#!/bin/bash
VERSION='0.1'
VERSION_TEXT="Xymon spam-black-list-check-2.bash script: version ${VERSION}"
#
# based on http://et.engr.iupui.edu//~dskim/tutorials/bash-advanced/html/communications.html
#
# clientlaunch.d/spam-black-list-check.cfg
#[smart]
# ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
# CMD $XYMONCLIENTHOME/ext/spam-black-list-check.cfg
# LOGFILE $XYMONCLIENTHOME/logs/spam-black-list-check.cfg
# INTERVAL 5m
# must install surblhost first (http://surblhost.sourceforge.net)
DASHES="
"
DASH="
"
COLUMN="spam2"
HOSTTAG="spam2"
COLOR="clear"
VERMSG="
Version: ${VERSION}"
DATE=$(date)
if test ! "$XYMONHOME"
then
echo "template: XYMONHOME is not set"
exit 1
fi
#############
# defs needed
#############
# Whitespace == :Space:Tab:Line Feed:Carriage Return:
WSP_IFS=$'\x20'$'\x09'$'\x0A'$'\x0D'
# No Whitespace == Line Feed:Carriage Return
No_WSP=$'\x0A'$'\x0D'
# Field separator for dotted decimal ip addresses
ADR_IFS=${No_WSP}'.'
###########################
# functions that are needed
###########################
# Get the dns text resource record.
# get_txt
get_txt() {
# Parse $1 by assignment at the dots.
local -a dns
get_txtResult='(no reason supplied)'
IFS=$ADR_IFS
dns=( $1 )
IFS=$WSP_IFS
if [ "${dns[0]}" == '127' ]
then
# See if there is a reason.
get_txtResult=$(dig +short $2 -t txt)
fi
}
# Get the dns address resource record.
# chk_adr
chk_adr() {
local reply
local server
local reason
server=${1}${2}
source=${3}
reply=$( dig +short ${server} )
# If reply might be an error code . . .
if [ ${#reply} -gt 6 ]
then
COLOR="RED"
get_txt ${reply} ${server}
tmp="${source}: ${get_txtResult}
${reply}
"
ERROR="${ERROR}
${tmp}
"
OUTPUT="${OUTPUT}
${tmp}
"
else
OUTPUT="${OUTPUT}
${source}: not blacklisted."
fi
}
${XYMONHOME}/bin/xymongrep "${HOSTTAG}:*" | while read line
do
# sample line:
# 130.39.19.45 reg005.hpc.lsu.edu # OS:linux ssh heartbleed:"reg005.hpc.lsu.edu 443"
set $line # To get one line of output from xymongrep
HOSTIP="$1"
MACHINEDOTS="$2"
MACHINE=$(echo $2 | sed 's/\./,/g')
shift
shift
shift
startTime=$(date '+%s')
token=$(echo $1 | awk -F ':' '{print $1}' | sed 's/"//g')
while [[ "${HOSTTAG}" != "${token}" ]]
do
shift
token=$(echo $1 | awk -F ':' '{print $1}' | sed 's/"//g')
done
server=$(echo $1 | awk -F ':' '{print $2}' | sed 's/"//g')
COLOR="GREEN"
RESULT="not blacklisted"
ERROR=""
OUTPUT=""
# start actual work
ip_adr=$(dig +short ${server})
dns_reply=${ip_adr:-' no answer '}
# A valid reply is at least 4 digits plus 3 dots.
if [[ ${#ip_adr} -gt 6 ]]
then
declare query
# Parse by assignment at the dots.
declare -a dns
IFS=$ADR_IFS
dns=( ${ip_adr} )
IFS=$WSP_IFS
# Reorder octets into dns query order.
rev_dns="${dns[3]}"'.'"${dns[2]}"'.'"${dns[1]}"'.'"${dns[0]}"'.'
# See: http://www.spamhaus.org (Conservative, well maintained)
chk_adr ${rev_dns} 'sbl-xbl.spamhaus.org' 'spamhaus.org'
# See: http://www.spamcop.net/ (You can report spammers here)
chk_adr ${rev_dns} 'bl.spamcop.net' 'spamcop.net'
# See: http://cbl.abuseat.org.
chk_adr ${rev_dns} 'cbl.abuseat.org' 'abuseat.org'
# See: http://dsbl.org/usage (Various mail relays)
chk_adr ${rev_dns} 'list.dsbl.org' 'list.dsbl.org'
chk_adr ${rev_dns} 'multihop.dsbl.org' 'multihop.dsbl.org'
chk_adr ${rev_dns} 'unconfirmed.dsbl.org' 'unconfirmed.dsbl.org'
else
ERROR="${server} does not resolve to a valid ip address"
COLOR="RED"
fi
stopTime=$(date '+%s')
((duration = stopTime - startTime))
$XYMON $XYMSRV "status+1h ${MACHINE}.$COLUMN $COLOR $(date)
Test originating on $HOSTNAME
$HOSTTAG status for host ${server} ($MACHINEDOTS)
${RESULT}
${ERROR}
${OUTPUT}
This test leverages spam test from the Advance Bash tutorial:
http://www.tldp.org/LDP/abs/html/communications.html#ISSPAMMER
Test required ${duration} seconds.
Version: ${VERSION_TEXT}
"
done