RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/resources/port.rb ADDED

@@ -0,0 +1,771 @@
+# encoding: utf-8
+require 'utils/parser'
+require 'utils/filter'
+require 'ipaddr'
+# TODO: currently we return local ip only
+# TODO: improve handling of same port on multiple interfaces
+module Inspec::Resources
+  class Port < Inspec.resource(1)
+    name 'port'
+    supports platform: 'unix'
+    supports platform: 'windows'
+    desc "Use the port InSpec audit resource to test basic port properties, such as port, process, if it's listening."
+    example "
+      describe port(80) do
+        it { should be_listening }
+        its('protocols') {should eq ['tcp']}
+        its('addresses') {should eq ['127.0.0.1']}
+      end
+      describe port.where { protocol =~ /tcp/ && port > 80 } do
+        it { should_not be_listening }
+      end
+    "
+    def initialize(*args)
+      args.unshift(nil) if args.length <= 1 # add the ip address to the front
+      @ip = args[0]
+      @port = if args[1].nil?
+                nil
+              else
+                args[1].to_i
+              end
+      @cache = nil
+      @port_manager = port_manager_for_os
+      return skip_resource 'The `port` resource is not supported on your OS yet.' if @port_manager.nil?
+    end
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:ports,     field: 'port', style: :simple)
+          .add(:addresses, field: 'address', style: :simple)
+          .add(:protocols, field: 'protocol', style: :simple)
+          .add(:processes, field: 'process', style: :simple)
+          .add(:pids,      field: 'pid', style: :simple)
+          .add(:listening?) { |x| !x.entries.empty? }
+    filter.connect(self, :info)
+    def to_s
+      "Port #{@port}"
+    end
+    private
+    def port_manager_for_os
+      os = inspec.os
+      if os.linux?
+        LinuxPorts.new(inspec)
+      elsif os.aix?
+        # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
+        #      and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
+        AixPorts.new(inspec)
+      elsif os.darwin?
+        # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
+        LsofPorts.new(inspec)
+      elsif os.windows?
+        WindowsPorts.new(inspec)
+      elsif ['freebsd'].include?(os[:family])
+        FreeBsdPorts.new(inspec)
+      elsif os.solaris?
+        SolarisPorts.new(inspec)
+      elsif os.hpux?
+        HpuxPorts.new(inspec)
+      end
+    end
+    def info
+      return @cache if !@cache.nil?
+      # abort if os detection has not worked
+      return @cache = [] if @port_manager.nil?
+      # query ports
+      cache = @port_manager.info || []
+      cache.select! { |x| x['port'] == @port } unless @port.nil?
+      cache.select! { |x| x['address'] == @ip } unless @ip.nil?
+      @cache = cache
+    end
+  end
+  # implements an info method and returns all ip adresses and protocols for
+  # each port
+  # [{
+  #   'port' => 22,
+  #   'address' => '0.0.0.0'
+  #   'protocol' => 'tcp'
+  # },
+  # {
+  #   'port' => 22,
+  #   'address' => '::'
+  #   'protocol' => 'tcp6'
+  # }]
+  class PortsInfo
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+  end
+  # TODO: Add UDP infromation Get-NetUDPEndpoint
+  # TODO: currently Windows only supports tcp ports
+  # TODO: Get-NetTCPConnection does not return PIDs
+  # TODO: double-check output with 'netstat -ano'
+  # @see https://connect.microsoft.com/PowerShell/feedback/details/1349420/get-nettcpconnection-does-not-show-processid
+  class WindowsPorts < PortsInfo
+    def info
+      netstat_info || powershell_info
+    end
+    private
+    def powershell_info
+      cmd = inspec.command('Get-NetTCPConnection -state Listen | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
+      return nil if cmd.exit_status != 0
+      entries = JSON.parse(cmd.stdout)
+      return nil if entries.nil?
