add check_external_ip_dynamic, delete auto-acknowledge-apt.py
This commit is contained in:
parent
78c809bc72
commit
ea48471215
|
|
@ -1,32 +0,0 @@
|
||||||
import argparse
|
|
||||||
import json
|
|
||||||
import time
|
|
||||||
|
|
||||||
import requests
|
|
||||||
from urllib3.exceptions import InsecureRequestWarning
|
|
||||||
|
|
||||||
parser = argparse.ArgumentParser(description='Check OPNsense network traffic for a host.')
|
|
||||||
parser.add_argument('--api', required=True, help='Full URL to your Icinga2 API.')
|
|
||||||
parser.add_argument('--user', required=True, help='API username.')
|
|
||||||
parser.add_argument('--password', required=True, help='API password.')
|
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
# Acknowledge all services that meet this filter.
|
|
||||||
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
|
||||||
payload = {
|
|
||||||
"type": "Service",
|
|
||||||
"filter": "service.name == \"apt\" && service.acknowledgement == 0",
|
|
||||||
"author": "Auto-Acknowledgement Script",
|
|
||||||
"comment": "This alert has been automatically acknowledged.",
|
|
||||||
"notify": True,
|
|
||||||
"pretty": True
|
|
||||||
}
|
|
||||||
|
|
||||||
while True:
|
|
||||||
response = requests.post(f'{args.api}/v1/actions/acknowledge-problem', headers={"Accept": "application/json"}, auth=(args.user, args.password), data=json.dumps(payload), verify=False)
|
|
||||||
if response.status_code == 200:
|
|
||||||
print("All pending alerts have been acknowledged.")
|
|
||||||
else:
|
|
||||||
print("Failed to acknowledge the alerts. Status code:", response.status_code)
|
|
||||||
print(response.text)
|
|
||||||
time.sleep(60)
|
|
||||||
|
|
@ -0,0 +1,52 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
echo "Usage: $0 -i <IP checker service> -d <domain to resolve> -r <DNS server to query>"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
IP_CHECKER=""
|
||||||
|
DOMAIN=""
|
||||||
|
DNS_SERVER=""
|
||||||
|
|
||||||
|
while getopts "i:d:r:" opt; do
|
||||||
|
case ${opt} in
|
||||||
|
i )
|
||||||
|
IP_CHECKER=$OPTARG
|
||||||
|
;;
|
||||||
|
d )
|
||||||
|
DOMAIN=$OPTARG
|
||||||
|
;;
|
||||||
|
r )
|
||||||
|
DNS_SERVER=$OPTARG
|
||||||
|
;;
|
||||||
|
\? )
|
||||||
|
echo "Invalid option: $OPTARG" 1>&2
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
: )
|
||||||
|
echo "Invalid option: $OPTARG requires an argument" 1>&2
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
shift $((OPTIND -1))
|
||||||
|
|
||||||
|
if [ -z "$IP_CHECKER" ] || [ -z "$DOMAIN" ] || [ -z "$DNS_SERVER" ]; then
|
||||||
|
echo "All parameters are required"
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
CURRENT_IP=$(curl -s "$IP_CHECKER")
|
||||||
|
RESOLVED_IP=$(dig +short @$DNS_SERVER $DOMAIN | head -n 1)
|
||||||
|
|
||||||
|
if [ "$CURRENT_IP" == "$RESOLVED_IP" ]; then
|
||||||
|
echo "OK - $DOMAIN resolves to $CURRENT_IP"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "CRITICAL - $DOMAIN does not resolve to $CURRENT_IP. Resolved: $RESOLVED_IP"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1,71 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Function to display usage
|
||||||
|
usage() {
|
||||||
|
echo "Usage: $0 -d domain -u email -k key -i ip_checker"
|
||||||
|
echo " -d The domain to check"
|
||||||
|
echo " -u The Cloudflare email"
|
||||||
|
echo " -k The Cloudflare API key"
|
||||||
|
echo " -i The IP checker service URL"
|
||||||
|
echo " -e The expected IP of the domain. Optional, use instead of -i"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
expected_ip=""
|
||||||
|
|
||||||
|
while getopts d:u:k:i:e: flag
|
||||||
|
do
|
||||||
|
case "${flag}" in
|
||||||
|
d) domain=${OPTARG};;
|
||||||
|
u) email=${OPTARG};;
|
||||||
|
k) key=${OPTARG};;
|
||||||
|
i) ip_checker=${OPTARG};;
|
||||||
|
e) expected_ip=${OPTARG};;
|
||||||
|
*) usage;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Check that all arguments were provided
|
||||||
|
if [ -z "$domain" ] || [ -z "$email" ] || [ -z "$key" ] || [ -z "$ip_checker" ]; then
|
||||||
|
usage
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get the zone id for the domain
|
||||||
|
response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones?name=$domain" \
|
||||||
|
-H "Authorization: Bearer $key" \
|
||||||
|
-H "Content-Type: application/json")
|
||||||
|
|
||||||
|
http_code=$(echo "$response" | tail -n1)
|
||||||
|
if [ "$http_code" != "200" ]; then
|
||||||
|
echo "Failed to get zone id for $domain, HTTP status code was $http_code"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
zone_id=$(echo "$response" | head -n-1 | jq -r '.result[0].id')
|
||||||
|
|
||||||
|
# Get the A record for the domain
|
||||||
|
response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records?type=A&name=$domain" \
|
||||||
|
-H "Authorization: Bearer $key" \
|
||||||
|
-H "Content-Type: application/json")
|
||||||
|
|
||||||
|
http_code=$(echo "$response" | tail -n1)
|
||||||
|
if [ "$http_code" != "200" ]; then
|
||||||
|
echo "Failed to get A record for $domain, HTTP status code was $http_code"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
a_record=$(echo "$response" | head -n-1 | jq -r '.result[0].content')
|
||||||
|
|
||||||
|
if [ -z "$expected_ip" ]; then
|
||||||
|
public_ip=$(curl -s "$ip_checker")
|
||||||
|
else
|
||||||
|
public_ip="$expected_ip"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$a_record" == "$public_ip" ]; then
|
||||||
|
echo "OK - $domain resolves to $public_ip"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "CRITICAL - $domain does not resolve to $public_ip. A Record: $a_record"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
@ -7,3 +7,4 @@ curl
|
||||||
recode
|
recode
|
||||||
python3-pip
|
python3-pip
|
||||||
dnsutils
|
dnsutils
|
||||||
|
jq
|
||||||
Loading…
Reference in New Issue