#!/bin/bash
#
# Nagios check for bad domains in httpd.conf and /var/named/*.db
#

file_patterns="/usr/local/nagios/etc/phishing_domains"
file_whitelist="/usr/local/nagios/etc/phishing_whitelist"
httpd_conf="/usr/local/apache/conf/httpd.conf"

bad_dom=''
a=`grep -f $file_patterns $httpd_conf | grep -E "ServerName|ServerAlias" | grep -v -f $file_whitelist|awk '{print $2}'`
#echo "httpd.conf has been checked"
if [ -n "$a" ]
then
        #echo "Found: $a"
        bad_dom="$bad_dom : $a"
fi

b=`grep -f $file_patterns /var/named/* | grep -v -E "SOA|Zone file|MX" | grep -v -f $file_whitelist`
#echo "Zone files have been checked"
if [ -n "$b" ]
then
        #echo "Found: $b"
        bad_dom="$bad_dom : $b"
fi

if [ -n "$bad_dom" ]
then
     echo "CRITICAL - FOUND: $bad_dom"
     exit 2
else
     echo "OK: pattern not found"
     exit 0
fi
