Check that no process is listening on ephemeral port range

checkport.sh

#!/usr/bin/env bash

# Get min/max port range from sysctl
prange="$(sysctl net.ipv4.ip_local_port_range| awk '{print $3,$4}')"
pmin="${prange% *}"
pmax="${prange#* }"

# TODO: ignore ports in sysctl net.ipv4.ip_local_reserved_ports

ss --listen --numeric --tcp --process | awk -v pmin=$pmin -v pmax=$pmax '
	$1=="LISTEN"{
		split($4,a,":")
		port=a[length(a)]
		if (port >= pmin && port <= pmax) {
			print
		}
	}'