+      entries.map { |x|
+        {
+          'port'     => x['LocalPort'],
+          'address'  => x['LocalAddress'],
+          'protocol' => 'tcp',
+        }
+      }
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    def netstat_info
+      # retrieve processes grepping by LISTENING state with 0 lines before and 1 after to catch the process name
+      # also UDP ports have nothing in the State column
+      cmd = inspec.command('netstat -anbo | Select-String  -CaseSensitive -pattern "^\s+UDP|\s+LISTENING\s+\d+$" -context 0,1')
+      return nil if cmd.exit_status != 0
+      lines = cmd.stdout.scan(/^>\s*(tcp\S*|udp\S*)\s+(\S+):(\d+)\s+(\S+)\s+(\S*)\s+(\d+)\s+(.+)/i)
+      lines.map do |line|
+        pid = line[5].to_i
+        process = line[6].delete('[').delete(']').strip
+        process = 'System' if process == 'Can not obtain ownership information' && pid == 4
+        {
+          'port'     => line[2].to_i,
+          'address'  => line[1].delete('[').delete(']'),
+          'protocol' => line[0].downcase,
+          'pid'      => pid,
+          'process'  => process,
+        }
+      end
+    end
+  end
+  # extracts udp and tcp ports from the lsof command
+  class LsofPorts < PortsInfo
+    attr_reader :lsof
+    def initialize(inspec, lsofpath = nil)
+      @lsof = lsofpath || 'lsof'
+      super(inspec)
+    end
+    def info
+      ports = []
+      # check that lsof is available, otherwise fail
+      raise 'Please ensure `lsof` is available on the machine.' if !inspec.command(@lsof.to_s).exist?
+      # -F p=pid, c=command, P=protocol name, t=type, n=internet addresses
+      # see 'OUTPUT FOR OTHER PROGRAMS' in LSOF(8)
+      lsof_cmd = inspec.command("#{@lsof} -nP -i -FpctPn")
+      return nil if lsof_cmd.exit_status.to_i != 0
+      # map to desired return struct
+      lsof_parser(lsof_cmd).each do |process, port_ids|
+        pid, cmd = process.split(':')
+        port_ids.each do |port_str|
+          # should not break on ipv6 addresses
+          ipv, proto, port, host = port_str.split(':', 4)
+          ports.push({ 'port'     => port.to_i,
+                       'address'  => host,
+                       'protocol' => ipv == 'ipv6' ? proto + '6' : proto,
+                       'process'  => cmd,
+                       'pid'      => pid.to_i })
+        end
+      end
+      ports
+    end
+    # rubocop:disable Metrics/CyclomaticComplexity
+    # rubocop:disable Metrics/AbcSize
+    def lsof_parser(lsof_cmd)
+      procs = {}
+      # build this with formatted output (-F) from lsof
+      # procs = {
+      #   '123:sshd' => [
+      #      'ipv4:tcp:22:127.0.0.1',
+      #      'ipv6:tcp:22:::1',
+      #      'ipv4:tcp:*',
+      #      'ipv6:tcp:*',
+      #   ],
+      #   '456:ntpd' => [
+      #      'ipv4:udp:123:*',
+      #      'ipv6:udp:123:*',
+      #   ]
+      # }
+      proc_id = port_id = nil
+      lsof_cmd.stdout.each_line do |line|
+        line.chomp!
+        key = line.slice!(0)
+        case key
+        when 'p'
+          proc_id = line
+          port_id = nil
+        when 'c'
+          proc_id += ':' + line
+        when 't'
+          port_id = line.downcase
+        when 'P'
+          port_id += ':' + line.downcase
+        when 'n'
+          src, dst = line.split('->')
+          # skip active comm streams
+          next if dst
+          host, port = /^(\S+):(\d+|\*)$/.match(src)[1, 2]
+          # skip channels from port 0 - what does this mean?
+          next if port == '*'
+          # create new array stub if !exist?
+          procs[proc_id] = [] unless procs.key?(proc_id)
+          # change address '*' to zero
+          host = port_id =~ /^ipv6:/ ? '[::]' : '0.0.0.0' if host == '*'
+          # entrust URI to scrub the host and port
+          begin
+            uri = URI("addr://#{host}:#{port}")
+            uri.host && uri.port
+          rescue => e
+            warn "could not parse URI 'addr://#{host}:#{port}' - #{e}"
+            next
+          end
+          # e.g. 'ipv4:tcp:22:127.0.0.1'
+          #                             strip ipv6 squares for inspec
+          port_id += ':' + port + ':' + host.gsub(/^\[|\]$/, '')
+          # lsof will give us another port unless it's done
+          procs[proc_id] << port_id
+        end
+      end
+      procs
+    end
+  end
+  class AixPorts < PortsInfo
+    def info
+      ports_via_netstat || ports_via_lsof
+    end
+    def ports_via_lsof
+      return nil unless inspec.command('lsof').exist?
