scripts/listen-check


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

#!/bin/sh
#
# Check that the host only listens on ports that are acceptable.

set -e

ports()
{
    netstat -nlap |
    awk '
        $6 == "LISTEN" {
            n = split($7, a, /\//)
            printf "%-10s %-20s %-20s %s\n", $1, $4, $5, a[2]
        }'
}


case "$1" in
    list)
        ports
        ;;
    report)
        temp="$(mktemp)"
        ports > "$temp"
        if diff -u /etc/listen-check.ok "$temp"
        then
            rm -f "$temp"
        else
            rm -f "$temp"
            exit 1
        fi
        ;;
    *)
        echo "EEeek. Usage, man!" 1>&2
        exit 1
        ;;
esac