Class: Inspec::Resources::FreeBsdPorts

Inherits:
PortsInfo
  • Object
show all
Defined in:
lib/resources/port.rb

Overview

extracts information from sockstat

Direct Known Subclasses

HpuxPorts, SolarisPorts

Instance Attribute Summary

Attributes inherited from PortsInfo

#inspec

Instance Method Summary collapse

Methods inherited from PortsInfo

#initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::PortsInfo

Instance Method Details

#infoObject 



621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
 
# File 'lib/resources/port.rb', line 621

def info
  cmd = inspec.command('sockstat -46l')
  return nil if cmd.exit_status.to_i != 0

  ports = []
  # split on each newline
  cmd.stdout.each_line do |line|
    port_info = parse_sockstat_line(line)

    # push data, if not headerfile
    next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
    ports.push(port_info)
  end
  ports
end

#parse_net_address(net_addr, protocol) ⇒ Object 



637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
 
# File 'lib/resources/port.rb', line 637

def parse_net_address(net_addr, protocol)
  case protocol
  when 'tcp4', 'udp4', 'tcp', 'udp'
    # replace * with 0.0.0.0
    net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
    ip_addr = URI('addr://'+net_addr)
    host = ip_addr.host
    port = ip_addr.port
  when 'tcp6', 'udp6'
    return [] if net_addr == '*:*' # abort for now
    # replace * with 0:0:0:0:0:0:0:0
    net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if net_addr =~ /^*:(\d+)$/
    # extract port
    ip6 = /^(\S+):(\d+)$/.match(net_addr)
    ip6addr = ip6[1]
    ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
    # replace []
    host = ip_addr.host[1..ip_addr.host.size-2]
    port = ip_addr.port
  end
  [host, port]
rescue URI::InvalidURIError => e
  warn "Could not parse #{net_addr}, #{e}"
  nil
end

#parse_sockstat_line(line) ⇒ Object 



663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
 
# File 'lib/resources/port.rb', line 663

def parse_sockstat_line(line)
  # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
  parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
  return {} if parsed.nil?

  # extract ip information
  protocol = parsed[5].downcase
  host, port = parse_net_address(parsed[6], protocol)
  return {} if host.nil? or port.nil?

  # extract process
  process = parsed[2]

  # extract PID
  pid = parsed[3]
  pid = pid.to_i if pid =~ /^\d+$/

  # map tcp4 and udp4
  protocol = 'tcp' if protocol.eql?('tcp4')
  protocol = 'udp' if protocol.eql?('udp4')

  {
    'port'     => port,
    'address'  => host,
    'protocol' => protocol,
    'process'  => process,
    'pid'      => pid,
  }
end