community.general.listen_ports_facts module – Gather facts on processes listening on TCP and UDP ports

Note

This module is part of the community.general collection (version 10.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.listen_ports_facts.

Synopsis

  • Gather facts on processes listening on TCP and UDP ports using the netstat or ss commands.

  • This module currently supports Linux only.

Requirements

The below requirements are needed on the host that executes this module.

  • netstat or ss

Parameters

Parameter

Comments

command

string

added in community.general 4.1.0

Override which command to use for fetching listen ports.

By default module will use first found supported command on the system (in alphanumerical order).

Choices:

  • "netstat"

  • "ss"

include_non_listening

boolean

added in community.general 5.4.0

Show both listening and non-listening sockets (for TCP this means established connections).

Adds the return values ansible_facts.tcp_listen[].state, ansible_facts.udp_listen[].state, ansible_facts.tcp_listen[].foreign_address, and ansible_facts.udp_listen[].foreign_address to the returned facts.

Choices:

  • false ← (default)

  • true

Attributes

Attribute

Support

Description

check_mode

Support: full

This action does not modify state.

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: N/A

This action does not modify state.

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

facts

Support: full

Action returns an ansible_facts dictionary that will update existing host facts.

Notes

Note

  • ss returns all processes for each listen address and port. This plugin will return each of them, so multiple entries for the same listen address and port are likely in results.

Examples

- name: Gather facts on listening ports
  community.general.listen_ports_facts:

- name: TCP whitelist violation
  ansible.builtin.debug:
    msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the whitelist
  vars:
    tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_whitelist) | list }}"
    tcp_whitelist:
      - 22
      - 25
  loop: "{{ tcp_listen_violations }}"

- name: List TCP ports
  ansible.builtin.debug:
    msg: "{{ ansible_facts.tcp_listen  | map(attribute='port') | sort | list }}"

- name: List UDP ports
  ansible.builtin.debug:
    msg: "{{ ansible_facts.udp_listen | map(attribute='port') | sort | list }}"

- name: List all ports
  ansible.builtin.debug:
    msg: "{{ (ansible_facts.tcp_listen + ansible_facts.udp_listen) | map(attribute='port') | unique | sort | list }}"

- name: Gather facts on all ports and override which command to use
  community.general.listen_ports_facts:
    command: 'netstat'
    include_non_listening: true

Returned Facts

Facts returned by this module are added/updated in the hostvars host facts and can be referenced by name just like any other host fact. They do not need to be registered in order to use them.

Key

Description

tcp_listen

list / elements=string

A list of processes that are listening on a TCP port.

Returned: if TCP servers were found

address

string

The address the server is listening on.

Returned: always

Sample: "0.0.0.0"

foreign_address

string

added in community.general 5.4.0

The address of the remote end of the socket.

Returned: if include_non_listening=true

Sample: "10.80.0.1"

name

string

The name of the listening process.

Returned: if user permissions allow

Sample: "mysqld"

pid

integer

The pid of the listening process.

Returned: always

Sample: 1223

port

integer

The port the server is listening on.

Returned: always

Sample: 3306

protocol

string

The network protocol of the server.

Returned: always

Sample: "tcp"

state

string

added in community.general 5.4.0

The state of the socket.

Returned: if include_non_listening=true

Sample: "ESTABLISHED"

stime

string

The start time of the listening process.

Returned: always

Sample: "Thu Feb  2 13:29:45 2017"

user

string

The user who is running the listening process.

Returned: always

Sample: "mysql"

udp_listen

list / elements=string

A list of processes that are listening on a UDP port.

Returned: if UDP servers were found

address

string

The address the server is listening on.

Returned: always

Sample: "0.0.0.0"

foreign_address

string

added in community.general 5.4.0

The address of the remote end of the socket.

Returned: if include_non_listening=true

Sample: "10.80.0.1"

name

string

The name of the listening process.

Returned: if user permissions allow

Sample: "rsyslogd"

pid

integer

The pid of the listening process.

Returned: always

Sample: 609

port

integer

The port the server is listening on.

Returned: always

Sample: 514

protocol

string

The network protocol of the server.

Returned: always

Sample: "udp"

state

string

added in community.general 5.4.0

The state of the socket. UDP is a connectionless protocol. Shows UCONN or ESTAB.

Returned: if include_non_listening=true

Sample: "UCONN"

stime

string

The start time of the listening process.

Returned: always

Sample: "Thu Feb  2 13:29:45 2017"

user

string

The user who is running the listening process.

Returned: always

Sample: "root"

Authors

  • Nathan Davison (@ndavison)