check_listen_ports.rb

#!/usr/bin/env ruby
# frozen_string_literal: true

require_relative 'ragios'

Listener = Struct.new(:user, :command, :pid, :fd, :proto, :local_addr, :foreign_addr) do
  def to_s
    "#{user}/#{command} (#{pid}) on #{local_addr}"
  end
end

# Listening sockets not on loopback using tcp or udp
info = CommandRunner.run('/usr/bin/sockstat', '-lL', '-P', 'tcp,udp')

expect_commands = %w[tincd mosh* smbd nmbd ntpd python2.7]
expect_tcp = %w[10.0.1.1:* *:22 *:222 *:25 *:143 *:80 *:443 *:993 *:113 *:4949 *:2080 *:53 *:123 *:524[45]]
expect_udp = %w[*:53 *:67 10.0.0.1:514]

module Enumerable
  def any_fnmatch?(str)
    any? { |pat| File.fnmatch(pat, str) }
  end
end

monitor 'listen_ports' do
  listeners = info.stdout.lines.drop(1).map do |line|
    Listener.new(*line.chomp.split(/\s+/))
  end.reject { |l| l.local_addr == '*:*' } # not sure what this is

  good, bad = listeners.partition do |l|
    expect_commands.any_fnmatch?(l.command) ||
      (l.proto[0, 3] == 'tcp' && expect_tcp.any_fnmatch?(l.local_addr)) ||
      (l.proto[0, 3] == 'udp' && expect_udp.any_fnmatch?(l.local_addr))
  end

  if bad.any?
    error(bad.map(&:to_s).sort.uniq.join(', '))
  else
    ok("Listening: #{good.map(&:local_addr).sort.uniq.join(', ')}")
  end
end