Automatically check DNS Blackhole Lists (DNSBL)
If you are providing services like SMTP, DNS or similar to your customers, those services might be misused and you could end up getting your servers IP addresses blacklisted on various Domain Name System Blackhole Lists (DNSBL).
Requirements
- CentOS/RHEL
-
# yum install bind-utils
-
- Debian/Ubuntu
-
# apt-get install dnsutils
-
How it works
This template utilizes External Checks. The script "check_dnsbl.sh" is run with parameters for the hostname of the server you wish to check and which DNSBL you wish to check against. It simply returns "0" if the server is not listed and "1" if it is.
The template has 5 pre-made items and corresponding triggers. The items should be pretty self-explanatory. Example: check_dnsbl.sh[{HOST.DNS},zen.spamhaus.org]
You can change the existing DNSBL servers in the template or add your own, although the ones already added should cover most users quite well.
"{HOST.DNS}" is a macro that uses the DNS name you have specified for your hosts on their interfaces. The script requires the use of DNS names for it to function, however the script and template can be modified to use IP addresses only. I wouldn't recommended this though, since not using host names is bad practice anyway.
The default DNSBL's used are: b.barracudacentral.org, bl.spamcop.net, cbl.abuseat.org, dnsbl.sorbs.net and zen.spamhaus.org.
Disclaimer
Verifying if your servers are indeed blacklisted doesn't just require you to initiate a DNS question towards any DNSBL. It requires you to use a reputable one. Otherwise you might end up with false-positives or outdated answers. Always research your DNSBL provider and read through their documentation to find out exactly how they populate and update their database.
Instructions - Are your servers Blacklisted?
- Copy "check_dnsbl.sh" to your Zabbix Servers and Proxies and place it in "/usr/local/share/zabbix/externalscripts" *
- * Check your server and proxy configuration file for the correct folder, look for the tag "ExternalScripts"
- Make the script executable: chmod +x /usr/local/share/zabbix/externalscripts/check_dnsbl.sh
- Create the following value map (Administration -> General -> Value mapping: Create value map)
- Name: IP Blacklist
0 -> Not listed
1 -> Listed
- Name: IP Blacklist
- Import the template and assign it to your host(s).
Listing Details
1 version, '2016-04-08 21:22' modified