2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
|
|
|
|
require "inspec/resource"
|
|
|
|
|
require "inspec/resources/port"
|
2015-09-23 13:19:48 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "Inspec::Resources::Port" do
|
2021-09-30 09:33:11 +00:00
|
|
|
it "verify port on Ubuntu" do
|
|
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", 22)
|
2015-09-23 13:19:48 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2015-12-08 12:46:20 +00:00
|
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.pids).must_equal [1222]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["sshd"]
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
2015-09-23 13:19:48 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "lists all ports" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port")
|
2017-11-13 17:06:01 +00:00
|
|
|
_(resource.entries.length).must_equal 9
|
2016-05-31 01:08:59 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.protocols).must_equal %w{ udp tcp tcp6 }
|
2017-10-17 12:45:37 +00:00
|
|
|
_(resource.pids).must_equal [1146, 1222, 1722, 579]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal %w{dhclient sshd java nginx sendmail}
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "10.0.2.15", "fe80::a00:27ff:fe32:ed09", "::"]
|
2016-05-31 01:08:59 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "filter ports by conditions" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port").where { protocol =~ /udp/i }
|
2016-05-31 01:08:59 +00:00
|
|
|
_(resource.entries.length).must_equal 1
|
|
|
|
|
_(resource.listening?).must_equal true
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["udp"]
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.pids).must_equal [1146]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["dhclient"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2016-05-31 01:08:59 +00:00
|
|
|
end
|
|
|
|
|
|
2021-09-30 09:33:11 +00:00
|
|
|
it "verify UDP port on Ubuntu" do
|
|
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", 68)
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.entries.length).must_equal 1
|
2016-01-14 21:05:22 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["udp"]
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.pids).must_equal [1146]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["dhclient"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2016-08-05 11:35:39 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "accepts the port as a string" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", "68")
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.entries.length).must_equal 1
|
2016-08-05 11:35:39 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["udp"]
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.pids).must_equal [1146]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["dhclient"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2016-01-14 21:05:22 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "properly handles multiple processes using one fd" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", "80")
|
2017-10-17 12:45:37 +00:00
|
|
|
_(resource.entries.length).must_equal 1
|
|
|
|
|
_(resource.listening?).must_equal true
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["tcp"]
|
2017-10-17 12:45:37 +00:00
|
|
|
_(resource.pids).must_equal [579]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["nginx"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2017-10-17 12:45:37 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "properly handles a IPv4 address in a v6 listing" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", 9200)
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.addresses).must_equal ["10.0.2.15", "fe80::a00:27ff:fe32:ed09"]
|
2017-03-03 16:10:41 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on Alpine Linux without iproute2 installed" do
|
|
|
|
|
resource = MockLoader.new(:alpine).load_resource("port", 22)
|
2018-09-26 02:40:05 +00:00
|
|
|
_(resource.listening?).must_equal true
|
|
|
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
|
|
|
_(resource.pids).must_equal [1]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["sshd"]
|
2018-09-26 02:40:05 +00:00
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on MacOs x" do
|
2020-07-01 22:35:23 +00:00
|
|
|
resource = MockLoader.new(:macos10_10).load_resource("port", 2022)
|
2015-09-23 13:21:25 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.pids).must_equal [6835]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["tcp"]
|
|
|
|
|
_(resource.processes).must_equal ["VBoxHeadl"]
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["127.0.0.1"]
|
2015-09-23 13:21:25 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on Windows 2012r2" do
|
|
|
|
|
resource = MockLoader.new(:windows).load_resource("port", 135)
|
2015-09-23 13:22:31 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.pids).must_equal [564]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["tcp"]
|
|
|
|
|
_(resource.processes).must_equal ["RpcSs"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
2016-08-12 13:18:43 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify SSL port on Windows 2012r2" do
|
|
|
|
|
resource = MockLoader.new(:windows).load_resource("port", 443)
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.listening?).must_equal true
|
|
|
|
|
_(resource.pids).must_equal [4]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["tcp"]
|
|
|
|
|
_(resource.processes).must_equal ["System"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
2016-08-12 13:18:43 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify syslog port on Windows 2012r2" do
|
|
|
|
|
resource = MockLoader.new(:windows).load_resource("port", 514)
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.listening?).must_equal true
|
|
|
|
|
_(resource.pids).must_equal [1120]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["udp"]
|
|
|
|
|
_(resource.processes).must_equal ["Syslogd_Service.exe"]
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2016-08-12 13:18:43 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify not listening port on Windows" do
|
|
|
|
|
resource = MockLoader.new(:windows).load_resource("port", 666)
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.listening?).must_equal false
|
|
|
|
|
_(resource.addresses).must_equal []
|
|
|
|
|
_(resource.protocols).must_equal []
|
2016-05-11 21:21:22 +00:00
|
|
|
_(resource.processes).must_equal []
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.addresses).must_equal []
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify all ports on Windows 2012r2" do
|
|
|
|
|
resource = MockLoader.new(:windows).load_resource("port")
|
2019-09-30 22:31:55 +00:00
|
|
|
_(resource.entries.length).must_equal 49
|
|
|
|
|
_(resource.protocols("tcp").entries.length).must_equal 34
|
|
|
|
|
_(resource.protocols("udp").entries.length).must_equal 15
|
2015-09-23 13:22:31 +00:00
|
|
|
end
|
|
|
|
|
|
2021-08-30 23:49:46 +00:00
|
|
|
it "verify port on Windows 2008 (unprivileged)" do
|
2016-07-21 12:16:34 +00:00
|
|
|
ml = MockLoader.new(:windows)
|
|
|
|
|
# kill windows 2012 shell commands
|
|
|
|
|
ml.backend.backend.commands
|
2019-06-11 22:24:35 +00:00
|
|
|
.select { |k, _| k.start_with? "Get-NetTCPConnection" }
|
|
|
|
|
.values.each { |r| r.stdout = "" }
|
2016-07-21 12:16:34 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
resource = ml.load_resource("port", 135)
|
2016-07-21 12:16:34 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2016-08-12 13:18:43 +00:00
|
|
|
_(resource.pids).must_equal [564]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.protocols).must_equal ["tcp"]
|
|
|
|
|
_(resource.processes).must_equal ["RpcSs"]
|
2016-07-21 12:16:34 +00:00
|
|
|
_(resource.addresses).must_equal %w{0.0.0.0 ::}
|
|
|
|
|
end
|
|
|
|
|
|
2021-08-30 23:49:46 +00:00
|
|
|
it "verify port list on Windows 2008 (unprivileged)" do
|
2016-07-21 12:16:34 +00:00
|
|
|
ml = MockLoader.new(:windows)
|
|
|
|
|
# kill windows 2012 shell commands
|
|
|
|
|
ml.backend.backend.commands
|
2019-06-11 22:24:35 +00:00
|
|
|
.select { |k, _| k.start_with? "Get-NetTCPConnection" }
|
|
|
|
|
.values.each { |r| r.stdout = "" }
|
2016-07-21 12:16:34 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
resource = ml.load_resource("port")
|
2019-09-30 22:31:55 +00:00
|
|
|
_(resource.entries.length).must_equal 49
|
|
|
|
|
_(resource.protocols("tcp").entries.length).must_equal 34
|
|
|
|
|
_(resource.protocols("udp").entries.length).must_equal 15
|
2016-07-21 12:16:34 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on FreeBSD" do
