RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/parse_config.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+# Usage example:
+#
+#  audit = command('/sbin/auditctl -l').stdout
+#  options = {
+#    assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+#    multiple_values: true
+#  }
+#  describe parse_config(audit, options ) do
+class PConfig < Inspec.resource(1)
+  name 'parse_config'
+  def initialize(content = nil, useropts = nil)
+    @opts = {}
+    @opts = useropts.dup unless useropts.nil?
+    @files_contents = {}
+    @params = nil
+    @content = content
+    read_content if @content.nil?
+  end
+  def method_missing(name)
+    @params || read_content
+    @params[name.to_s]
+  end
+  def parse_file(conf_path)
+    @conf_path = conf_path
+    # read the file
+    if !inspec.file(conf_path).file?
+      return skip_resource "Can't find file \"#{conf_path}\""
+    end
+    @content = read_file(conf_path)
+    if @content.empty? && inspec.file(conf_path).size > 0
+      return skip_resource "Can't read file \"#{conf_path}\""
+    end
+    read_content
+  end
+  def read_file(path)
+    @files_contents[path] ||= inspec.file(path).content
+  end
+  def read_content
+    # parse the file
+    @params = SimpleConfig.new(@content, @opts).params
+    @content
+  end
+  def to_s
+    "Parse Config #{@conf_path}"
+  end
+end
+class PConfigFile < PConfig
+  name 'parse_config_file'
+  def initialize(path, opts = nil)
+    super(nil, opts)
+    parse_file(path)
+  end
+  def to_s
+    "Parse Config File #{@conf_path}"
+  end
+end

data/lib/resources/passwd.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+# The file format consists of
+# - username
+# - password
+# - userid
+# - groupid
+# - user id info
+# - home directory
+# - command
+# usage:
+#
+# describe passwd do
+#   its(:usernames) { should eq ['root'] }
+#   its(:uids) { should eq [0] }
+# end
+#
+# describe passwd.uid(0) do
+#   its(:username) { should eq 'root' }
+#   its(:count) { should eq 1 }
+# end
+require 'utils/parser'
+class Passwd < Inspec.resource(1)
+  name 'passwd'
+  include ContentParser
+  attr_reader :uid
+  attr_reader :parsed
+  def initialize(path = nil)
+    @path = path || '/etc/passwd'
+    @content = inspec.file(@path).content
+    @parsed = parse_passwd(@content)
+  end
+  # call passwd().uid(0)
+  # returns a seperate object with reference to this object
+  def uid(uid)
+    PasswdUid.new(self, uid)
+  end
+  def usernames
+    map_data('name')
+  end
+  def passwords
+    map_data('password')
+  end
+  def uids
+    map_data('uid')
+  end
+  def gids
+    map_data('gid')
+  end
+  def to_s
+    '/etc/passwd'
+  end
+  private
+  def map_data(id)
+    @parsed.map {|x|
+      x[id]
+    }
+  end
+end
+# object that hold a specifc uid view on passwd
+class PasswdUid
+  def initialize(passwd, uid)
+    @passwd = passwd
+    @users = @passwd.parsed.select { |x| x['uid'] == "#{uid}" }
+  end
+  def username
+    @users.at(0)['name']
+  end
+  def count
+    @users.size
+  end
+end

data/lib/resources/pip.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe pip('Jinja2') do
+#   it { should be_installed }
+# end
+#
+class PipPackage < Inspec.resource(1)
+  name 'pip'
+  def initialize(package_name)
+    @package_name = package_name
+  end
+  def info
+    return @info if defined?(@info)
+    @info = {}
+    @info[:type] = 'pip'
+    cmd = inspec.command("#{pip_cmd} show #{@package_name}")
+    return @info if cmd.exit_status != 0
+    params = SimpleConfig.new(
+      cmd.stdout,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: false,
+    ).params
+    @info[:name] = params['Name']
+    @info[:version] = params['Version']
+    @info[:installed] = true
+    @info
+  end
+  def installed?
+    info[:installed] == true
+  end
+  def version
+    info[:version]
+  end
+  def to_s
+    "Pip Package  #{@package_name}"
+  end
+  private
+  def pip_cmd
+    # Pip is not on the default path for Windows, therefore we do some logic
+    # to find the binary on Windows
+    family = inspec.os[:family]
+    case family
+    when 'windows'
+      # we need to detect the pip command on Windows
+      cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
+      begin
+        paths = JSON.parse(cmd.stdout)
+        # use pip if it on system path
+        pipcmd = paths['Pip']
+        # calculate path on windows
+        if defined?(paths['Python']) && pipcmd.nil?
