From ea484712156409ffde04c15f45e703c9b939c339 Mon Sep 17 00:00:00 2001 From: Cyberes Date: Wed, 28 Feb 2024 14:07:09 -0700 Subject: [PATCH] add check_external_ip_dynamic, delete auto-acknowledge-apt.py --- Other/auto-acknowledge-apt.py | 32 --------------- check_external_ip_dynamic.sh | 52 ++++++++++++++++++++++++ check_external_ip_dynamic_cf.sh | 71 +++++++++++++++++++++++++++++++++ packages.txt | 1 + 4 files changed, 124 insertions(+), 32 deletions(-) delete mode 100755 Other/auto-acknowledge-apt.py create mode 100755 check_external_ip_dynamic.sh create mode 100755 check_external_ip_dynamic_cf.sh diff --git a/Other/auto-acknowledge-apt.py b/Other/auto-acknowledge-apt.py deleted file mode 100755 index 593c9c0..0000000 --- a/Other/auto-acknowledge-apt.py +++ /dev/null @@ -1,32 +0,0 @@ -import argparse -import json -import time - -import requests -from urllib3.exceptions import InsecureRequestWarning - -parser = argparse.ArgumentParser(description='Check OPNsense network traffic for a host.') -parser.add_argument('--api', required=True, help='Full URL to your Icinga2 API.') -parser.add_argument('--user', required=True, help='API username.') -parser.add_argument('--password', required=True, help='API password.') -args = parser.parse_args() - -# Acknowledge all services that meet this filter. -requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) -payload = { - "type": "Service", - "filter": "service.name == \"apt\" && service.acknowledgement == 0", - "author": "Auto-Acknowledgement Script", - "comment": "This alert has been automatically acknowledged.", - "notify": True, - "pretty": True -} - -while True: - response = requests.post(f'{args.api}/v1/actions/acknowledge-problem', headers={"Accept": "application/json"}, auth=(args.user, args.password), data=json.dumps(payload), verify=False) - if response.status_code == 200: - print("All pending alerts have been acknowledged.") - else: - print("Failed to acknowledge the alerts. Status code:", response.status_code) - print(response.text) - time.sleep(60) diff --git a/check_external_ip_dynamic.sh b/check_external_ip_dynamic.sh new file mode 100755 index 0000000..5881eb5 --- /dev/null +++ b/check_external_ip_dynamic.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +usage() { + echo "Usage: $0 -i -d -r " + exit 1 +} + +IP_CHECKER="" +DOMAIN="" +DNS_SERVER="" + +while getopts "i:d:r:" opt; do + case ${opt} in + i ) + IP_CHECKER=$OPTARG + ;; + d ) + DOMAIN=$OPTARG + ;; + r ) + DNS_SERVER=$OPTARG + ;; + \? ) + echo "Invalid option: $OPTARG" 1>&2 + usage + exit 1 + ;; + : ) + echo "Invalid option: $OPTARG requires an argument" 1>&2 + usage + exit 1 + ;; + esac +done +shift $((OPTIND -1)) + +if [ -z "$IP_CHECKER" ] || [ -z "$DOMAIN" ] || [ -z "$DNS_SERVER" ]; then + echo "All parameters are required" + usage + exit 1 +fi + +CURRENT_IP=$(curl -s "$IP_CHECKER") +RESOLVED_IP=$(dig +short @$DNS_SERVER $DOMAIN | head -n 1) + +if [ "$CURRENT_IP" == "$RESOLVED_IP" ]; then + echo "OK - $DOMAIN resolves to $CURRENT_IP" + exit 1 +else + echo "CRITICAL - $DOMAIN does not resolve to $CURRENT_IP. Resolved: $RESOLVED_IP" + exit 2 +fi diff --git a/check_external_ip_dynamic_cf.sh b/check_external_ip_dynamic_cf.sh new file mode 100755 index 0000000..5362a33 --- /dev/null +++ b/check_external_ip_dynamic_cf.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Function to display usage +usage() { + echo "Usage: $0 -d domain -u email -k key -i ip_checker" + echo " -d The domain to check" + echo " -u The Cloudflare email" + echo " -k The Cloudflare API key" + echo " -i The IP checker service URL" + echo " -e The expected IP of the domain. Optional, use instead of -i" + exit 1 +} + +expected_ip="" + +while getopts d:u:k:i:e: flag +do + case "${flag}" in + d) domain=${OPTARG};; + u) email=${OPTARG};; + k) key=${OPTARG};; + i) ip_checker=${OPTARG};; + e) expected_ip=${OPTARG};; + *) usage;; + esac +done + +# Check that all arguments were provided +if [ -z "$domain" ] || [ -z "$email" ] || [ -z "$key" ] || [ -z "$ip_checker" ]; then + usage +fi + +# Get the zone id for the domain +response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones?name=$domain" \ + -H "Authorization: Bearer $key" \ + -H "Content-Type: application/json") + +http_code=$(echo "$response" | tail -n1) +if [ "$http_code" != "200" ]; then + echo "Failed to get zone id for $domain, HTTP status code was $http_code" + exit 1 +fi + +zone_id=$(echo "$response" | head -n-1 | jq -r '.result[0].id') + +# Get the A record for the domain +response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records?type=A&name=$domain" \ + -H "Authorization: Bearer $key" \ + -H "Content-Type: application/json") + +http_code=$(echo "$response" | tail -n1) +if [ "$http_code" != "200" ]; then + echo "Failed to get A record for $domain, HTTP status code was $http_code" + exit 1 +fi + +a_record=$(echo "$response" | head -n-1 | jq -r '.result[0].content') + +if [ -z "$expected_ip" ]; then + public_ip=$(curl -s "$ip_checker") +else + public_ip="$expected_ip" +fi + +if [ "$a_record" == "$public_ip" ]; then + echo "OK - $domain resolves to $public_ip" + exit 1 +else + echo "CRITICAL - $domain does not resolve to $public_ip. A Record: $a_record" + exit 2 +fi diff --git a/packages.txt b/packages.txt index 4ec3f62..2b3a770 100644 --- a/packages.txt +++ b/packages.txt @@ -7,3 +7,4 @@ curl recode python3-pip dnsutils +jq \ No newline at end of file