dns-monitor 0.1.4 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9747d0406d551004a09261b0963a7404f2656cd8a33d0dcdc93be963cf84a70
-  data.tar.gz: e6256a7d5182cdce76f44ce912438da8ac2b4ea53ec15249a3e69f9047bea3fb
+  metadata.gz: bc60a21af3be2fcd941068194c3a95e3e34f8ea61ca6904abb7b0df308de6d51
+  data.tar.gz: d050420fb42ee563d65b39cbec271faa914396b1f8b0d45fbc86b623bb3a86f2
 SHA512:
-  metadata.gz: 681d88adfc5c206241bb672e7ee5eaff1f8b93e3093239867c159a603b894adc9fad9125b88cfb55ea1038c4f0927ebeae229da94e140ed9b7b29fcd52d54cd4
-  data.tar.gz: 731dde7868fb67b0a5a1002a8d219df547328ef2fa976dce258639d158ac6e001b4859b4cdecfb8be5986e33d7fa194d7737178fd2fe612163167e6578dee2f2
+  metadata.gz: 6496e84804826037339fc58c12de60415b56e6c48239579ba288f6df13fddbe1a46b08db84313f918a3cfbcdda8cfd9bfb494e2edf8ce593744f8cec8663754d
+  data.tar.gz: b3c27dad480792ddbad45fb897935a8eca0e7b6069a2a829997615f361678d3a700227cbe2de31eb9b72e1748f7cea33be00824aec45578e3364ffc7e7722eb2

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    dns-monitor (0.1.3)
+    dns-monitor (0.1.6)
       easy_diff (~> 1.0.0)
       sqlite3 (~> 1.4.2)
 

data/README.md

@@ -1,6 +1,8 @@
 # DNS::Monitor
 
-The point of this gem is to monitor your hosts for (unwanted) DNS changes. The executable `dns-monitor` file is designed to be run as a CRON job. It takes a return-delimited text file listing domain names, and checks an RDAP database (which you can specify) for JSON entries that match. You will get an error, optionally by GChat, if you encounter a changed entry.
+[![Gem Version](https://badge.fury.io/rb/dns-monitor.svg)](https://badge.fury.io/rb/dns-monitor)
+
+The point of this gem is to monitor your hosts for (unwanted) DNS changes. The `dns-monitor` app is designed to be run as a CRON job. It takes a return-delimited text file listing domain names, and checks an [RDAP](https://www.icann.org/rdap) database (which you can specify) for JSON entries that match. You will get an error, optionally by GChat, if you encounter a changed entry.
 
 If you don't think this is something you need, perhaps give [this article](https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/) a read.
 

data/lib/dns/monitor/check.rb

@@ -1,6 +1,7 @@
 module DNS
   module Monitor
     class Check
+      # A "Check" is an encapsulated domain query result.
       def initialize(domain, status, diff={})
         @diff = diff
         @domain = domain

data/lib/dns/monitor/database.rb

@@ -13,7 +13,7 @@ module DNS
       def check(domain, rdap)
         return if domain.nil? || rdap.nil?
 
-        changes = diff(most_recent(domain).rdap, rdap)
+        changes = diff((most_recent(domain).rdap || '{}'), rdap)
 
         if changes.empty?
           Check.new domain, :ok
@@ -29,10 +29,13 @@ module DNS
       end
 
       # Compare two different RDAP values
-      # NOTE: We have to do a JSON conversion because the values come
-      #   back from the server in arbitrary JSON key order.
+      # NOTE: We have to do a JSON conversion to compare instead of
+      # String, because the values come back from the server in arbitrary JSON
+      # key order.
       def diff(previous_rdap, rdap)
-        JSON.parse(previous_rdap).easy_diff(JSON.parse(rdap)).last
+        # easy_diff returns [added, removed] hashes, we want "removed"
+        changes = JSON.parse(previous_rdap).easy_diff(JSON.parse(rdap)).last
+        filter_noisy_keys(changes)
       end
 
       # Return all entries for a given domain as a Domain struct
@@ -41,6 +44,19 @@ module DNS
         query {|db| db.execute(sql, [domain]) }.map{ |row| Domain.new(*row) }
       end
 
+      def filter_noisy_keys(changes)
+        # We get a lot of "last update of RDAP" events which aren't something
+        # we need notifications about. Remove those.
+        # WARNING: mutation follows
+        if changes.fetch('events', false)
+          changes['events'] = changes['events'].reject do |event|
+            event.fetch('eventAction', '').match?(/last update of RDAP/i)
+          end
+          changes.delete('events') if changes['events'].empty?
+        end
+        changes
+      end
+
       # Just the latest entry plz
       def most_recent(domain)
         entries(domain).first || Domain.new

data/lib/dns/monitor/runner.rb

@@ -1,10 +1,12 @@
 module DNS
   module Monitor
     class Runner
+      # The "Runner" is the back-end for the command-line utility
       def initialize(params)
         @params = params
       end
 
+      # This is the main action we do with this app - check all of the domains
       def check
         begin
           domains = File.read(@params[:domains_path]).split
@@ -31,6 +33,7 @@ module DNS
         end
       end
 
+      # This is an alternative app action - check the history for a particular domain.
       def entries
         STDOUT.puts db.entries(@params[:domain]).map{|row| row.to_parsed_h}.to_json
       end

data/lib/dns/monitor/version.rb

@@ -1,5 +1,5 @@
 module DNS
   module Monitor
-    VERSION = "0.1.4"
+    VERSION = "0.1.6"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dns-monitor
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.6
 platform: ruby
 authors:
 - Donald Merand
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-01-28 00:00:00.000000000 Z
+date: 2020-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -126,7 +126,6 @@ files:
 - lib/dns/monitor/mandrill.rb
 - lib/dns/monitor/runner.rb
 - lib/dns/monitor/version.rb
-- test.sqlite3
 homepage: https://github.com/exploration/dns-monitor
 licenses:
 - MIT