Listening network ports

Question

Listening network ports

Opened this issue 9 years ago · 2 comments

This would be useful for NERC CIP and PCI DSS reporting and alerting. Could use salt's network.netstat or osquery's listening_ports for gathering information on unix hosts. Could also contain a whitelist to prevent alerting on documented connectivity.

Answer 1 · 2016-04-22T21:56:10.000Z

Whitelist is a must, IMO, so we can actually tell failures from successes. But this is a great idea!

Answer 2 · 2016-06-21T16:35:51.000Z

Initial yaml will look something like this:

netstat:
    ssh:
        address: 0.0.0.0:22
    another_identifier:
        address: 127.0.0.1:80

The dictionary format will give us room to grow in the future to support whitelisting certain protocols or processes or the like.