Home Directory Plugins Email and Groupware Postfix Barracuda Reputation Alert

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me
Don't miss your chance to attend the 2014 Nagios World conference!

Don't miss your chance to attend the 2014 Nagios World Conference, Oct 13-16th. Informative Sessions, Networking, Food and Cocktails! Visit go.nagios.com/conference/ for more information or to register.


Barracuda Reputation Alert

Bookmark and Share

Current Version
1.0
Last Release Date
2013-05-08
Compatible With
  • Nagios 3.x
Owner
E-mail
License
GPL
Hits
15281
Files:
FileDescription
cudacheckcudacheck python script
The Barracuda Networks RBL can be a hassle to deal with. While not frequent some of my servers end up on the Barracuda RBL and I wanted a pro-active way to monitor this.

This script checks postfix log files for Barracuda reputation / RBL issues and alerts when found. Includes IP address in alert to simplify removal request process.

On occasion you may see false positives from Barracuda devices with an out of date RBL list.
**Written in Python 2.7.4 and currently in production on v2.7.4 and v2.6. No other versions of Python have been tested**

Place the 'cudacheck' file in /usr/lib(64)/nagios/plugins directory and ensure the permissions allow it to be executed. Add a command entry in /etc/nagios/nrpe.cfg to allow nagios to run the script with check_nrpe.

## define service on Nagios server ##
define service{
use linux-service
hosts
normal_check_interval 120
notification_interval 120
service_description Barracuda Reputation
check_command check_nrpe!check_cuda
}

There is no reason to run this check more often than the cutofftime set in the script. Ensure the normal_check_interval and notification_interval match the cutofftime. Default cutofftime is 2 hours. If you modified your default Nagios interval to something other than 60 seconds you'll need to account for that.

## SELinux Considerations ##
I have found two solutions for running this check with SELinux enabled:

1 - Permit the NRPE/Nagios user to execute the script with sudo rights

2 - Create a group for reading the mail logs, set the group and permissions on the log file and add the NRPE / Nagios user to the new group. The commands to complete these steps are below.
- groupadd newgroup
- usermod -a -G newgroup nrpe (or nagios depending on which user/group is set in your /etc/nagios/nrpe.conf)
- chown root.newgroup /var/log/maillog
- chmod 0640 /var/log/maillog

With option 2 you may need to write a script that monitors the permission and group settings of your log files and run it with a cronjob.

**EDIT**
The first version of this script included an error. The var "cutofftime" was originally called "twohoursago" and there were still references to that in the script. The current version of the file should not have this issue.
Reviews (1)
receive back all status ok, even for IP with poor reputation if we check directly from http://www.barracudacentral.org/lookups/lookup-reputation

Barracuda Reputation - OK