Class: Inspec::Resources::FreeBsdPorts

Inherits:
PortsInfo
  • Object
show all
Defined in:
lib/inspec/resources/port.rb

Overview

extracts information from sockstat

Direct Known Subclasses

HpuxPorts, SolarisPorts

Instance Attribute Summary

Attributes inherited from PortsInfo

#inspec

Instance Method Summary collapse

Methods inherited from PortsInfo

#initialize

Constructor Details

This class inherits a constructor from Inspec::Resources::PortsInfo

Instance Method Details

#infoObject 



630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
 
# File 'lib/inspec/resources/port.rb', line 630

def info
  cmd = inspec.command("sockstat -46l")
  return nil if cmd.exit_status.to_i != 0

  ports = []
  # split on each newline
  cmd.stdout.each_line do |line|
    port_info = parse_sockstat_line(line)

    # push data, if not headerfile
    next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])

    ports.push(port_info)
  end
  ports
end

#parse_net_address(net_addr, protocol) ⇒ Object 



647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
 
# File 'lib/inspec/resources/port.rb', line 647

def parse_net_address(net_addr, protocol)
  case protocol
  when "tcp4", "udp4", "tcp", "udp"
    # replace * with 0.0.0.0
    net_addr = net_addr.gsub(/^\*:/, "0.0.0.0:") if net_addr =~ /^*:(\d+)$/
    ip_addr = URI("addr://" + net_addr)
    host = ip_addr.host
    port = ip_addr.port
  when "tcp6", "udp6"
    return [] if net_addr == "*:*" # abort for now

    # replace * with 0:0:0:0:0:0:0:0
    net_addr = net_addr.gsub(/^\*:/, "0:0:0:0:0:0:0:0:") if net_addr =~ /^*:(\d+)$/
    # extract port
    ip6 = /^(\S+):(\d+)$/.match(net_addr)
    ip6addr = ip6[1]
    ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
    # replace []
    host = ip_addr.host[1..ip_addr.host.size - 2]
    port = ip_addr.port
  end
  [host, port]
rescue URI::InvalidURIError => e
  warn "Could not parse #{net_addr}, #{e}"
  nil
end

#parse_sockstat_line(line) ⇒ Object 



674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
 
# File 'lib/inspec/resources/port.rb', line 674

def parse_sockstat_line(line)
  # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
  parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
  return {} if parsed.nil?

  # extract ip information
  protocol = parsed[5].downcase
  host, port = parse_net_address(parsed[6], protocol)
  return {} if host.nil? || port.nil?

  # extract process
  process = parsed[2]

  # extract PID
  pid = parsed[3]
  pid = pid.to_i if pid =~ /^\d+$/

  # map tcp4 and udp4
  protocol = "tcp" if protocol.eql?("tcp4")
  protocol = "udp" if protocol.eql?("udp4")

  {
    "port" => port,
    "address" => host,
    "protocol" => protocol,
    "process" => process,
    "pid" => pid,
  }
end