Current File : //lib64/nagios/plugins/nccustom/check_mailip.py
#!/usr/libexec/platform-python
"""
The Nagios plugin to check outgoing mail IP's.
Copyright Taras K.
version 0.4.3
"""
try:
from random import choice
import sys
import re
import dns.name
import dns.message
import dns.query
import dns.resolver
import dns.reversename
except ImportError:
print("CRITICAL - Module dns import error.")
sys.exit(2)
omi_file = '/etc/outgoingmailip'
dip_file = '/etc/domainips'
is_dedicated = False
omi_fd = open(omi_file, 'r')
dip_fd = open(dip_file, 'r')
omi = omi_fd.readline()
omi = omi.rstrip()
def only_ip(rrdata, lname_server):
ippat = r'\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}'
match = re.search(ippat, rrdata)
if match:
return match.group()
else:
print("WARNING - Got bad answer from NS: "+lname_server)
sys.exit(1)
def get_ns(domain):
nc_ns = ('216.87.155.33','216.87.152.33')
rootns = ('198.41.0.4', '192.228.79.201',
'192.33.4.12', '199.7.91.13', '192.203.230.10', '192.5.5.241',
'192.112.36.4', '128.63.2.53', '192.58.128.30',
'193.0.14.129', '202.12.27.33')
check_domain = domain
srootns = choice(rootns)
cleaned_domain = domain.split('.')
if not cleaned_domain[-1].endswith('.'):
cleaned_domain.extend('.')
cleaned_domain.reverse()
if '' in cleaned_domain:
cleaned_domain.remove('')
# Split into parts in reverse for easier
# querying ['.','com.', 'google.com.', www.google.com.']
i = 1
while i < len(cleaned_domain):
if i == 1:
cleaned_domain[i] = cleaned_domain[i]+cleaned_domain[i-1]
else:
cleaned_domain[i] = cleaned_domain[i]+'.'+cleaned_domain[i-1]
i += 1
additional_ns = []
for domain in cleaned_domain[1:]:
name_server = srootns
ndomain = dns.name.from_text(check_domain)
request = dns.message.make_query(ndomain, dns.rdatatype.NS)
if additional_ns:
name_server = choice(additional_ns)
try:
response = dns.query.udp(request, name_server, timeout=10)
except dns.exception.Timeout:
print("WARNING - Dns query timed out. NS is unreachable.")
sys.exit(1)
additional_ns = []
# Skip IPv6
for item in response.additional:
if 'IN AAAA' not in item.to_text():
ip_ns = only_ip(item.to_text(), name_server)
if ip_ns:
additional_ns.append(only_ip(ip_ns, name_server))
if additional_ns:
LNS = choice(additional_ns)
else:
LNS = choice(nc_ns)
return LNS
def check_ptr(ip):
result = False
try:
my_resolver = dns.resolver.Resolver(configure=False)
my_resolver.nameservers = ['4.2.2.3', '8.8.8.8', '8.8.4.4']
ip_reverse_name = dns.reversename.from_address(ip)
resolved_name = str(my_resolver.query(ip_reverse_name, 'ptr')[0])
resolved_name = resolved_name.rstrip('.')
# my_ns = get_ns(resolved_name)
# my_resolver.nameservers = [my_ns]
a_record = my_resolver.query(resolved_name)[0]
if str(a_record) == str(ip):
result = True
else:
result = False
except dns.resolver.NXDOMAIN as myNX:
print("CRITICAL - There is no A record in DNS")
sys.exit(2)
except Exception as my_exp:
print("WARNING - General exception")
sys.exit(1)
return result
if check_ptr(omi) is False:
print("CRITICAL - Outgoing mail IP!!! PTR and A record doesn't match.")
sys.exit(2)
for line in dip_fd:
if '#' not in line:
line_splitted = line.split(':')
if line_splitted[0] == omi:
is_dedicated = True
if not is_dedicated:
print("OK - Outgoing mail IP is OK")
sys.exit(0)
else:
print("CRITICAL - Outgoing mail IP is owned by client.")
sys.exit(2)