mirror of
https://github.com/inspec/inspec
synced 2024-09-21 06:51:56 +00:00
Merge pull request #5522 from inspec/vasundhara/fix-for-port-resource
Fix for port resource performance: adding more specific search while using ss command
This commit is contained in:
commit
85ecf5373d
3 changed files with 23 additions and 13 deletions
|
@ -54,7 +54,7 @@ module Inspec::Resources
|
|||
def port_manager_for_os
|
||||
os = inspec.os
|
||||
if os.linux?
|
||||
LinuxPorts.new(inspec)
|
||||
LinuxPorts.new(inspec, @port)
|
||||
elsif os.aix?
|
||||
# AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
|
||||
# and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
|
||||
|
@ -102,8 +102,9 @@ module Inspec::Resources
|
|||
# }]
|
||||
class PortsInfo
|
||||
attr_reader :inspec
|
||||
def initialize(inspec)
|
||||
def initialize(inspec, port = nil)
|
||||
@inspec = inspec
|
||||
@port = port
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -394,7 +395,12 @@ module Inspec::Resources
|
|||
def ports_via_ss
|
||||
return nil unless inspec.command("ss").exist?
|
||||
|
||||
cmd = inspec.command("ss -tulpen")
|
||||
if @port.nil?
|
||||
cmd = inspec.command("ss -tulpen")
|
||||
else
|
||||
cmd = inspec.command("ss -tulpen '( dport = #{@port} or sport = #{@port} )'")
|
||||
end
|
||||
|
||||
return nil unless cmd.exit_status.to_i == 0
|
||||
|
||||
ports = []
|
||||
|
|
|
@ -18,10 +18,10 @@ class MockLoader
|
|||
freebsd12: { name: "freebsd", family: "bsd", release: "12", arch: "amd64" },
|
||||
macos10_10: { name: "mac_os_x", family: "darwin", release: "10.10.4", arch: nil },
|
||||
macos10_16: { name: "darwin", family: "darwin", release: "10.16", arch: nil },
|
||||
ubuntu1204: { name: "ubuntu", family: "debian", release: "12.04", arch: "x86_64" },
|
||||
ubuntu1404: { name: "ubuntu", family: "debian", release: "14.04", arch: "x86_64" },
|
||||
ubuntu1504: { name: "ubuntu", family: "debian", release: "15.04", arch: "x86_64" },
|
||||
ubuntu1604: { name: "ubuntu", family: "debian", release: "16.04", arch: "x86_64" },
|
||||
ubuntu1804: { name: "ubuntu", family: "debian", release: "18.04", arch: "x86_64" },
|
||||
mint17: { name: "linuxmint", family: "debian", release: "17.3", arch: "x86_64" },
|
||||
mint18: { name: "linuxmint", family: "debian", release: "18", arch: "x86_64" },
|
||||
windows: { name: "windows", family: "windows", release: "6.2.9200", arch: "x86_64" },
|
||||
|
@ -591,6 +591,10 @@ class MockLoader
|
|||
%{sh -c 'type "ss"'} => empty.call,
|
||||
%{sh -c 'type "netstat"'} => empty.call,
|
||||
"ss -tulpen" => cmd.call("ss-tulpen"),
|
||||
"ss -tulpen '( dport = 22 or sport = 22 )'" => cmd.call("ss-tulpen"),
|
||||
"ss -tulpen '( dport = 68 or sport = 68 )'" => cmd.call("ss-tulpen"),
|
||||
"ss -tulpen '( dport = 9200 or sport = 9200 )'" => cmd.call("ss-tulpen"),
|
||||
"ss -tulpen '( dport = 80 or sport = 80 )'" => cmd.call("ss-tulpen"),
|
||||
"netstat -tulpen" => cmd.call("netstat-tulpen")
|
||||
)
|
||||
end
|
||||
|
|
|
@ -4,7 +4,7 @@ require "inspec/resources/port"
|
|||
|
||||
describe "Inspec::Resources::Port" do
|
||||
it "verify port on Ubuntu 14.04" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", 22)
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", 22)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
||||
_(resource.pids).must_equal [1222]
|
||||
|
@ -13,7 +13,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "lists all ports" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port")
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port")
|
||||
_(resource.entries.length).must_equal 9
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal %w{ udp tcp tcp6 }
|
||||
|
@ -23,7 +23,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "filter ports by conditions" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port").where { protocol =~ /udp/i }
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port").where { protocol =~ /udp/i }
|
||||
_(resource.entries.length).must_equal 1
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal ["udp"]
|
||||
|
@ -33,7 +33,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "verify UDP port on Ubuntu 14.04" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", 68)
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", 68)
|
||||
_(resource.entries.length).must_equal 1
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal ["udp"]
|
||||
|
@ -43,7 +43,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "accepts the port as a string" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", "68")
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", "68")
|
||||
_(resource.entries.length).must_equal 1
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal ["udp"]
|
||||
|
@ -53,7 +53,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "properly handles multiple processes using one fd" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", "80")
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", "80")
|
||||
_(resource.entries.length).must_equal 1
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal ["tcp"]
|
||||
|
@ -63,7 +63,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "properly handles a IPv4 address in a v6 listing" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", 9200)
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", 9200)
|
||||
_(resource.protocols).must_equal %w{ tcp tcp6 }
|
||||
_(resource.addresses).must_equal ["10.0.2.15", "fe80::a00:27ff:fe32:ed09"]
|
||||
end
|
||||
|
@ -185,7 +185,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "verify port and interface on Ubuntu 14.04" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", "0.0.0.0", 22)
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", "0.0.0.0", 22)
|
||||
_(resource.listening?).must_equal true
|
||||
_(resource.protocols).must_equal %w{ tcp }
|
||||
_(resource.pids).must_equal [1222]
|
||||
|
@ -194,7 +194,7 @@ describe "Inspec::Resources::Port" do
|
|||
end
|
||||
|
||||
it "verify not listening port on interface on Ubuntu 14.04" do
|
||||
resource = MockLoader.new(:ubuntu1404).load_resource("port", "127.0.0.1", 22)
|
||||
resource = MockLoader.new(:ubuntu1804).load_resource("port", "127.0.0.1", 22)
|
||||
_(resource.listening?).must_equal false
|
||||
_(resource.addresses).must_equal []
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue