diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2019-06-24 14:39:30 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-06-24 14:39:30 +0300 |
commit | ef89ee3fc9341cff19bb08d7580904199020274b (patch) | |
tree | a9a85af148a2e11cfa5634cc075f74fdc5f63b1c /include/tests_networking | |
parent | cf57424f1a419e50079d805dab4e4e2205b29918 (diff) |
[NETW-3012] make ss command output preferred for Linux system and changed output format
Diffstat (limited to 'include/tests_networking')
-rw-r--r-- | include/tests_networking | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/include/tests_networking b/include/tests_networking index 5d5df2f6..b43970ce 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -370,6 +370,7 @@ # Description : Check listening ports Register --test-no NETW-3012 --weight L --network NO --category security --description "Check listening ports" if [ ${SKIPTEST} -eq 0 ]; then + DATA="" FIND=""; FIND2="" COUNT=0 case ${OS} in @@ -381,24 +382,19 @@ FIND="" fi FIND2="" - ;; + ;; Linux) - if [ ! -z "${NETSTATBINARY}" ]; then + if [ -n "${SSBINARY}" ]; then + DATA=$(${SSBINARY} --query=udp,tcp -plnt | awk '{ if ($1!="Netid") { print "raw,ss,v1|"$1"|"$5"|"$7"|" }}' | sed 's/pid=[0-9]\{1,\},fd=[0-9]\{1,\}//g' | sed 's/users://' | sed 's/,)//g' | tr -d '()"') + elif [ -n "${NETSTATBINARY}" ]; then # UDP FIND=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | ${SEDBINARY} 's:|[0-9]*/:|:') # TCP FIND2=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | ${SEDBINARY} 's:|[0-9]*/:|:') else - if [ ! "${SSBINARY}" = "" ]; then - # UDP - FIND=$(${SSBINARY} -u -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local) - # TCP - FIND2=$(${SSBINARY} -t -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local) - else - ReportException "${TEST_NO}:1" "netstat and ss binary missing to gather listening ports" - fi + ReportException "${TEST_NO}:1" "netstat and ss binary missing to gather listening ports" fi - ;; + ;; macOS) if [ ! "${LSOFBINARY}" = "" ]; then @@ -409,9 +405,7 @@ fi # Not needed as we have a combined test FIND2="" - ;; - - + ;; NetBSD) if [ ! "${SOCKSTATBINARY}" = "" ]; then FIND=$(${SOCKSTATBINARY} 2> /dev/null | ${AWKBINARY} '{ if ($7 ~ /\*.\*/) print $5"|"$6"|"$2"|" }' | ${SORTBINARY} -u) @@ -419,7 +413,7 @@ FIND="" fi FIND2="" - ;; + ;; OpenBSD) if [ ! "${NETSTATBINARY}" = "" ]; then # UDP @@ -429,13 +423,20 @@ else ReportException "${TEST_NO}:3" "netstat missing to gather listening ports" fi - ;; + ;; *) # Got this exception? Provide your details and output of netstat or any other tool to determine this information. ReportException "${TEST_NO}:2" "Unclear what method to use, to determine listening port information" - ;; + ;; esac + if HasData "${DATA}"; then + for ITEM in ${DATA}; do + COUNT=$((COUNT + 1)) + Report "network_listen[]=${ITEM}" + done + fi + # Retrieve information from sockstat, when available LogText "Test: Retrieving sockstat information to find listening ports" if HasData "${FIND}"; then @@ -453,11 +454,10 @@ Report "network_listen_port[]=${ITEM}" done fi - if [ "${FIND}" = "" -a "${FIND2}" = "" ]; then + if [ -z "${DATA}" -a -z "${FIND}" ]; then Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result "${STATUS_SKIPPED}" --color YELLOW else Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result "${STATUS_DONE}" --color GREEN - Display --indent 6 --text "* Found ${COUNT} ports" fi fi # |