dns-monitor 0.1.4 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -1
- data/lib/dns/monitor/check.rb +1 -0
- data/lib/dns/monitor/database.rb +20 -4
- data/lib/dns/monitor/runner.rb +3 -0
- data/lib/dns/monitor/version.rb +1 -1
- metadata +2 -3
- data/test.sqlite3 +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bc60a21af3be2fcd941068194c3a95e3e34f8ea61ca6904abb7b0df308de6d51
|
4
|
+
data.tar.gz: d050420fb42ee563d65b39cbec271faa914396b1f8b0d45fbc86b623bb3a86f2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6496e84804826037339fc58c12de60415b56e6c48239579ba288f6df13fddbe1a46b08db84313f918a3cfbcdda8cfd9bfb494e2edf8ce593744f8cec8663754d
|
7
|
+
data.tar.gz: b3c27dad480792ddbad45fb897935a8eca0e7b6069a2a829997615f361678d3a700227cbe2de31eb9b72e1748f7cea33be00824aec45578e3364ffc7e7722eb2
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
# DNS::Monitor
|
2
2
|
|
3
|
-
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/dns-monitor.svg)](https://badge.fury.io/rb/dns-monitor)
|
4
|
+
|
5
|
+
The point of this gem is to monitor your hosts for (unwanted) DNS changes. The `dns-monitor` app is designed to be run as a CRON job. It takes a return-delimited text file listing domain names, and checks an [RDAP](https://www.icann.org/rdap) database (which you can specify) for JSON entries that match. You will get an error, optionally by GChat, if you encounter a changed entry.
|
4
6
|
|
5
7
|
If you don't think this is something you need, perhaps give [this article](https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/) a read.
|
6
8
|
|
data/lib/dns/monitor/check.rb
CHANGED
data/lib/dns/monitor/database.rb
CHANGED
@@ -13,7 +13,7 @@ module DNS
|
|
13
13
|
def check(domain, rdap)
|
14
14
|
return if domain.nil? || rdap.nil?
|
15
15
|
|
16
|
-
changes = diff(most_recent(domain).rdap, rdap)
|
16
|
+
changes = diff((most_recent(domain).rdap || '{}'), rdap)
|
17
17
|
|
18
18
|
if changes.empty?
|
19
19
|
Check.new domain, :ok
|
@@ -29,10 +29,13 @@ module DNS
|
|
29
29
|
end
|
30
30
|
|
31
31
|
# Compare two different RDAP values
|
32
|
-
# NOTE: We have to do a JSON conversion
|
33
|
-
#
|
32
|
+
# NOTE: We have to do a JSON conversion to compare instead of
|
33
|
+
# String, because the values come back from the server in arbitrary JSON
|
34
|
+
# key order.
|
34
35
|
def diff(previous_rdap, rdap)
|
35
|
-
|
36
|
+
# easy_diff returns [added, removed] hashes, we want "removed"
|
37
|
+
changes = JSON.parse(previous_rdap).easy_diff(JSON.parse(rdap)).last
|
38
|
+
filter_noisy_keys(changes)
|
36
39
|
end
|
37
40
|
|
38
41
|
# Return all entries for a given domain as a Domain struct
|
@@ -41,6 +44,19 @@ module DNS
|
|
41
44
|
query {|db| db.execute(sql, [domain]) }.map{ |row| Domain.new(*row) }
|
42
45
|
end
|
43
46
|
|
47
|
+
def filter_noisy_keys(changes)
|
48
|
+
# We get a lot of "last update of RDAP" events which aren't something
|
49
|
+
# we need notifications about. Remove those.
|
50
|
+
# WARNING: mutation follows
|
51
|
+
if changes.fetch('events', false)
|
52
|
+
changes['events'] = changes['events'].reject do |event|
|
53
|
+
event.fetch('eventAction', '').match?(/last update of RDAP/i)
|
54
|
+
end
|
55
|
+
changes.delete('events') if changes['events'].empty?
|
56
|
+
end
|
57
|
+
changes
|
58
|
+
end
|
59
|
+
|
44
60
|
# Just the latest entry plz
|
45
61
|
def most_recent(domain)
|
46
62
|
entries(domain).first || Domain.new
|
data/lib/dns/monitor/runner.rb
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
module DNS
|
2
2
|
module Monitor
|
3
3
|
class Runner
|
4
|
+
# The "Runner" is the back-end for the command-line utility
|
4
5
|
def initialize(params)
|
5
6
|
@params = params
|
6
7
|
end
|
7
8
|
|
9
|
+
# This is the main action we do with this app - check all of the domains
|
8
10
|
def check
|
9
11
|
begin
|
10
12
|
domains = File.read(@params[:domains_path]).split
|
@@ -31,6 +33,7 @@ module DNS
|
|
31
33
|
end
|
32
34
|
end
|
33
35
|
|
36
|
+
# This is an alternative app action - check the history for a particular domain.
|
34
37
|
def entries
|
35
38
|
STDOUT.puts db.entries(@params[:domain]).map{|row| row.to_parsed_h}.to_json
|
36
39
|
end
|
data/lib/dns/monitor/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dns-monitor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Donald Merand
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-01-
|
11
|
+
date: 2020-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -126,7 +126,6 @@ files:
|
|
126
126
|
- lib/dns/monitor/mandrill.rb
|
127
127
|
- lib/dns/monitor/runner.rb
|
128
128
|
- lib/dns/monitor/version.rb
|
129
|
-
- test.sqlite3
|
130
129
|
homepage: https://github.com/exploration/dns-monitor
|
131
130
|
licenses:
|
132
131
|
- MIT
|
data/test.sqlite3
DELETED
Binary file
|