Method: Inspec::Resources::AixPorts#parse_netstat_line

Defined in:
lib/resources/port.rb

#parse_netstat_line(line) ⇒ Object 



295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
 
# File 'lib/resources/port.rb', line 295

def parse_netstat_line(line)
  # parse each line
  # 1 - Socket, 2 - Proto, 3 - Receive-Q, 4 - Send-Q, 5 - Local address, 6 - Foreign Address, 7 - State
  parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?\s+(\S+)/.match(line)
  return {} if parsed.nil?

  # parse ip4 and ip6 addresses
  protocol = parsed[2].downcase

  # detect protocol if not provided
  protocol += '6' if parsed[5].count(':') > 1 && %w{tcp udp}.include?(protocol)
  protocol.chop! if %w{tcp4 upd4}.include?(protocol)

  # extract host and port information
  host, port = parse_net_address(parsed[5], protocol)
  return {} if host.nil?

  # extract PID
  cmd = inspec.command("rmsock #{parsed[1]} tcpcb")
  parsed_pid = /^The socket (\S+) is being held by proccess (\d+) \((\S+)\)/.match(cmd.stdout)
  return {} if parsed_pid.nil?
  process = parsed_pid[3]
  pid = parsed_pid[2]
  pid = pid.to_i if pid =~ /^\d+$/

  {
    'port'     => port,
    'address'  => host,
    'protocol' => protocol,
    'process'  => process,
    'pid'      => pid,
  }
end