class Inspec::Resources::FreeBsdPorts

extracts information from sockstat

Public Instance Methods

info() click to toggle source
# File lib/inspec/resources/port.rb, line 636
def info
  cmd = inspec.command("sockstat -46l")
  return nil if cmd.exit_status.to_i != 0

  ports = []
  # split on each newline
  cmd.stdout.each_line do |line|
    port_info = parse_sockstat_line(line)

    # push data, if not headerfile
    next unless %w{tcp tcp6 udp udp6}.include?(port_info["protocol"])

    ports.push(port_info)
  end
  ports
end
parse_net_address(net_addr, protocol) click to toggle source
# File lib/inspec/resources/port.rb, line 653
def parse_net_address(net_addr, protocol)
  case protocol
  when "tcp4", "udp4", "tcp", "udp"
    # replace * with 0.0.0.0
    net_addr = net_addr.gsub(/^\*:/, "0.0.0.0:") if net_addr =~ /^*:(\d+)$/
    ip_addr = URI("addr://" + net_addr)
    host = ip_addr.host
    port = ip_addr.port
  when "tcp6", "udp6"
    return [] if net_addr == "*:*" # abort for now

    # replace * with 0:0:0:0:0:0:0:0
    net_addr = net_addr.gsub(/^\*:/, "0:0:0:0:0:0:0:0:") if net_addr =~ /^*:(\d+)$/
    # extract port
    ip6 = /^(\S+):(\d+)$/.match(net_addr)
    ip6addr = ip6[1]
    ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
    # replace []
    host = ip_addr.host[1..ip_addr.host.size - 2]
    port = ip_addr.port
  end
  [host, port]
rescue URI::InvalidURIError => e
  warn "Could not parse #{net_addr}, #{e}"
  nil
end
parse_sockstat_line(line) click to toggle source
# File lib/inspec/resources/port.rb, line 680
def parse_sockstat_line(line)
  # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
  parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
  return {} if parsed.nil?

  # extract ip information
  protocol = parsed[5].downcase
  host, port = parse_net_address(parsed[6], protocol)
  return {} if host.nil? || port.nil?

  # extract process
  process = parsed[2]

  # extract PID
  pid = parsed[3]
  pid = pid.to_i if pid =~ /^\d+$/

  # map tcp4 and udp4
  protocol = "tcp" if protocol.eql?("tcp4")
  protocol = "udp" if protocol.eql?("udp4")

  {
    "port" => port,
    "address" => host,
    "protocol" => protocol,
    "process" => process,
    "pid" => pid,
  }
end