
101.         TouchedToday="$(find "${DNSBL%/*}" -maxdepth 1 -name "${DNSBL##*/}"  -mtime 0)"
102.       else
103.         awk '{print $1}' "${DNSBL}" | grep -o '[-0-9A-Za-z_.]*' | sed 's/\.$//' >$ftmp2
104.       fi
105.     fi
106.   else
107.     # Create list from command-line parameter
108.     echo "${DNSBL}" | grep -o '[-0-9A-Za-z_.]*' | sed 's/\.$//' >$ftmp2
109.   fi
110.  
111.   # if file is unchecked or its first line doesn't end with ' 0' oe ' 1'
112.   if [ -z "${TouchedToday}" ] ; then
113.     # Check if DNSBL-server is working
114.     while read blacklistline ; do
115.       # remove a trailing dot, so we can add one without making a duplicate
116.       blacklist=`echo "${blacklistline}" | awk '{print $1}' | sed 's/\.$//'`
117.       if host -tA -W$Time 2.0.0.127.${blacklist}. ${DNServer} | grep -q 'has address 127\.0\.0\.' ; then
118.         host -tA -W$Time 1.0.0.127.${blacklist}. ${DNServer} | grep -q 'has address 127\.0\.0\.2' || echo "${blacklist} 1" >>${ftmp3}
119.       elif [ ! -z "${DNServer}" ] ; then
120.         if host -tA -W$Time 2.0.0.127.${blacklist}. | grep -q 'has address 127\.0\.0\.' ; then
121.           host -tA -W$Time 1.0.0.127.${blacklist}. | grep -q 'has address 127\.0\.0\.2' || echo "${blacklist} 0" >>${ftmp3}
122.         fi
123.       fi
124.     done<${ftmp2}
125.   else
126.     cp -p $ftmp2 $ftmp3
127.   fi
128.  
129.   if [ ! -s ${ftmp3} ] ; then
130.     echo "No valid DNSBL-servers found"
131.     _exit 1
132.   elif echo "${DNSBL}" | grep -q '/' ; then
133.     if [ -z "${TouchedToday}" ] ; then
134.       # If a file is used for the DNSBL's then check if all are valid..
135.       # If so, then 'touch it', so it doesn't need checking today.
136.       lines1=`cat "${DNSBL}" | wc -l`
137.       lines2=`cat "${ftmp3}" | wc -l`
138.       [ $lines1 -eq $lines2 ] && touch "${DNSBL}"
139.     fi
140.   fi
141.  
142.   if [ $TESTDNSBL -eq 1 ] ; then
143.     sort -u ${ftmp3}
144.     if [ ${ZABBIX_SENDER} -eq 1 ] ; then
145.       DNSBLS="`cat ${ftmp3}`"
146.       zabbix_sender -c $ZABBIX_CONF -k "dnsbl[dnsbl]" -o "${DNSBLS}" 2>&1 >/dev/null
147.     fi
148.     _exit 0
149.   fi
150.  
151.   [ -s ${ftmp3} ] || exit 1
152. fi
153.  
154. # delete surrounding spaces
155. IPSTOTEST="`echo "$*" | sed 's/^ *//;s/ *$//'`"
156.  
157. if [ -z "${IPSTOTEST}" ] ; then
158.   if [ -d "${IPAUDITDIR}" ] ; then
159.     # check IPaudit's daily list
160.     fname=`ls -1t ${IPAUDITDIR}/*.html 2>/dev/null | head -n1`
161.     [ -e "${fname}" ] && grep -o 'remote_port=25&ip=[0-9.]*' "${fname}" |  awk -F= '{print $3}' | sed 's/^0*//;s/\.0*/./g' >$ftmp1
162.   else
163.     wget -O - http://checkip.dyndns.org/ 2>/dev/null | grep -io 'IP Address: [0-9.]*' | awk '{print $3}' >$ftmp1
164.   fi
165. elif echo "${IPSTOTEST}" | grep -q '/' ; then
166.   [ -e "${IPSTOTEST}" ] && grep -o '[-0-9A-Za-z_.]*' "${IPSTOTEST}" | sed 's/\.$//' >$ftmp1
167. else
168.   echo "${IPSTOTEST}" | grep -o '[-0-9A-Za-z_.]*' | sed 's/\.$//' >$ftmp1
169. fi
170.  