+      LsofPorts.new(inspec).info
+    end
+    def ports_via_netstat
+      return nil unless inspec.command('netstat').exist?
+      cmd = inspec.command('netstat -Aan | grep LISTEN')
+      return nil unless cmd.exit_status.to_i.zero?
+      ports = []
+      # parse all lines
+      cmd.stdout.each_line do |line|
+        port_info = parse_netstat_line(line)
+        # only push protocols we are interested in
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        ports.push(port_info)
+      end
+      ports
+    end
+    def parse_netstat_line(line)
+      # parse each line
+      # 1 - Socket, 2 - Proto, 3 - Receive-Q, 4 - Send-Q, 5 - Local address, 6 - Foreign Address, 7 - State
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?\s+(\S+)/.match(line)
+      return {} if parsed.nil?
+      # parse ip4 and ip6 addresses
+      protocol = parsed[2].downcase
+      # detect protocol if not provided
+      protocol += '6' if parsed[5].count(':') > 1 && %w{tcp udp}.include?(protocol)
+      protocol.chop! if %w{tcp4 upd4}.include?(protocol)
+      # extract host and port information
+      host, port = parse_net_address(parsed[5], protocol)
+      return {} if host.nil?
+      # extract PID
+      cmd = inspec.command("rmsock #{parsed[1]} tcpcb")
+      parsed_pid = /^The socket (\S+) is being held by proccess (\d+) \((\S+)\)/.match(cmd.stdout)
+      return {} if parsed_pid.nil?
+      process = parsed_pid[3]
+      pid = parsed_pid[2]
+      pid = pid.to_i if pid =~ /^\d+$/
+      {
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'process'  => process,
+        'pid'      => pid,
+      }
+    end
+    def parse_net_address(net_addr, protocol)
+      # local/foreign addresses on AIX use a '.' to separate the addresss
+      # from the port
+      address, _sep, port = net_addr.rpartition('.')
+      if protocol.eql?('tcp6') || protocol.eql?('udp6')
+        ip6addr = address
+        # AIX uses the wildcard character for ipv6 addresses listening on
+        # all interfaces.
+        ip6addr = '::' if ip6addr =~ /^\*$/
+        # v6 addresses need to end in a double-colon when using
+        # shorthand notation. netstat ends with a single colon.
+        # IPAddr will fail to properly parse an address unless it
+        # uses a double-colon for short-hand notation.
+        ip6addr += ':' if ip6addr =~ /\w:$/
+        begin
+          ip_parser = IPAddr.new(ip6addr)
+        rescue IPAddr::InvalidAddressError
+          # This IP is not parsable. There appears to be a bug in netstat
+          # output that truncates link-local IP addresses:
+          # example: udp6 0 0 fe80::42:acff:fe11::123 :::* 0 54550 3335/ntpd
+          # actual link address: inet6 fe80::42:acff:fe11:5/64 scope link
+          #
+          # in this example, the "5" is truncated making the netstat output
+          # an invalid IP address.
+          return [nil, nil]
+        end
+        # Check to see if this is a IPv4 address in a tcp6/udp6 line.
+        # If so, don't put brackets around the IP or URI won't know how
+        # to properly handle it.
+        # example: f000000000000000 tcp6       0      0 127.0.0.1.8005          *.*                    LISTEN
+        if ip_parser.ipv4?
+          ip_addr = URI("addr://#{ip6addr}:#{port}")
+          host = ip_addr.host
+        else
+          ip_addr = URI("addr://[#{ip6addr}]:#{port}")
+          host = ip_addr.host[1..ip_addr.host.size-2]
+        end
+      else
+        ip4addr = address
+        # In AIX the wildcard character is used to match all interfaces
+        ip4addr = '0.0.0.0' if ip4addr =~ /^\*$/
+        ip_addr = URI("addr://#{ip4addr}:#{port}")
+        host = ip_addr.host
+      end
+      [host, port.to_i]
+    end
+  end
+  # extract port information from netstat
+  class LinuxPorts < PortsInfo
+    ALLOWED_PROTOCOLS = %w{tcp tcp6 udp udp6}.freeze
+    def info
+      ports_via_ss || ports_via_netstat
+    end
+    def ports_via_ss
+      return nil unless inspec.command('ss').exist?