|
|
|
|
|
resource = MockLoader.new(:freebsd10).load_resource("port", 22)
|
2015-09-23 13:24:46 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2015-12-08 12:46:20 +00:00
|
|
|
_(resource.protocols).must_equal %w{ tcp6 tcp }
|
|
|
|
|
_(resource.pids).must_equal [668]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["sshd"]
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["0:0:0:0:0:0:0:0", "0.0.0.0"]
|
2015-09-23 13:24:46 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on wrlinux" do
|
|
|
|
|
resource = MockLoader.new(:wrlinux).load_resource("port", 22)
|
2015-12-03 03:08:49 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.pids).must_equal [1222]
|
2015-12-08 12:46:20 +00:00
|
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["sshd"]
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
2015-12-03 03:08:49 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify running on undefined" do
|
|
|
|
|
resource = MockLoader.new(:undefined).load_resource("port", 22)
|
2015-09-23 13:19:48 +00:00
|
|
|
_(resource.listening?).must_equal false
|
2016-05-11 21:21:22 +00:00
|
|
|
_(resource.protocols).must_equal []
|
|
|
|
|
_(resource.pids).must_equal []
|
|
|
|
|
_(resource.processes).must_equal []
|
|
|
|
|
_(resource.addresses).must_equal []
|
2015-09-23 13:19:48 +00:00
|
|
|
end
|
2015-12-08 13:04:02 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port and interface on Ubuntu 14.04" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", "0.0.0.0", 22)
|
2015-12-08 13:04:02 +00:00
|
|
|
_(resource.listening?).must_equal true
|
|
|
|
|
_(resource.protocols).must_equal %w{ tcp }
|
2017-08-31 07:53:08 +00:00
|
|
|
_(resource.pids).must_equal [1222]
|
2019-06-11 22:24:35 +00:00
|
|
|
_(resource.processes).must_equal ["sshd"]
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2015-12-08 13:04:02 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify not listening port on interface on Ubuntu 14.04" do
|
2021-09-30 09:33:11 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("port", "127.0.0.1", 22)
|
2015-12-08 13:04:02 +00:00
|
|
|
_(resource.listening?).must_equal false
|
2016-05-11 21:21:22 +00:00
|
|
|
_(resource.addresses).must_equal []
|
2015-12-08 13:04:02 +00:00
|
|
|
end
|
2016-01-28 13:47:46 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on Solaris 10" do
|
|
|
|
|
resource = MockLoader.new(:solaris10).load_resource("port", 22)
|
2016-01-28 13:47:46 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2016-01-28 13:47:46 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on Solaris 11" do
|
|
|
|
|
resource = MockLoader.new(:solaris11).load_resource("port", 22)
|
2016-01-28 13:47:46 +00:00
|
|
|
_(resource.listening?).must_equal true
|
2016-03-19 10:47:41 +00:00
|
|
|
_(resource.addresses).must_equal ["0.0.0.0"]
|
2016-01-28 13:47:46 +00:00
|
|
|
end
|
2016-05-03 09:00:59 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on hpux" do
|
|
|
|
|
resource = MockLoader.new(:hpux).load_resource("port", 22)
|
2016-05-03 09:00:59 +00:00
|
|
|
_(resource.listening?).must_equal true
|
|
|
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "0:0:0:0:0:0:0:0" ]
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify not listening port on hpux" do
|
|
|
|
|
resource = MockLoader.new(:hpux).load_resource("port", 23)
|
2016-05-03 09:00:59 +00:00
|
|
|
_(resource.listening?).must_equal false
|
2016-05-11 21:21:22 +00:00
|
|
|
_(resource.protocols).must_equal []
|
|
|
|
|
_(resource.addresses).must_equal []
|
2016-05-03 09:00:59 +00:00
|
|
|
end
|
2017-10-10 08:54:18 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify port on aix" do
|
|
|
|
|
resource = MockLoader.new(:aix).load_resource("port", 22)
|
2017-10-10 08:54:18 +00:00
|
|
|
_(resource.listening?).must_equal true
|
|
|
|
|
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
|
|
|
|
_(resource.addresses).must_equal ["0.0.0.0", "::"]
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "verify not listening port on aix" do
|
|
|
|
|
resource = MockLoader.new(:aix).load_resource("port", 23)
|
2017-10-10 08:54:18 +00:00
|
|
|
_(resource.listening?).must_equal false
|
|
|
|
|
_(resource.protocols).must_equal []
|
|
|
|
|
_(resource.addresses).must_equal []
|
|
|
|
|
end
|
2015-09-23 13:19:48 +00:00
|
|
|
end
|