+          pipdir = paths['Python'].split('\\')
+          # remove python.exe
+          pipdir.pop
+          pipcmd = pipdir.push('Scripts').push('pip.exe').join('/')
+        end
+      rescue JSON::ParserError => _e
+        return nil
+      end
+    end
+    pipcmd || 'pip'
+  end
+end

data/lib/resources/port.rb ADDED Viewed

@@ -0,0 +1,296 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe port(80) do
+#   it { should be_listening }
+#   its('protocol') {should eq 'tcp'}
+# end
+#
+# not supported serverspec syntax
+# describe port(80) do
+#   it { should be_listening.with('tcp') }
+# end
+#
+# TODO: currently we return local ip only
+# TODO: improve handling of same port on multiple interfaces
+class Port < Inspec.resource(1)
+  name 'port'
+  def initialize(port)
+    @port = port
+    @port_manager = nil
+    @cache = nil
+    case inspec.os[:family]
+    when 'ubuntu', 'debian', 'redhat', 'fedora', 'arch'
+      @port_manager = LinuxPorts.new(inspec)
+    when 'darwin'
+      @port_manager = DarwinPorts.new(inspec)
+    when 'windows'
+      @port_manager = WindowsPorts.new(inspec)
+    when 'freebsd'
+      @port_manager = FreeBsdPorts.new(inspec)
+    else
+      return skip_resource 'The `port` resource is not supported on your OS yet.'
+    end
+  end
+  def listening?(_protocol = nil, _local_address = nil)
+    info.size > 0
+  end
+  def protocol
+    res = info.map { |x| x[:protocol] }.uniq.compact
+    res.size > 0 ? res : nil
+  end
+  def process
+    res = info.map { |x| x[:process] }.uniq.compact
+    res.size > 0 ? res : nil
+  end
+  def pid
+    res = info.map { |x| x[:pid] }.uniq.compact
+    res.size > 0 ? res : nil
+  end
+  def to_s
+    "Port  #{@port}"
+  end
+  private
+  def info
+    return @cache if !@cache.nil?
+    # abort if os detection has not worked
+    return @cache = [] if @port_manager.nil?
+    # query ports
+    ports = @port_manager.info || []
+    @cache = ports.select { |p| p[:port] == @port }
+  end
+end
+# implements an info method and returns all ip adresses and protocols for
+# each port
+# [{
+#   port: 80,
+#   address: [{
+#     ip: '0.0.0.0'
+#     protocol: 'tcp'
+#   }],
+# }]
+class PortsInfo
+  attr_reader :inspec
+  def initialize(inspec)
+    @inspec = inspec
+  end
+end
+# TODO: Add UDP infromation Get-NetUDPEndpoint
+# TODO: currently Windows only supports tcp ports
+# TODO: Get-NetTCPConnection does not return PIDs
+# TODO: double-check output with 'netstat -ano'
+# @see https://connect.microsoft.com/PowerShell/feedback/details/1349420/get-nettcpconnection-does-not-show-processid
+class WindowsPorts < PortsInfo
+  def info
+    # get all port information
+    cmd = inspec.command('Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
+    begin
+      ports = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    return nil if ports.nil?