+      cmd = inspec.command('ss -tulpen')
+      return nil unless cmd.exit_status.to_i.zero?
+      ports = []
+      cmd.stdout.each_line do |line|
+        parsed_line = parse_ss_line(line)
+        ports << parsed_line unless parsed_line.nil?
+      end
+      ports
+    end
+    def ports_via_netstat
+      return nil unless inspec.command('netstat').exist?
+      cmd = inspec.command('netstat -tulpen')
+      return nil unless cmd.exit_status.to_i.zero?
+      ports = []
+      # parse all lines
+      cmd.stdout.each_line do |line|
+        port_info = parse_netstat_line(line)
+        # only push protocols we are interested in
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        ports.push(port_info)
+      end
+      ports
+    end
+    def parse_net_address(net_addr, protocol)
+      if protocol.eql?('tcp6') || protocol.eql?('udp6')
+        # prep for URI parsing, parse ip6 port
+        ip6 = /^(\S+):(\d+)$/.match(net_addr)
+        ip6addr = ip6[1]
+        ip6addr = '::' if ip6addr =~ /^:::$/
+        # v6 addresses need to end in a double-colon when using
+        # shorthand notation. netstat ends with a single colon.
+        # IPAddr will fail to properly parse an address unless it
+        # uses a double-colon for short-hand notation.
+        ip6addr += ':' if ip6addr =~ /\w:$/
+        begin
+          ip_parser = IPAddr.new(ip6addr)
+        rescue IPAddr::InvalidAddressError
+          # This IP is not parsable. There appears to be a bug in netstat
+          # output that truncates link-local IP addresses:
+          # example: udp6 0 0 fe80::42:acff:fe11::123 :::* 0 54550 3335/ntpd
+          # actual link address: inet6 fe80::42:acff:fe11:5/64 scope link
+          #
+          # in this example, the "5" is truncated making the netstat output
+          # an invalid IP address.
+          return [nil, nil]
+        end
+        # Check to see if this is a IPv4 address in a tcp6/udp6 line.
+        # If so, don't put brackets around the IP or URI won't know how
+        # to properly handle it.
+        # example: tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN
+        if ip_parser.ipv4?
+          ip_addr = URI("addr://#{ip6addr}:#{ip6[2]}")
+          host = ip_addr.host
+        else
+          ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
+          # strip []
+          host = ip_addr.host[1..ip_addr.host.size-2]
+        end
+      else
+        ip_addr = URI('addr://'+net_addr)
+        host = ip_addr.host
+      end
+      port = ip_addr.port
+      [host, port]
+    rescue URI::InvalidURIError => e
+      warn "Could not parse #{net_addr}, #{e}"
+      nil
+    end
+    def parse_netstat_line(line)
+      # parse each line
+      # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - Inode, 8 - PID/Program name
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?\s+(\S+)\s+(\S+)\s+(\S+)/.match(line)
+      return {} if parsed.nil? || line.match(/^proto/i)
+      # parse ip4 and ip6 addresses
+      protocol = parsed[1].downcase
+      # detect protocol if not provided
+      protocol += '6' if parsed[4].count(':') > 1 && %w{tcp udp}.include?(protocol)
+      # extract host and port information
+      host, port = parse_net_address(parsed[4], protocol)
+      return {} if host.nil?
+      # extract PID
+      process = parsed[9].split('/')
+      pid = process[0]
+      pid = pid.to_i if pid =~ /^\d+$/
+      process = process[1]
+      {
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'process'  => process,
+        'pid'      => pid,
+      }
+    end
+    def tokenize_ss_line(line)
+      # iproute-2.6.32-54.el6 output:
+      # Netid State      Recv-Q Send-Q  Local Address:Port Peer Address:Port
+      # udp   UNCONN     0      0       *:111              *:*                 users:(("rpcbind",1123,6)) ino=8680 sk=ffff8801390cf7c0
+      # tcp   LISTEN     0      128     *:22               *:*                 users:(("sshd",3965,3)) ino:11604 sk:ffff88013a3b5800
+      #
+      # iproute-2.6.32-20.el6 output:
+      # Netid            Recv-Q Send-Q  Local Address:Port Peer Address:Port
+      # udp              0      0       *:111              *:*                 users:(("rpcbind",1123,6)) ino=8680 sk=ffff8801390cf7c0
+      # tcp              0      128     *:22               *:*                 users:(("sshd",3965,3)) ino:11604 sk:ffff88013a3b5800
+      tokens = line.split(/\s+/, 7)
+      if tokens[1] =~ /^\d+$/ # iproute-2.6.32-20
+        {
+          netid: tokens[0],
+          local_addr: tokens[3],
+          process_info: tokens[5],
+        }
+      else # iproute-2.6.32-54
+        {
+          netid: tokens[0],
+          local_addr: tokens[4],
+          process_info: tokens[6],
+        }
+      end
+    end
+    def parse_ss_line(line)
+      # parsed = line.split(/\s+/, 7)
+      parsed = tokenize_ss_line(line)
+      # ss only returns "tcp" and "udp" as the protocol. However, netstat would return
+      # "tcp6" and "udp6" as necessary. In order to maintain backward compatibility, we
+      # will manually modify the protocol value if the line we're parsing is an IPv6
+      # entry.
