Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure no ports are open #132

Open
zupo opened this issue Oct 28, 2022 · 1 comment
Open

Make sure no ports are open #132

zupo opened this issue Oct 28, 2022 · 1 comment
Assignees
@dz0ny
Labels
bug Something isn't working

Comments

@zupo
Copy link
Member

zupo commented Oct 28, 2022

What happened?

@jcerjak had an idea to also check that no ports are open. I.e. maybe a developer runs ngrok or a local Apache server and forgets to turn it off. Maybe even installs Postgres and doesn't configure it properly and now data leaks are possible.

Version

/

Relevant log output

No response
@zupo zupo added the bug Something isn't working label Oct 28, 2022
@dz0ny
Copy link
Member

dz0ny commented Nov 21, 2022

Using osquery and custom checks

id: open-ports
titlePass: No open ports found
titleFail: Open ports found
# get list out open ports, count lines, if lines are found print 1
check: |
  /usr/local/bin/osqueryi 'SELECT lp.port, p.cmdline FROM listening_ports lp JOIN processes p ON lp.pid = p.pid WHERE lp.port != 0 and p.name != "rapportd" and lp.address = "0.0.0.0";' --list --header=false | wc -l | xargs | awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
result:
  integer: 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dz0ny dz0ny

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dz0ny @zupo