+    ports.map { |x|
+      {
+        port: x['LocalPort'],
+        address: x['LocalAddress'],
+        protocol: 'tcp',
+        process: nil,
+        pid: nil,
+      }
+    }
+  end
+end
+# extracts udp and tcp ports from macos
+class DarwinPorts < PortsInfo
+  def info
+    # collects UDP and TCP information
+    cmd = inspec.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
+    return nil if cmd.exit_status.to_i != 0
+    ports = []
+    # split on each newline
+    cmd.stdout.each_line do |line|
+      # parse each line
+      # 1 - COMMAND, 2 - PID, 3 - USER, 4 - FD, 5 - TYPE, 6 - DEVICE, 7 - SIZE/OFF, 8 - NODE, 9 - NAME
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+).*$/.match(line)
+      # extract network info
+      net_addr = parsed[9].split(':')
+      # convert to number if possible
+      net_port = net_addr[1]
+      net_port = net_port.to_i if /^\d+$/.match(net_port)
+      protocol = parsed[8].downcase
+      # add version to protocol
+      type = parsed[5].downcase
+      protocol += '6' if type == 'IPv6'
+      # map data
+      port_info = {
+        port: net_port,
+        address: net_addr[0],
+        protocol: protocol,
+        process: parsed[1],
+        pid: parsed[2].to_i,
+      }
+      # push data, if not headerfile
+      ports.push(port_info) if %w{tcp tcp6 udp udp6}.include?(protocol)
+    end
+    ports
+  end
+end
+# extract port information from netstat
+class LinuxPorts < PortsInfo
+  def info
+    cmd = inspec.command('netstat -tulpen')
+    return nil if cmd.exit_status.to_i != 0
+    ports = []
+    # parse all lines
+    cmd.stdout.each_line do |line|
+      port_info = parse_netstat_line(line)
+      # only push protocols we are interested in
+      next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+      ports.push(port_info)
+    end
+    ports
+  end
+  def parse_net_address(net_addr, protocol)
+    if protocol.eql?('tcp6') || protocol.eql?('udp6')
+      # prep for URI parsing, parse ip6 port
+      ip6 = /^(\S+:)(\d+)$/.match(net_addr)
+      ip6addr = ip6[1]
+      ip6addr = '::' if /^:::$/.match(ip6addr)
+      # build uri
+      ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
+      # replace []
+      host = ip_addr.host[1..ip_addr.host.size-2]
+      port = ip_addr.port
+    else
+      ip_addr = URI('addr://'+net_addr)
+      host = ip_addr.host
+      port = ip_addr.port
+    end
+    [host, port]
+  end
+  def parse_netstat_line(line)
+    # parse each line
+    # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - Inode, 8 - PID/Program name
+    parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
+    return {} if parsed.nil?
+    # parse ip4 and ip6 addresses
+    protocol = parsed[1].downcase
+    host, port = parse_net_address(parsed[4], protocol)
+    # extract PID
+    process = parsed[9].split('/')
+    pid = process[0]
+    pid = pid.to_i if /^\d+$/.match(pid)
+    process = process[1]
+    # map data
+    {
+      port: port,
+      address: host,
+      protocol: protocol,
+      process: process,
+      pid: pid,
+    }
+  end
+end
+# extracts information from sockstat
+class FreeBsdPorts < PortsInfo
+  def info
+    cmd = inspec.command('sockstat -46l')
+    return nil if cmd.exit_status.to_i != 0
+    ports = []
+    # split on each newline
+    cmd.stdout.each_line do |line|
+      port_info = parse_sockstat_line(line)
+      # push data, if not headerfile
+      next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+      ports.push(port_info)
+    end
+    ports
+  end
+  def parse_net_address(net_addr, protocol)
+    case protocol
+    when 'tcp4', 'udp4'
+      # replace * with 0.0.0.0
+      net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if /^*:(\d+)$/.match(net_addr)
+      ip_addr = URI('addr://'+net_addr)
+      host = ip_addr.host
+      port = ip_addr.port
+    when 'tcp6', 'udp6'
+      return [] if net_addr == '*:*' # abort for now
+      # replace * with 0:0:0:0:0:0:0:0
+      net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if /^*:(\d+)$/.match(net_addr)
+      # extract port
+      ip6 = /^(\S+):(\d+)$/.match(net_addr)
+      ip6addr = ip6[1]
+      ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
+      # replace []
+      host = ip_addr.host[1..ip_addr.host.size-2]
+      port = ip_addr.port
+    end
+    [host, port]
+  end
+  def parse_sockstat_line(line)
+    # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
+    parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
+    return {} if parsed.nil?
+    # extract ip information
+    protocol = parsed[5].downcase
+    host, port = parse_net_address(parsed[6], protocol)
+    return {} if host.nil? or port.nil?
+    # extract process
+    process = parsed[2]
+    # extract PID
+    pid = parsed[3]
+    pid = pid.to_i if /^\d+$/.match(pid)
+    # map tcp4 and udp4
+    protocol = 'tcp' if protocol.eql?('tcp4')
+    protocol = 'udp' if protocol.eql?('udp4')
+    # map data
+    {
+      port: port,
+      address: host,
+      protocol: protocol,
+      process: process,
+      pid: pid,
+    }
+  end
+end