Try SpotterGather facts on processes listening on TCP and UDP ports.
Authors: Nathan Davison (@ndavison)
Install with ansible-galaxy collection install community.general:==1.3.14
collections:
- name: community.general
version: 1.3.14Gather facts on processes listening on TCP and UDP ports using netstat command.
This module currently supports Linux only.
- name: Gather facts on listening ports community.general.listen_ports_facts:
- name: TCP whitelist violation
ansible.builtin.debug:
msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the whitelist
vars:
tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_whitelist) | list }}"
tcp_whitelist:
- 22
- 25
loop: "{{ tcp_listen_violations }}"
- name: List TCP ports
ansible.builtin.debug:
msg: "{{ ansible_facts.tcp_listen | map(attribute='port') | sort | list }}"
- name: List UDP ports
ansible.builtin.debug:
msg: "{{ ansible_facts.udp_listen | map(attribute='port') | sort | list }}"
- name: List all ports
ansible.builtin.debug:
msg: "{{ (ansible_facts.tcp_listen + ansible_facts.udp_listen) | map(attribute='port') | unique | sort | list }}"
ansible_facts:
contains:
tcp_listen:
contains:
address:
description: The address the server is listening on.
returned: always
sample: 0.0.0.0
type: str
name:
description: The name of the listening process.
returned: if user permissions allow
sample: mysqld
type: str
pid:
description: The pid of the listening process.
returned: always
sample: 1223
type: int
port:
description: The port the server is listening on.
returned: always
sample: 3306
type: int
protocol:
description: The network protocol of the server.
returned: always
sample: tcp
type: str
stime:
description: The start time of the listening process.
returned: always
sample: Thu Feb 2 13:29:45 2017
type: str
user:
description: The user who is running the listening process.
returned: always
sample: mysql
type: str
description: A list of processes that are listening on a TCP port.
returned: if TCP servers were found
type: list
udp_listen:
contains:
address:
description: The address the server is listening on.
returned: always
sample: 0.0.0.0
type: str
name:
description: The name of the listening process.
returned: if user permissions allow
sample: rsyslogd
type: str
pid:
description: The pid of the listening process.
returned: always
sample: 609
type: int
port:
description: The port the server is listening on.
returned: always
sample: 514
type: int
protocol:
description: The network protocol of the server.
returned: always
sample: udp
type: str
stime:
description: The start time of the listening process.
returned: always
sample: Thu Feb 2 13:29:45 2017
type: str
user:
description: The user who is running the listening process.
returned: always
sample: root
type: str
description: A list of processes that are listening on a UDP port.
returned: if UDP servers were found
type: list
description: Dictionary containing details of TCP and UDP ports with listening servers
returned: always
type: complex