dns-monitor 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -1
- data/lib/dns/monitor/check.rb +1 -0
- data/lib/dns/monitor/database.rb +20 -4
- data/lib/dns/monitor/runner.rb +3 -0
- data/lib/dns/monitor/version.rb +1 -1
- metadata +2 -3
- data/test.sqlite3 +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc60a21af3be2fcd941068194c3a95e3e34f8ea61ca6904abb7b0df308de6d51
|
|
4
|
+
data.tar.gz: d050420fb42ee563d65b39cbec271faa914396b1f8b0d45fbc86b623bb3a86f2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6496e84804826037339fc58c12de60415b56e6c48239579ba288f6df13fddbe1a46b08db84313f918a3cfbcdda8cfd9bfb494e2edf8ce593744f8cec8663754d
|
|
7
|
+
data.tar.gz: b3c27dad480792ddbad45fb897935a8eca0e7b6069a2a829997615f361678d3a700227cbe2de31eb9b72e1748f7cea33be00824aec45578e3364ffc7e7722eb2
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# DNS::Monitor
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[](https://badge.fury.io/rb/dns-monitor)
|
|
4
|
+
|
|
5
|
+
The point of this gem is to monitor your hosts for (unwanted) DNS changes. The `dns-monitor` app is designed to be run as a CRON job. It takes a return-delimited text file listing domain names, and checks an [RDAP](https://www.icann.org/rdap) database (which you can specify) for JSON entries that match. You will get an error, optionally by GChat, if you encounter a changed entry.
|
|
4
6
|
|
|
5
7
|
If you don't think this is something you need, perhaps give [this article](https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/) a read.
|
|
6
8
|
|
data/lib/dns/monitor/check.rb
CHANGED
data/lib/dns/monitor/database.rb
CHANGED
|
@@ -13,7 +13,7 @@ module DNS
|
|
|
13
13
|
def check(domain, rdap)
|
|
14
14
|
return if domain.nil? || rdap.nil?
|
|
15
15
|
|
|
16
|
-
changes = diff(most_recent(domain).rdap, rdap)
|
|
16
|
+
changes = diff((most_recent(domain).rdap || '{}'), rdap)
|
|
17
17
|
|
|
18
18
|
if changes.empty?
|
|
19
19
|
Check.new domain, :ok
|
|
@@ -29,10 +29,13 @@ module DNS
|
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
# Compare two different RDAP values
|
|
32
|
-
# NOTE: We have to do a JSON conversion
|
|
33
|
-
#
|
|
32
|
+
# NOTE: We have to do a JSON conversion to compare instead of
|
|
33
|
+
# String, because the values come back from the server in arbitrary JSON
|
|
34
|
+
# key order.
|
|
34
35
|
def diff(previous_rdap, rdap)
|
|
35
|
-
|
|
36
|
+
# easy_diff returns [added, removed] hashes, we want "removed"
|
|
37
|
+
changes = JSON.parse(previous_rdap).easy_diff(JSON.parse(rdap)).last
|
|
38
|
+
filter_noisy_keys(changes)
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
# Return all entries for a given domain as a Domain struct
|
|
@@ -41,6 +44,19 @@ module DNS
|
|
|
41
44
|
query {|db| db.execute(sql, [domain]) }.map{ |row| Domain.new(*row) }
|
|
42
45
|
end
|
|
43
46
|
|
|
47
|
+
def filter_noisy_keys(changes)
|
|
48
|
+
# We get a lot of "last update of RDAP" events which aren't something
|
|
49
|
+
# we need notifications about. Remove those.
|
|
50
|
+
# WARNING: mutation follows
|
|
51
|
+
if changes.fetch('events', false)
|
|
52
|
+
changes['events'] = changes['events'].reject do |event|
|
|
53
|
+
event.fetch('eventAction', '').match?(/last update of RDAP/i)
|
|
54
|
+
end
|
|
55
|
+
changes.delete('events') if changes['events'].empty?
|
|
56
|
+
end
|
|
57
|
+
changes
|
|
58
|
+
end
|
|
59
|
+
|
|
44
60
|
# Just the latest entry plz
|
|
45
61
|
def most_recent(domain)
|
|
46
62
|
entries(domain).first || Domain.new
|
data/lib/dns/monitor/runner.rb
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
module DNS
|
|
2
2
|
module Monitor
|
|
3
3
|
class Runner
|
|
4
|
+
# The "Runner" is the back-end for the command-line utility
|
|
4
5
|
def initialize(params)
|
|
5
6
|
@params = params
|
|
6
7
|
end
|
|
7
8
|
|
|
9
|
+
# This is the main action we do with this app - check all of the domains
|
|
8
10
|
def check
|
|
9
11
|
begin
|
|
10
12
|
domains = File.read(@params[:domains_path]).split
|
|
@@ -31,6 +33,7 @@ module DNS
|
|
|
31
33
|
end
|
|
32
34
|
end
|
|
33
35
|
|
|
36
|
+
# This is an alternative app action - check the history for a particular domain.
|
|
34
37
|
def entries
|
|
35
38
|
STDOUT.puts db.entries(@params[:domain]).map{|row| row.to_parsed_h}.to_json
|
|
36
39
|
end
|
data/lib/dns/monitor/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dns-monitor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Donald Merand
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-01-
|
|
11
|
+
date: 2020-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -126,7 +126,6 @@ files:
|
|
|
126
126
|
- lib/dns/monitor/mandrill.rb
|
|
127
127
|
- lib/dns/monitor/runner.rb
|
|
128
128
|
- lib/dns/monitor/version.rb
|
|
129
|
-
- test.sqlite3
|
|
130
129
|
homepage: https://github.com/exploration/dns-monitor
|
|
131
130
|
licenses:
|
|
132
131
|
- MIT
|
data/test.sqlite3
DELETED
|
Binary file
|