Class: Inspec::Resources::FreeBsdPorts

Inherits:
PortsInfo
  • Object
show all
Defined in:
lib/resources/port.rb

Overview

extracts information from sockstat

Direct Known Subclasses

SolarisPorts

Instance Attribute Summary

Attributes inherited from PortsInfo

#inspec

Instance Method Summary collapse

Methods inherited from PortsInfo

#initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::PortsInfo

Instance Method Details

#infoObject 



326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
 
# File 'lib/resources/port.rb', line 326

def info
  cmd = inspec.command('sockstat -46l')
  return nil if cmd.exit_status.to_i != 0

  ports = []
  # split on each newline
  cmd.stdout.each_line do |line|
    port_info = parse_sockstat_line(line)

    # push data, if not headerfile
    next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
    ports.push(port_info)
  end
  ports
end

#parse_net_address(net_addr, protocol) ⇒ Object 



342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
 
# File 'lib/resources/port.rb', line 342

def parse_net_address(net_addr, protocol)
  case protocol
  when 'tcp4', 'udp4', 'tcp', 'udp'
    # replace * with 0.0.0.0
    net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
    ip_addr = URI('addr://'+net_addr)
    host = ip_addr.host
    port = ip_addr.port
  when 'tcp6', 'udp6'
    return [] if net_addr == '*:*' # abort for now
    # replace * with 0:0:0:0:0:0:0:0
    net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if net_addr =~ /^*:(\d+)$/
    # extract port
    ip6 = /^(\S+):(\d+)$/.match(net_addr)
    ip6addr = ip6[1]
    ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
    # replace []
    host = ip_addr.host[1..ip_addr.host.size-2]
    port = ip_addr.port
  end
  [host, port]
rescue URI::InvalidURIError => e
  warn "Could not parse #{net_addr}, #{e}"
  nil
end

#parse_sockstat_line(line) ⇒ Object 



368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
 
# File 'lib/resources/port.rb', line 368

def parse_sockstat_line(line)
  # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
  parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
  return {} if parsed.nil?

  # extract ip information
  protocol = parsed[5].downcase
  host, port = parse_net_address(parsed[6], protocol)
  return {} if host.nil? or port.nil?

  # extract process
  process = parsed[2]

  # extract PID
  pid = parsed[3]
  pid = pid.to_i if pid =~ /^\d+$/

  # map tcp4 and udp4
  protocol = 'tcp' if protocol.eql?('tcp4')
  protocol = 'udp' if protocol.eql?('udp4')

  # map data
  {
    port: port,
    address: host,
    protocol: protocol,
    process: process,
    pid: pid,
  }
end