community.general.listen_ports_facts – Gather facts on processes listening on TCP and UDP ports.

Note

This plugin is part of the community.general collection (version 2.2.0).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.listen_ports_facts.

Synopsis

  • Gather facts on processes listening on TCP and UDP ports using netstat command.

  • This module currently supports Linux only.

Requirements

The below requirements are needed on the host that executes this module.

  • netstat

Examples

- name: Gather facts on listening ports
  community.general.listen_ports_facts:

- name: TCP whitelist violation
  ansible.builtin.debug:
    msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the whitelist
  vars:
    tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_whitelist) | list }}"
    tcp_whitelist:
      - 22
      - 25
  loop: "{{ tcp_listen_violations }}"

- name: List TCP ports
  ansible.builtin.debug:
    msg: "{{ ansible_facts.tcp_listen  | map(attribute='port') | sort | list }}"

- name: List UDP ports
  ansible.builtin.debug:
    msg: "{{ ansible_facts.udp_listen | map(attribute='port') | sort | list }}"

- name: List all ports
  ansible.builtin.debug:
    msg: "{{ (ansible_facts.tcp_listen + ansible_facts.udp_listen) | map(attribute='port') | unique | sort | list }}"

Returned Facts

Facts returned by this module are added/updated in the hostvars host facts and can be referenced by name just like any other host fact. They do not need to be registered in order to use them.

Fact Returned Description
tcp_listen
list / elements=string
if TCP servers were found
A list of processes that are listening on a TCP port.

address
string / elements=string
always
The address the server is listening on.

Sample:
0.0.0.0
name
string / elements=string
if user permissions allow
The name of the listening process.

Sample:
mysqld
pid
integer / elements=string
always
The pid of the listening process.

Sample:
1223
port
integer / elements=string
always
The port the server is listening on.

Sample:
3306
protocol
string / elements=string
always
The network protocol of the server.

Sample:
tcp
stime
string / elements=string
always
The start time of the listening process.

Sample:
Thu Feb 2 13:29:45 2017
user
string / elements=string
always
The user who is running the listening process.

Sample:
mysql
udp_listen
list / elements=string
if UDP servers were found
A list of processes that are listening on a UDP port.

address
string / elements=string
always
The address the server is listening on.

Sample:
0.0.0.0
name
string / elements=string
if user permissions allow
The name of the listening process.

Sample:
rsyslogd
pid
integer / elements=string
always
The pid of the listening process.

Sample:
609
port
integer / elements=string
always
The port the server is listening on.

Sample:
514
protocol
string / elements=string
always
The network protocol of the server.

Sample:
udp
stime
string / elements=string
always
The start time of the listening process.

Sample:
Thu Feb 2 13:29:45 2017
user
string / elements=string
always
The user who is running the listening process.

Sample:
root


Authors

  • Nathan Davison (@ndavison)