Can Cfengine give me a list of TCP ports that are being listened on? (Like "lsof -i |grep LISTEN" ?)

Mon, 31 Jan 2011 23:28:49 -0800 

Hi.  Three years ago, I wanted to use Cfengine 2 to monitor open ports.

I wanted to say, "This server A should have ports X, Y and Z open.
If port W is open, it could be an intrusion, so sound the alarm."

I ended up using ExecResult and an external shell script:
(https://cfengine.org/pipermail/help-cfengine/2007-December/002595.html )

I've just translated this to Cfengine 3. (see below)

Do you have any suggestions how to cfenginify this  more (i.e. do it
more natively)?
I'd love to get rid of the shell pipeline.  Can Cfengine give me a
list of TCP ports that
are listened on?  (Like "lsof -i |grep LISTEN" ?)
----------------

[cfengine00  inputs]# cat check_open_ports.cf
body common control

{
bundlesequence  => { "check_listening_ports"  };
inputs  => { "cfengine_stdlib.cf"  };
}

bundle agent check_listening_ports
{
vars:
"listening_ports_and_processes" string => execresult("/usr/sbin/lsof
-i -n -P | /bin/grep LISTEN | /bin/sed -e 's#*:##' | /bin/grep -v
127.0.0.1 | /bin/grep -v ::1 | /bin/awk '{print $8,$1}' | /bin/sort |
/usr/bin/uniq | /bin/sort -n  | /usr/bin/xargs echo", "useshell");

vars:
"listening_ports_and_processes_ideal_scene" string => "22 sshd 80
httpd 443 httpd 5308 cf-server";

classes:
"reality_does_not_match_ideal_scene" not =>
    regcmp (
              "$(listening_ports_and_processes)",
              "$(listening_ports_and_processes_ideal_scene)"
           );

reports:
  reality_does_not_match_ideal_scene::
"
DANGER!!!
DANGER!!!  Expected open ports and processes:
$(listening_ports_and_processes_ideal_scene)
DANGER!!!  Actual open ports and processes: $(listening_ports_and_processes)
";
}

[cfengine00  inputs]# cf-agent -If ./check_open_ports.cf
R:
DANGER!!!
DANGER!!!  Expected open ports and processes: 22 sshd 80 httpd 443
httpd 5308 cf-server
DANGER!!!  Actual open ports and processes: 22 sshd 80 httpd 443 httpd
3306 mysqld 5308 cf-server
[cfengine00  inputs]#

-----------------------------------------------------------------------------------

Best,
Aleksey
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to