#!/bin/bash
#####################################################
# check_rbl
#####################################################
# 17-12-2010 by JP van Melis
#
# Use at your own risk!
#####################################################
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

# If you don't want to use your own DNS-server
# Use Google's, Blank it if you want to use the default always.
DNServer=8.8.8.8
# URL=http://blog.penumbra.be/files/zabbix/rbl_list.txt
URL=http://wd.mirmana.com/dnsbl.txt
dnsbl=/etc/dnsbl.txt
IPAUDITDIR=/home/ipaudit/reports/daily/server2/html

DNSBL=
TESTDNSBL=0
LISTIPS=0
ZABBIX_SENDER=0
ZABBIX_CONF=/etc/zabbix/zabbix_agentd.conf

TouchedToday=
Time=2
DEBUG=0

NAME="$0"
[ -z "`which readlink`" ] || NAME="`readlink -f "${NAME}"`"
BASENAME=`basename "${NAME}"`
reportfile=/var/log/${BASENAME}.report

while getopts zltr:d: name
do
  case $name in
    z)   ZABBIX_SENDER=1;;
    l)   LISTIPS=1;;
    t)   TESTDNSBL=1;;
    r)   reportfile="$OPTARG";;
    d)   DNSBL="$OPTARG";;
    ?)   printf "Usage: %s: [-d] [-l] [-t] [-r <reportfile>] [(<IP>|<domain>|<file>)]\n" $0
    exit 2;;
  esac
done
shift $(($OPTIND - 1))

_exit ()
{
  rm -f $ftmp1 2>/dev/null
  rm -f $ftmp2 2>/dev/null
  rm -f $ftmp3 2>/dev/null
  exit $1
}

if [ ${ZABBIX_SENDER} -eq 1 ] ; then
  [ -e ${ZABBIX_CONF} ] || ZABBIX_CONF=/opt${ZABCONF}
  if [ ! -e ${ZABBIX_CONF} ] ; then
    echo "Unable to find ${ZABBIX_CONF}, can't continue" >&2
    exit 1
  fi
  # zabHOSTNAME=`grep -i ^Hostname ${ZABBIX_CONF} | awk -F= '{print $2}' | awk '{print $1}'`
fi

ftmp1=`mktemp`
ftmp2=`mktemp`
ftmp3=`mktemp`

if [ ${LISTIPS} -eq 0 ] ; then

  # No DNSBL given... use standard file or create one by recursively calling myself
  [ -z "${DNSBL}" ] && [ -e ${dnsbl} ] && [ ! -d ${dnsbl} ] && DNSBL="${dnsbl}"
  if [ -z "${DNSBL}" ] ; then
    echo -e "No ${dnsbl} found...\nI will make an attempt to create one by downloading ${URL}!"
    if wget -O $ftmp3 ${URL} 2>/dev/null ; then
      lines1=`cat $ftmp3 | wc -l`
      # make it look older, so it will get checked next run
      touch -d "last week" $ftmp3
      echo "Downloaded ${lines1} DNSBL's, I will now recursively call myself to clean the file up!"
      $0 -d $ftmp3 -t >${dnsbl}
      lines2=`cat ${dnsbl} | wc -l`
      if [ $lines2 -eq $lines1 ] ; then
        echo "All DNSBL's seem to be valid!"
      else
        echo -e "Only $lines2 survived the test!\n\nThese were found to be invalid:\n"
        while read failed ; do
          grep -q "${failed}" ${dnsbl} || echo "${failed}" | awk '{print $1}' | sed 's/\.$//' | sed "s/.*/host -tA -W$Time 2.0.0.127.&. ; host -tA -W$Time 1.0.0.127.&./"
        done <$ftmp3
      fi
      echo -e "\nThe default DNSBL list (${dnsbl}) is created, you should not see this anymore"
      _exit 1
    else
      echo "Download from ${URL} failed"
      _exit 1
    fi
  elif  [[ $DNSBL =~ / ]]; then
    # Create list from file
    if [ -e "${DNSBL}" ] && [ ! -d "${DNSBL}" ] ; then
      if head -n1 "${DNSBL}" | grep -q '^[-0-9A-Za-z_.]* [01]$' ; then
        cp -p "${DNSBL}" $ftmp2
        TouchedToday="$(find "${DNSBL%/*}" -maxdepth 1 -name "${DNSBL##*/}"  -mtime 0)"
      else
        awk '{print $1}' "${DNSBL}" | grep -o '[-0-9A-Za-z_.]*' | sed 's/\.$//' >$ftmp2
      fi
    fi
  else
    # Create list from command-line parameter
    echo "${DNSBL}" | grep -o '[-0-9A-Za-z_.]*' | sed 's/\.$//' >$ftmp2
  fi

  # if file is unchecked or its first line doesn't end with ' 0' oe ' 1'
  if [ -z "${TouchedToday}" ] ; then
    # Check if DNSBL-server is working
    while read blacklistline ; do
      # remove a trailing dot, so we can add one without making a duplicate
      blacklist=`echo "${blacklistline}" | awk '{print $1}' | sed 's/\.$//'`
      if host -tA -W$Time 2.0.0.127.${blacklist}. ${DNServer} | grep -q 'has address 127\.0\.0\.' ; then
        host -tA -W$Time 1.0.0.127.${blacklist}. ${DNServer} | grep -q 'has address 127\.0\.0\.2' || echo "${blacklist} 1" >>${ftmp3}
      elif [ ! -z "${DNServer}" ] ; then
        if host -tA -W$Time 2.0.0.127.${blacklist}. | grep -q 'has address 127\.0\.0\.' ; then
          host -tA -W$Time 1.0.0.127.${blacklist}. | grep -q 'has address 127\.0\.0\.2' || echo "${blacklist} 0" >>${ftmp3}
        fi
      fi
    done<${ftmp2}
  else
    cp -p $ftmp2 $ftmp3
  fi