+      process_info = parsed[:process_info]
+      protocol = parsed[:netid]
+      protocol += '6' if process_info.include?('v6only:1')
+      return nil unless ALLOWED_PROTOCOLS.include?(protocol)
+      # parse the Local Address:Port
+      # examples:
+      #   *:22
+      #   :::22
+      #   10.0.2.15:1234
+      #   ::ffff:10.0.2.15:9300
+      #   fe80::a00:27ff:fe32:ed09%enp0s3:9200
+      parsed_net_address = parsed[:local_addr].match(/(\S+):(\*|\d+)$/)
+      return nil if parsed_net_address.nil?
+      host = parsed_net_address[1]
+      port = parsed_net_address[2]
+      return nil if host.nil? && port.nil?
+      # For backward compatibility with the netstat output, ensure the
+      # port is stored as an integer
+      port = port.to_i
+      # for those "v4-but-listed-in-v6" entries, strip off the
+      # leading IPv6 value at the beginning
+      # example: ::ffff:10.0.2.15:9200
+      host.delete!('::ffff:') if host.start_with?('::ffff:')
+      # if there's an interface name in the local address, which is common for
+      # IPv6 listeners, strip that out too.
+      # example: fe80::a00:27ff:fe32:ed09%enp0s3
+      host = host.split('%').first
+      # if host is "*", replace with "0.0.0.0" to maintain backward compatibility with
+      # the netstat-provided data
+      host = '0.0.0.0' if host == '*'
+      # in case process list parsing is not successfull
+      process = nil
+      pid = nil
+      # parse process and pid from the process list
+      #
+      # remove the "users:((" and  "))" parts
+      # input: users:((\"nginx\",pid=583,fd=8),(\"nginx\",pid=582,fd=8),(\"nginx\",pid=580,fd=8),(\"nginx\",pid=579,fd=8))
+      # res: \"nginx\",pid=583,fd=8),(\"nginx\",pid=582,fd=8),(\"nginx\",pid=580,fd=8),(\"nginx\",pid=579,fd=8
+      process_list_match = parsed[:process_info].match(/users:\(\((.+)\)\)/)
+      if process_list_match
+        # list entires are seperated by "," the braces can also be removed
+        # input: \"nginx\",pid=583,fd=8),(\"nginx\",pid=582,fd=8),(\"nginx\",pid=580,fd=8),(\"nginx\",pid=579,fd=8
+        # res: ["\"nginx\",pid=583,fd=8", "\"nginx\",pid=582,fd=8", "\"nginx\",pid=580,fd=8", "\"nginx\",pid=579,fd=8"]
+        process_list = process_list_match[1].split('),(')
+        # To stay backwards compatible with netstat we need to select
+        # the last element in the resulting array.