171. # Convert host names to IP's if it's not done already.
172. echo -n '' >$ftmp2
173. while read IP ; do
174.   if echo "${IP}" | egrep -q '^([0-9]{1,3}\.){3}[0-9]{1,3}$' ; then
175.     echo "${IP}" >>$ftmp2
176.   else
177.     # extract all IP's and concatenate domain to it
178.     ResolvedIP="`host -tA "${IP}." | grep -o 'has address [0-9.]*' | awk '{printf "%s ", $3}'`"
179.     [ -z "${ResolvedIP}" ] || echo "${ResolvedIP}${IP}." >>$ftmp2
180.   fi
181. done <$ftmp1
182.  
183. if [ ! -s ${ftmp2} ] ; then
184.   echo "NO IP's found" 2>/dev/null
185.   _exit 1
186. fi
187.  
188. if [ ${LISTIPS} -eq 1 ] ; then
189.   cat ${ftmp2}
190.  
191.   if [ ${ZABBIX_SENDER} -eq 1 ] ; then
192.     IPS="`cat ${ftmp2}`"
193.     zabbix_sender -c $ZABBIX_CONF -k "dnsbl[ips]" -o "${IPS}" 2>&1 >/dev/null
194.   fi
195.   _exit 0
196. fi
197.  
198. echo -n '' >${reportfile}
199. while read IPline ; do
200.  
201.   echo -n '' >$ftmp1
202.  
203.   # extract Domain from IPline and cut that Domain out of IPline
204.   Domain="`echo "${IPline}" | sed -e 's/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*//g' | sed 's/ *//g'`"
205.   subject="`echo "${Domain}:" | awk '{ printf("%-25s",$0) }'`"
206.   [ -z "${Domain}" ] || IPline="`echo "${IPline}" | sed -e "s/${Domain}//"`"
207.  
208.   for IP in ${IPline} ; do
209.  
210.     set ${IP//./ }
211.     [ -z "${Domain}" ] && subject="`echo "${IP}:" | awk '{ printf("%-18s\n",$0) }'`"
212.  
213.     while read blacklistline ; do
214.  
215.       blacklist=`echo "${blacklistline}" | awk '{print $1}'`
216.       askdns=
217.       echo "${blacklistline}" | grep -q ' 1$' && askdns=${DNServer}
218.  
219.       if host -tA -W$Time "$4.$3.$2.$1.${blacklist}." ${askdns} | grep -q 'has address 127\.0\.0\.' ; then
220.  
221.         TXT="`host -t txt -W$Time "$4.$3.$2.$1.${blacklist}." ${askdns} | grep -o 'descriptive text .*' | cut -b19- | sed 's/\"$//'`"
222.         echo -n "${subject} ${TXT}" >>$ftmp1
223.         [ -z "${TXT}" ] && echo -n "listed @ ${blacklist}" >>$ftmp1
224.         echo '' >>$ftmp1
225.  
226.       fi
227.     done <$ftmp3
228.   done
229.   cat $ftmp1 | tee -a ${reportfile}
230. done <$ftmp2
231.  
232. if [ -s ${reportfile} ] ; then
233.   IPS="`cat ${reportfile}`"
234.   zabbix_sender -c $ZABBIX_CONF -k "dnsbl[chk]" -o "${IPS}" 2>&1 >/dev/null
235. else
236.   echo '.'
237.   [ ${ZABBIX_SENDER} -eq 1 ] && zabbix_sender -c $ZABBIX_CONF -k "dnsbl[chk]" -o "." 2>&1 >/dev/null
238. fi
239. _exit 0