#!/bin/bash VERSION='0.1' VERSION_TEXT="Xymon spam-black-list-check-2.bash script: version ${VERSION}" # # based on http://et.engr.iupui.edu//~dskim/tutorials/bash-advanced/html/communications.html # # clientlaunch.d/spam-black-list-check.cfg #[smart] # ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg # CMD $XYMONCLIENTHOME/ext/spam-black-list-check.cfg # LOGFILE $XYMONCLIENTHOME/logs/spam-black-list-check.cfg # INTERVAL 5m # must install surblhost first (http://surblhost.sourceforge.net) DASHES="
" DASH="
" COLUMN="spam2" HOSTTAG="spam2" COLOR="clear" VERMSG="

Version: ${VERSION}" DATE=$(date) if test ! "$XYMONHOME" then echo "template: XYMONHOME is not set" exit 1 fi ############# # defs needed ############# # Whitespace == :Space:Tab:Line Feed:Carriage Return: WSP_IFS=$'\x20'$'\x09'$'\x0A'$'\x0D' # No Whitespace == Line Feed:Carriage Return No_WSP=$'\x0A'$'\x0D' # Field separator for dotted decimal ip addresses ADR_IFS=${No_WSP}'.' ########################### # functions that are needed ########################### # Get the dns text resource record. # get_txt get_txt() { # Parse $1 by assignment at the dots. local -a dns get_txtResult='(no reason supplied)' IFS=$ADR_IFS dns=( $1 ) IFS=$WSP_IFS if [ "${dns[0]}" == '127' ] then # See if there is a reason. get_txtResult=$(dig +short $2 -t txt) fi } # Get the dns address resource record. # chk_adr chk_adr() { local reply local server local reason server=${1}${2} source=${3} reply=$( dig +short ${server} ) # If reply might be an error code . . . if [ ${#reply} -gt 6 ] then COLOR="RED" get_txt ${reply} ${server} tmp="${source}: ${get_txtResult}
${reply}
" ERROR="${ERROR}
${tmp}
" OUTPUT="${OUTPUT}
${tmp}
" else OUTPUT="${OUTPUT}
${source}: not blacklisted." fi } ${XYMONHOME}/bin/xymongrep "${HOSTTAG}:*" | while read line do # sample line: # 130.39.19.45 reg005.hpc.lsu.edu # OS:linux ssh heartbleed:"reg005.hpc.lsu.edu 443" set $line # To get one line of output from xymongrep HOSTIP="$1" MACHINEDOTS="$2" MACHINE=$(echo $2 | sed 's/\./,/g') shift shift shift startTime=$(date '+%s') token=$(echo $1 | awk -F ':' '{print $1}' | sed 's/"//g') while [[ "${HOSTTAG}" != "${token}" ]] do shift token=$(echo $1 | awk -F ':' '{print $1}' | sed 's/"//g') done server=$(echo $1 | awk -F ':' '{print $2}' | sed 's/"//g') COLOR="GREEN" RESULT="not blacklisted" ERROR="" OUTPUT="" # start actual work ip_adr=$(dig +short ${server}) dns_reply=${ip_adr:-' no answer '} # A valid reply is at least 4 digits plus 3 dots. if [[ ${#ip_adr} -gt 6 ]] then declare query # Parse by assignment at the dots. declare -a dns IFS=$ADR_IFS dns=( ${ip_adr} ) IFS=$WSP_IFS # Reorder octets into dns query order. rev_dns="${dns[3]}"'.'"${dns[2]}"'.'"${dns[1]}"'.'"${dns[0]}"'.' # See: http://www.spamhaus.org (Conservative, well maintained) chk_adr ${rev_dns} 'sbl-xbl.spamhaus.org' 'spamhaus.org' # See: http://www.spamcop.net/ (You can report spammers here) chk_adr ${rev_dns} 'bl.spamcop.net' 'spamcop.net' # See: http://cbl.abuseat.org. chk_adr ${rev_dns} 'cbl.abuseat.org' 'abuseat.org' # See: http://dsbl.org/usage (Various mail relays) chk_adr ${rev_dns} 'list.dsbl.org' 'list.dsbl.org' chk_adr ${rev_dns} 'multihop.dsbl.org' 'multihop.dsbl.org' chk_adr ${rev_dns} 'unconfirmed.dsbl.org' 'unconfirmed.dsbl.org' else ERROR="${server} does not resolve to a valid ip address" COLOR="RED" fi stopTime=$(date '+%s') ((duration = stopTime - startTime)) $XYMON $XYMSRV "status+1h ${MACHINE}.$COLUMN $COLOR $(date) Test originating on $HOSTNAME $HOSTTAG status for host ${server} ($MACHINEDOTS) ${RESULT} ${ERROR}
${OUTPUT} This test leverages spam test from the Advance Bash tutorial: http://www.tldp.org/LDP/abs/html/communications.html#ISSPAMMER
Test required ${duration} seconds.
Version: ${VERSION_TEXT}
" done