+        # res: "\"nginx\",pid=579,fd=8"
+        # parse the process name from the process list
+        process_match = process_list.last.match(/^\"(\S+)\"/)
+        process = process_match.nil? ? nil : process_match[1]
+        # parse the PID from the process list
+        pid_match = process_list.last.match(/pid=(\d+)/)
+        pid = pid_match.nil? ? nil : pid_match[1].to_i
+      end
+      {
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'process'  => process,
+        'pid'      => pid,
+      }
+    end
+  end
+  # extracts information from sockstat
+  class FreeBsdPorts < PortsInfo
+    def info
+      cmd = inspec.command('sockstat -46l')
+      return nil if cmd.exit_status.to_i != 0
+      ports = []
+      # split on each newline
+      cmd.stdout.each_line do |line|
+        port_info = parse_sockstat_line(line)
+        # push data, if not headerfile
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        ports.push(port_info)
+      end
+      ports
+    end
+    def parse_net_address(net_addr, protocol)
+      case protocol
+      when 'tcp4', 'udp4', 'tcp', 'udp'
+        # replace * with 0.0.0.0
+        net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
+        ip_addr = URI('addr://'+net_addr)
+        host = ip_addr.host
+        port = ip_addr.port
+      when 'tcp6', 'udp6'
+        return [] if net_addr == '*:*' # abort for now
+        # replace * with 0:0:0:0:0:0:0:0
+        net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if net_addr =~ /^*:(\d+)$/
+        # extract port
+        ip6 = /^(\S+):(\d+)$/.match(net_addr)
+        ip6addr = ip6[1]
+        ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
+        # replace []
+        host = ip_addr.host[1..ip_addr.host.size-2]
+        port = ip_addr.port
+      end
+      [host, port]
+    rescue URI::InvalidURIError => e
+      warn "Could not parse #{net_addr}, #{e}"
+      nil
+    end
+    def parse_sockstat_line(line)
+      # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
+      return {} if parsed.nil?
+      # extract ip information
+      protocol = parsed[5].downcase
+      host, port = parse_net_address(parsed[6], protocol)
+      return {} if host.nil? or port.nil?
+      # extract process
+      process = parsed[2]
+      # extract PID
+      pid = parsed[3]
+      pid = pid.to_i if pid =~ /^\d+$/
+      # map tcp4 and udp4
+      protocol = 'tcp' if protocol.eql?('tcp4')
+      protocol = 'udp' if protocol.eql?('udp4')
+      {
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'process'  => process,
+        'pid'      => pid,
+      }
+    end
+  end
+  class SolarisPorts < FreeBsdPorts
+    include SolarisNetstatParser
+    def info
+      # extract all port info
+      cmd = inspec.command('netstat -an -f inet -f inet6')
+      return nil if cmd.exit_status.to_i != 0
+      # parse the content
+      netstat_ports = parse_netstat(cmd.stdout)
+      # filter all ports, where we `listen`
+      listen = netstat_ports.select { |val|
+        !val['state'].nil? && 'listen'.casecmp(val['state']) == 0
+      }
+      # map the data
+      ports = listen.map { |val|
+        protocol = val['protocol']
+        local_addr = val['local-address']
+        # solaris uses 127.0.0.1.57455 instead 127.0.0.1:57455, lets convert the
+        # the last . to :
+        local_addr[local_addr.rindex('.')] = ':'
+        host, port = parse_net_address(local_addr, protocol)
+        if host.nil?
+          nil
+        else
+          {
+            'port'     => port,
+            'address'  => host,
+            'protocol' => protocol,
+          }
+        end
+      }
+      ports.compact
+    end
+  end
+  # extracts information from netstat for hpux
+  class HpuxPorts < FreeBsdPorts
+    def info
+      ## Can't use 'netstat -an -f inet -f inet6' as the latter -f option overrides the former one and return only inet ports
+      cmd1 = inspec.command('netstat -an -f inet')
+      return nil if cmd1.exit_status.to_i != 0
+      cmd2 = inspec.command('netstat -an -f inet6')
+      return nil if cmd2.exit_status.to_i != 0
+      cmd = cmd1.stdout + cmd2.stdout
+      ports = []
+      # parse all lines
+      cmd.each_line do |line|
+        port_info = parse_netstat_line(line)
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
+        ports.push(port_info)
+      end
+      # select all ports, where we `listen`
+      ports.select { |val| val if 'listen'.casecmp(val['state']) == 0 }
+    end
+    def parse_netstat_line(line)
+      # parse each line
+      # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - (state)
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)?/.match(line)
+      return {} if parsed.nil? || line.match(/^proto/i) || line.match(/^active/i)
+      protocol = parsed[1].downcase
+      state = parsed[6].nil?? ' ' : parsed[6].downcase
+      local_addr = parsed[4]
+      local_addr[local_addr.rindex('.')] = ':'
+      # extract host and port information
+      host, port = parse_net_address(local_addr, protocol)
+      return {} if host.nil?
+      # map data
+      {
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'state'    => state,
+      }
+    end
+  end
+end