  if [ ! -s ${ftmp3} ] ; then
    echo "No valid DNSBL-servers found"
    _exit 1
  elif echo "${DNSBL}" | grep -q '/' ; then
    if [ -z "${TouchedToday}" ] ; then
      # If a file is used for the DNSBL's then check if all are valid..
      # If so, then 'touch it', so it doesn't need checking today.
      lines1=`cat "${DNSBL}" | wc -l`
      lines2=`cat "${ftmp3}" | wc -l`
      [ $lines1 -eq $lines2 ] && touch "${DNSBL}"
    fi
  fi

  if [ $TESTDNSBL -eq 1 ] ; then
    sort -u ${ftmp3}
    if [ ${ZABBIX_SENDER} -eq 1 ] ; then
      DNSBLS="`cat ${ftmp3}`"
      zabbix_sender -c $ZABBIX_CONF -k "dnsbl[dnsbl]" -o "${DNSBLS}" 2>&1 >/dev/null
    fi
    _exit 0
  fi

  [ -s ${ftmp3} ] || exit 1
fi

# delete surrounding spaces
IPSTOTEST="`echo "$*" | sed 's/^ *//;s/ *$//'`"

if [ -z "${IPSTOTEST}" ] ; then
  if [ -d "${IPAUDITDIR}" ] ; then
    # check IPaudit's daily list
    fname=`ls -1t ${IPAUDITDIR}/*.html 2>/dev/null | head -n1`
    [ -e "${fname}" ] && grep -o 'remote_port=25&ip=[0-9.]*' "${fname}" |  awk -F= '{print $3}' | sed 's/^0*//;s/\.0*/./g' >$ftmp1
  else
    wget -O - http://checkip.dyndns.org/ 2>/dev/null | grep -io 'IP Address: [0-9.]*' | awk '{print $3}' >$ftmp1
  fi
elif echo "${IPSTOTEST}" | grep -q '/' ; then
  [ -e "${IPSTOTEST}" ] && grep -o '[-0-9A-Za-z_.]*' "${IPSTOTEST}" | sed 's/\.$//' >$ftmp1
else
  echo "${IPSTOTEST}" | grep -o '[-0-9A-Za-z_.]*' | sed 's/\.$//' >$ftmp1
fi

# Convert host names to IP's if it's not done already.
echo -n '' >$ftmp2
while read IP ; do
  if echo "${IP}" | egrep -q '^([0-9]{1,3}\.){3}[0-9]{1,3}$' ; then
    echo "${IP}" >>$ftmp2
  else
    # extract all IP's and concatenate domain to it
    ResolvedIP="`host -tA "${IP}." | grep -o 'has address [0-9.]*' | awk '{printf "%s ", $3}'`"
    [ -z "${ResolvedIP}" ] || echo "${ResolvedIP}${IP}." >>$ftmp2
  fi
done <$ftmp1

if [ ! -s ${ftmp2} ] ; then
  echo "NO IP's found" 2>/dev/null
  _exit 1
fi

if [ ${LISTIPS} -eq 1 ] ; then
  cat ${ftmp2}

  if [ ${ZABBIX_SENDER} -eq 1 ] ; then
    IPS="`cat ${ftmp2}`"
    zabbix_sender -c $ZABBIX_CONF -k "dnsbl[ips]" -o "${IPS}" 2>&1 >/dev/null
  fi
  _exit 0
fi

echo -n '' >${reportfile}
while read IPline ; do

  echo -n '' >$ftmp1

  # extract Domain from IPline and cut that Domain out of IPline
  Domain="`echo "${IPline}" | sed -e 's/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*//g' | sed 's/ *//g'`"
  subject="`echo "${Domain}:" | awk '{ printf("%-25s",$0) }'`"
  [ -z "${Domain}" ] || IPline="`echo "${IPline}" | sed -e "s/${Domain}//"`"

  for IP in ${IPline} ; do

    set ${IP//./ }
    [ -z "${Domain}" ] && subject="`echo "${IP}:" | awk '{ printf("%-18s\n",$0) }'`"

    while read blacklistline ; do

      blacklist=`echo "${blacklistline}" | awk '{print $1}'`
      askdns=
      echo "${blacklistline}" | grep -q ' 1$' && askdns=${DNServer}

      if host -tA -W$Time "$4.$3.$2.$1.${blacklist}." ${askdns} | grep -q 'has address 127\.0\.0\.' ; then

        TXT="`host -t txt -W$Time "$4.$3.$2.$1.${blacklist}." ${askdns} | grep -o 'descriptive text .*' | cut -b19- | sed 's/\"$//'`"
        echo -n "${subject} ${TXT}" >>$ftmp1
        [ -z "${TXT}" ] && echo -n "listed @ ${blacklist}" >>$ftmp1
        echo '' >>$ftmp1

      fi
    done <$ftmp3
  done
  cat $ftmp1 | tee -a ${reportfile}
done <$ftmp2

if [ -s ${reportfile} ] ; then
  IPS="`cat ${reportfile}`"
  zabbix_sender -c $ZABBIX_CONF -k "dnsbl[chk]" -o "${IPS}" 2>&1 >/dev/null
else
  echo '.'
  [ ${ZABBIX_SENDER} -eq 1 ] && zabbix_sender -c $ZABBIX_CONF -k "dnsbl[chk]" -o "." 2>&1 >/dev/null
fi
_exit 0