Re: Can Cfengine give me a list of TCP ports that are being listened on? (Like "lsof -i |grep LISTEN" ?)

Mon, 31 Jan 2011 23:30:21 -0800 

You can use montoring promises in Nova...


On 02/01/2011 08:28 AM, Aleksey Tsalolikhin wrote:
> Hi.  Three years ago, I wanted to use Cfengine 2 to monitor open ports.
> 
> I wanted to say, "This server A should have ports X, Y and Z open.
> If port W is open, it could be an intrusion, so sound the alarm."
> 
> I ended up using ExecResult and an external shell script:
> (https://cfengine.org/pipermail/help-cfengine/2007-December/002595.html )
> 
> I've just translated this to Cfengine 3. (see below)
> 
> Do you have any suggestions how to cfenginify this  more (i.e. do it
> more natively)?
> I'd love to get rid of the shell pipeline.  Can Cfengine give me a
> list of TCP ports that
> are listened on?  (Like "lsof -i |grep LISTEN" ?)
> ----------------
> 
> [cfengine00  inputs]# cat check_open_ports.cf
> body common control
> 
> {
> bundlesequence  => { "check_listening_ports"  };
> inputs  => { "cfengine_stdlib.cf"  };
> }
> 
> bundle agent check_listening_ports
> {
> vars:
> "listening_ports_and_processes" string => execresult("/usr/sbin/lsof
> -i -n -P | /bin/grep LISTEN | /bin/sed -e 's#*:##' | /bin/grep -v
> 127.0.0.1 | /bin/grep -v ::1 | /bin/awk '{print $8,$1}' | /bin/sort |
> /usr/bin/uniq | /bin/sort -n  | /usr/bin/xargs echo", "useshell");
> 
> vars:
> "listening_ports_and_processes_ideal_scene" string => "22 sshd 80
> httpd 443 httpd 5308 cf-server";
> 
> classes:
> "reality_does_not_match_ideal_scene" not =>
>     regcmp (
>               "$(listening_ports_and_processes)",
>               "$(listening_ports_and_processes_ideal_scene)"
>            );
> 
> reports:
>   reality_does_not_match_ideal_scene::
> "
> DANGER!!!
> DANGER!!!  Expected open ports and processes:
> $(listening_ports_and_processes_ideal_scene)
> DANGER!!!  Actual open ports and processes: $(listening_ports_and_processes)
> ";
> }
> 
> [cfengine00  inputs]# cf-agent -If ./check_open_ports.cf
> R:
> DANGER!!!
> DANGER!!!  Expected open ports and processes: 22 sshd 80 httpd 443
> httpd 5308 cf-server
> DANGER!!!  Actual open ports and processes: 22 sshd 80 httpd 443 httpd
> 3306 mysqld 5308 cf-server
> [cfengine00  inputs]#
> 
> -----------------------------------------------------------------------------------
> 
> Best,
> Aleksey
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to