From 8017a63d26f07d47ea8356588d7b38af952a5da5 Mon Sep 17 00:00:00 2001 From: Stanley Hopcroft Date: Mon, 29 Nov 2004 05:07:34 +0000 Subject: *** empty log message *** git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@949 f882894a-f735-0410-b71e-b25c423dba1c --- contrib/README.TXT | 2 + contrib/rblcheck-dns | 69 +++++++++++++++++++++++++++++++++ contrib/rblcheck-web | 37 ++++++++++++++++++ contrib/tarballs/check_icmp-0.8.tar.gz | Bin 0 -> 12944 bytes 4 files changed, 108 insertions(+) create mode 100755 contrib/rblcheck-dns create mode 100755 contrib/rblcheck-web create mode 100644 contrib/tarballs/check_icmp-0.8.tar.gz diff --git a/contrib/README.TXT b/contrib/README.TXT index 6544e596..7543a5a3 100644 --- a/contrib/README.TXT +++ b/contrib/README.TXT @@ -55,3 +55,5 @@ fetchlog-0.94.tar.gz - C program: The fetchlog utility displays the last new m remote logfiles. The README shows how to setup fetchlog for Nagios. (Alexander Haderer) +check_icmp-0.8.tar.gz - C program: check_icmp is an alternative to check_ping that doesn't require the ping + utility or any other executable. diff --git a/contrib/rblcheck-dns b/contrib/rblcheck-dns new file mode 100755 index 00000000..5e96195f --- /dev/null +++ b/contrib/rblcheck-dns @@ -0,0 +1,69 @@ +#!/usr/bin/perl +# Multi-RBL Query tool, developer Vikram +use strict; +use Socket; +my $suspect = $ARGV[1]; + +die "Syntax: $0 -H \n" unless $suspect; + +my @rblservers=qw[ + 3y.spam.mrs.kithrup.com + block.blars.org + bl.redhatgate.com + blackholes.five-ten-sg.com + blackholes.intersil.net + blackholes.mail-abuse.org + blackholes.wirehub.net + blacklist.spambag.org + dev.null.dk + dews.qmail.org + dialup.blacklist.jippg.org + dialups.mail-abuse.org + dnsbl.njabl.org + dul.maps.vix.com + dul.orca.bc.ca + dynablock.wirehub.net + formmail.relays.monkeys.com + ipwhois.rfc-ignorant.org + list.dsbl.org + multihop.dsbl.org + okrelays.nthelp.com + pm0-no-more.compu.net + proxies.relays.monkeys.com + rbl-plus.mail-abuse.org + rbl.maps.vix.com + rbl.spam.org.tr + relays.mail-abuse.org + relays.nthelp.com + relays.ordb.org + relays.radparker.com + relays.visi.com + sbl.spamhaus.org + spamguard.leadmon.net + spammers.v6net.org + spamsources.fabel.dk + spews.org + unconfirmed.dsbl.org + xbl.selwerd.cx +]; + + +my $spam = 0; +foreach ( @rblservers ) { + my @s = split('\.',$suspect); + my $req = "$s[3].$s[2].$s[1].$s[0].".$_; + + my ($name,$aliases,$addrtype,$length,@addrs) = gethostbyname($req); + next unless (@addrs); + + my $result = inet_ntoa($addrs[0]); + #next unless (substr($result, 7) eq '127.0.0'); + + print "$suspect is listed in the following RBLS: " if ( $spam == 0 ); + print $_, " "; + $spam = 1; +} + +print "$suspect is not listed in any RBLS" if ( $spam == 0 ); +print "\n"; +exit( $spam ); diff --git a/contrib/rblcheck-web b/contrib/rblcheck-web new file mode 100755 index 00000000..eb4fcdec --- /dev/null +++ b/contrib/rblcheck-web @@ -0,0 +1,37 @@ +#!/usr/bin/perl +# Multi-RBL Query tool, developer Vikram +use IO::Socket::INET; + +die "Syntax: $0 -H \n" unless $ARGV[1]; + +$soc = new IO::Socket::INET->new(PeerPort=>80, +Proto=>'tcp', +PeerAddr=>"rbls.org") or die("Cannot connect to CERT"); + +$ip = $ARGV[1]; +$uri = '/?q='.$ip; + +$soc->send("GET $uri HTTP/1.1\nHost: rbls.org\n\n"); +@buff = <$soc>; +delete @buff[0..7]; +$len = @buff; + +$alert = 0; + + +for( $i=0;$i<$len;$i++ ) { + next unless( defined $buff[$i] ); + chomp($buff[$i]); + #print "$buff[$i]\n"; + + if ( $buff[$i] eq "" ) { + $rbl = substr($buff[$i+1], 5, index($buff[$i], "") - 5); + next if ( index($rbl, '.') == -1 ); + print "$ip is listed in the following RBLS: " if ( $alert == 0 ); + print "$rbl "; + $alert = 1; + } +} +print "$ip is not listed in any RBLS" if ( $alert == 0 ); +print "\n"; +exit($alert); diff --git a/contrib/tarballs/check_icmp-0.8.tar.gz b/contrib/tarballs/check_icmp-0.8.tar.gz new file mode 100644 index 00000000..2ee5db01 Binary files /dev/null and b/contrib/tarballs/check_icmp-0.8.tar.gz differ -- cgit v1.2.3-74-g34f1