Last active
December 17, 2015 22:49
-
-
Save crashdump/5685096 to your computer and use it in GitHub Desktop.
Check a hostname (or an ip) against a list of dnsrbls. * dns roundrobin aware: If the domain have multiples ips, then the check is ran for all of them. I've also provided a template if you want to use it with Zabbix as an External Check: - Configure ExternalScripts variable in zabbix_server.conf - Put the script (check-dnsrbl.py and check-dnsrbl…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
import time, socket, sys, argparse | |
from multiprocessing.pool import ThreadPool | |
DNSRBL_LIST='/etc/zabbix/externalscripts/check-dnsrbl.txt' | |
result_list = [] | |
def reverse_host(host, separator='.'): | |
host_list = host.split(separator) | |
host_list_reversed = [] | |
n = len(host_list) | |
while n != 0: | |
host_list_reversed.append(host_list[n-1]) | |
n -= 1 | |
continue | |
return separator.join(host_list_reversed) | |
def dns_req(dnsrbl, host, args): | |
req_start_time = time.time() | |
try: | |
if socket.gethostbyname("%s.%s" % (reverse_host(host), dnsrbl)).startswith("127"): | |
if not args.count: | |
sys.stdout.write("%s listed on %s (request time: %.2f)\n" % (host, dnsrbl, time.time() - req_start_time)) | |
return (host, dnsrbl) | |
except socket.gaierror: | |
if args.verbose: | |
sys.stdout.write("%s not listed on %s (request time: %.2f)\n" % (host, dnsrbl, time.time() - req_start_time)) | |
return False | |
def log_result(is_listed): | |
if is_listed: | |
result_list.append(is_listed) | |
def main(): | |
parser = argparse.ArgumentParser() | |
parser.add_argument('host', help='The host or hostname you want to check') | |
parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output') | |
parser.add_argument('-c', '--count', action='store_true', help='Count results only') | |
parser.add_argument('-l', '--list', action='store_true', help='Lists the DNS blacklists in use') | |
args = parser.parse_args() | |
try: | |
socket.gethostbyname_ex(args.host) | |
except socket.gaierror: | |
sys.exit("Cannot resolve host !") | |
with open(DNSRBL_LIST, 'r') as f: | |
dnsrbl_list = [line.strip() for line in f] | |
if args.list: | |
for dnsrbl in dnsrbl_list: | |
print dnsrbl | |
exit(0) | |
pool = ThreadPool(processes=12) | |
for host in socket.gethostbyname_ex(args.host)[2]: | |
for dnsrbl in dnsrbl_list: | |
async_result = pool.apply_async(dns_req, (dnsrbl, host, args), callback=log_result) | |
pool.close() | |
pool.join() | |
if args.count: | |
sys.stdout.write("%s\n" % len(result_list)) | |
if __name__ == "__main__": | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<zabbix_export> | |
<version>2.0</version> | |
<date>2013-06-03T12:26:17Z</date> | |
<groups> | |
<group> | |
<name>Templates</name> | |
</group> | |
</groups> | |
<templates> | |
<template> | |
<template>Template External Check - DNSRBL</template> | |
<name>Template External Check - DNSRBL</name> | |
<groups> | |
<group> | |
<name>Templates</name> | |
</group> | |
</groups> | |
<applications> | |
<application> | |
<name>DNSRBL</name> | |
</application> | |
</applications> | |
<items> | |
<item> | |
<name>List of checked DNS blacklists</name> | |
<type>10</type> | |
<snmp_community/> | |
<multiplier>0</multiplier> | |
<snmp_oid/> | |
<key>check-dnsrbl.py["-l","{HOST.NAME}"]</key> | |
<delay>14400</delay> | |
<history>90</history> | |
<trends>365</trends> | |
<status>0</status> | |
<value_type>4</value_type> | |
<allowed_hosts/> | |
<units/> | |
<delta>0</delta> | |
<snmpv3_securityname/> | |
<snmpv3_securitylevel>0</snmpv3_securitylevel> | |
<snmpv3_authpassphrase/> | |
<snmpv3_privpassphrase/> | |
<formula>1</formula> | |
<delay_flex/> | |
<params/> | |
<ipmi_sensor/> | |
<data_type>0</data_type> | |
<authtype>0</authtype> | |
<username/> | |
<password/> | |
<publickey/> | |
<privatekey/> | |
<port/> | |
<description/> | |
<inventory_link>0</inventory_link> | |
<applications> | |
<application> | |
<name>DNSRBL</name> | |
</application> | |
</applications> | |
<valuemap/> | |
</item> | |
<item> | |
<name>List of DNS blacklists where server IP is defined</name> | |
<type>10</type> | |
<snmp_community/> | |
<multiplier>0</multiplier> | |
<snmp_oid/> | |
<key>check-dnsrbl.py["{HOST.NAME}"]</key> | |
<delay>14400</delay> | |
<history>90</history> | |
<trends>365</trends> | |
<status>0</status> | |
<value_type>4</value_type> | |
<allowed_hosts/> | |
<units/> | |
<delta>0</delta> | |
<snmpv3_securityname/> | |
<snmpv3_securitylevel>0</snmpv3_securitylevel> | |
<snmpv3_authpassphrase/> | |
<snmpv3_privpassphrase/> | |
<formula>1</formula> | |
<delay_flex/> | |
<params/> | |
<ipmi_sensor/> | |
<data_type>0</data_type> | |
<authtype>0</authtype> | |
<username/> | |
<password/> | |
<publickey/> | |
<privatekey/> | |
<port/> | |
<description/> | |
<inventory_link>0</inventory_link> | |
<applications> | |
<application> | |
<name>DNSRBL</name> | |
</application> | |
</applications> | |
<valuemap/> | |
</item> | |
<item> | |
<name>Number of DNS blacklists where server IP is defined</name> | |
<type>10</type> | |
<snmp_community/> | |
<multiplier>0</multiplier> | |
<snmp_oid/> | |
<key>check-dnsrbl.py["-c","{HOST.NAME}"]</key> | |
<delay>8200</delay> | |
<history>90</history> | |
<trends>365</trends> | |
<status>0</status> | |
<value_type>0</value_type> | |
<allowed_hosts/> | |
<units/> | |
<delta>0</delta> | |
<snmpv3_securityname/> | |
<snmpv3_securitylevel>0</snmpv3_securitylevel> | |
<snmpv3_authpassphrase/> | |
<snmpv3_privpassphrase/> | |
<formula>1</formula> | |
<delay_flex/> | |
<params/> | |
<ipmi_sensor/> | |
<data_type>0</data_type> | |
<authtype>0</authtype> | |
<username/> | |
<password/> | |
<publickey/> | |
<privatekey/> | |
<port/> | |
<description/> | |
<inventory_link>0</inventory_link> | |
<applications> | |
<application> | |
<name>DNSRBL</name> | |
</application> | |
</applications> | |
<valuemap/> | |
</item> | |
</items> | |
<discovery_rules/> | |
<macros/> | |
<templates/> | |
<screens/> | |
</template> | |
</templates> | |
<triggers> | |
<trigger> | |
<expression>{Template External Check - DNSRBL:check-dnsrbl.py["-c","{HOST.NAME}"].last(0)}>0</expression> | |
<name>{HOSTNAME} exist in {ITEM.LASTVALUE} blacklist !</name> | |
<url/> | |
<status>0</status> | |
<priority>2</priority> | |
<description/> | |
<type>0</type> | |
<dependencies/> | |
</trigger> | |
</triggers> | |
</zabbix_export> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b.barracudacentral.org | |
blackholes.five-ten-sg.com | |
blacklist.woody.ch | |
bl.deadbeef.com | |
bl.emailbasura.org | |
bl.spamcannibal.org | |
bl.spamcop.net | |
bogons.cymru.com | |
cbl.abuseat.org | |
cdl.anti-spam.org.cn | |
combined.abuse.ch | |
db.wpbl.info | |
dnsbl-1.uceprotect.net | |
dnsbl-2.uceprotect.net | |
dnsbl-3.uceprotect.net | |
dnsbl.ahbl.org | |
dnsbl.inps.de | |
dnsbl.sorbs.net | |
drone.abuse.ch | |
duinv.aupads.org | |
dul.dnsbl.sorbs.net | |
dul.ru | |
dyna.spamrats.com | |
http.dnsbl.sorbs.net | |
ips.backscatterer.org | |
ix.dnsbl.manitu.net | |
korea.services.net | |
misc.dnsbl.sorbs.net | |
noptr.spamrats.com | |
orvedb.aupads.org | |
pbl.spamhaus.org | |
proxy.bl.gweep.ca | |
proxy.block.transip.nl | |
rbl.interserver.net | |
relays.bl.gweep.ca | |
relays.bl.kundenserver.de | |
relays.nether.net | |
residential.block.transip.nl | |
sbl.spamhaus.org | |
smtp.dnsbl.sorbs.net | |
socks.dnsbl.sorbs.net | |
spam.abuse.ch | |
spam.dnsbl.sorbs.net | |
spamlist.or.kr | |
spamrbl.imp.ch | |
spam.spamrats.com | |
tor.ahbl.org | |
tor.dnsbl.sectoor.de | |
torserver.tor.dnsbl.sectoor.de | |
ubl.lashback.com | |
ubl.unsubscore.com | |
virbl.bit.nl | |
virus.rbl.jp | |
web.dnsbl.sorbs.net | |
wormrbl.imp.ch | |
xbl.spamhaus.org | |
zen.spamhaus.org | |
zombie.dnsbl.sorbs.net |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment