community.general.listen_ports_facts – Gather facts on processes listening on TCP and UDP ports.
Note
This plugin is part of the community.general collection (version 2.0.1).
To install it use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.listen_ports_facts.
Synopsis
- Gather facts on processes listening on TCP and UDP ports using netstat command.
- This module currently supports Linux only.
Requirements
The below requirements are needed on the host that executes this module.
- netstat
Examples
- name: Gather facts on listening ports
community.general.listen_ports_facts:
- name: TCP whitelist violation
ansible.builtin.debug:
msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the whitelist
vars:
tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_whitelist) | list }}"
tcp_whitelist:
- 22
- 25
loop: "{{ tcp_listen_violations }}"
- name: List TCP ports
ansible.builtin.debug:
msg: "{{ ansible_facts.tcp_listen | map(attribute='port') | sort | list }}"
- name: List UDP ports
ansible.builtin.debug:
msg: "{{ ansible_facts.udp_listen | map(attribute='port') | sort | list }}"
- name: List all ports
ansible.builtin.debug:
msg: "{{ (ansible_facts.tcp_listen + ansible_facts.udp_listen) | map(attribute='port') | unique | sort | list }}"
Returned Facts
Facts returned by this module are added/updated in the hostvars host facts and can be referenced by name just like any other host fact. They do not need to be registered in order to use them.
| Fact | Returned | Description | |
|---|---|---|---|
| tcp_listen list / elements=string | if TCP servers were found | A list of processes that are listening on a TCP port. | |
| address string / elements=string | always | The address the server is listening on. Sample: 0.0.0.0 | |
| name string / elements=string | if user permissions allow | The name of the listening process. Sample: mysqld | |
| pid integer / elements=string | always | The pid of the listening process. Sample: 1223 | |
| port integer / elements=string | always | The port the server is listening on. Sample: 3306 | |
| protocol string / elements=string | always | The network protocol of the server. Sample: tcp | |
| stime string / elements=string | always | The start time of the listening process. Sample: Thu Feb 2 13:29:45 2017 | |
| user string / elements=string | always | The user who is running the listening process. Sample: mysql | |
| udp_listen list / elements=string | if UDP servers were found | A list of processes that are listening on a UDP port. | |
| address string / elements=string | always | The address the server is listening on. Sample: 0.0.0.0 | |
| name string / elements=string | if user permissions allow | The name of the listening process. Sample: rsyslogd | |
| pid integer / elements=string | always | The pid of the listening process. Sample: 609 | |
| port integer / elements=string | always | The port the server is listening on. Sample: 514 | |
| protocol string / elements=string | always | The network protocol of the server. Sample: udp | |
| stime string / elements=string | always | The start time of the listening process. Sample: Thu Feb 2 13:29:45 2017 | |
| user string / elements=string | always | The user who is running the listening process. Sample: root | |
Authors
- Nathan Davison (@ndavison)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/listen_ports_facts_module.html