Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Make sure no ports are open #132

Open
zupo opened this issue Oct 28, 2022 · 1 comment
Open

Make sure no ports are open #132

zupo opened this issue Oct 28, 2022 · 1 comment
Assignees
@dz0ny
Labels
bug Something isn't working

Comments

@zupo
Copy link
Member

zupo commented Oct 28, 2022

What happened?

@jcerjak had an idea to also check that no ports are open. I.e. maybe a developer runs ngrok or a local Apache server and forgets to turn it off. Maybe even installs Postgres and doesn't configure it properly and now data leaks are possible.

Version

/

Relevant log output

No response
@zupo zupo added the bug Something isn't working label Oct 28, 2022
@dz0ny
Copy link
Member

dz0ny commented Nov 21, 2022

Using osquery and custom checks

id: open-ports
titlePass: No open ports found
titleFail: Open ports found
# get list out open ports, count lines, if lines are found print 1
check: |
  /usr/local/bin/osqueryi 'SELECT lp.port, p.cmdline FROM listening_ports lp JOIN processes p ON lp.pid = p.pid WHERE lp.port != 0 and p.name != "rapportd" and lp.address = "0.0.0.0";' --list --header=false | wc -l | xargs | awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
result:
  integer: 0

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@dz0ny dz0ny

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dz0ny @zupo