RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/parse_config.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+# Usage example:
+#
+#  audit = command('/sbin/auditctl -l').stdout
+#  options = {
+#    assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+#    multiple_values: true
+#  }
+#  describe parse_config(audit, options ) do
+class PConfig < Inspec.resource(1)
+  name 'parse_config'
+  def initialize(content = nil, useropts = nil)
+    @opts = {}
+    @opts = useropts.dup unless useropts.nil?
+    @files_contents = {}
+    @params = nil
+    @content = content
+    read_content if @content.nil?
+  end
+  def method_missing(name)
+    @params || read_content
+    @params[name.to_s]
+  end
+  def parse_file(conf_path)
+    @conf_path = conf_path
+    # read the file
+    if !inspec.file(conf_path).file?
+      return skip_resource "Can't find file \"#{conf_path}\""
+    end
+    @content = read_file(conf_path)
+    if @content.empty? && inspec.file(conf_path).size > 0
+      return skip_resource "Can't read file \"#{conf_path}\""
+    end
+    read_content
+  end
+  def read_file(path)
+    @files_contents[path] ||= inspec.file(path).content
+  end
+  def read_content
+    # parse the file
+    @params = SimpleConfig.new(@content, @opts).params
+    @content
+  end
+  def to_s
+    "Parse Config #{@conf_path}"
+  end
+end
+class PConfigFile < PConfig
+  name 'parse_config_file'
+  def initialize(path, opts = nil)
+    super(nil, opts)
+    parse_file(path)
+  end
+  def to_s
+    "Parse Config File #{@conf_path}"
+  end
+end

data/lib/resources/passwd.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Christoph Hartmann
+# author: Dominik Richter
+# license: All rights reserved
+# The file format consists of
+# - username
+# - password
+# - userid
+# - groupid
+# - user id info
+# - home directory
+# - command
+# usage:
+#
+# describe passwd do
+#   its(:usernames) { should eq ['root'] }
+#   its(:uids) { should eq [0] }
+# end
+#
+# describe passwd.uid(0) do
+#   its(:username) { should eq 'root' }
+#   its(:count) { should eq 1 }
+# end
+require 'utils/parser'
+class Passwd < Inspec.resource(1)
+  name 'passwd'
+  include ContentParser
+  attr_reader :uid
+  attr_reader :parsed
+  def initialize(path = nil)
+    @path = path || '/etc/passwd'
+    @content = inspec.file(@path).content
+    @parsed = parse_passwd(@content)
+  end
+  # call passwd().uid(0)
+  # returns a seperate object with reference to this object
+  def uid(uid)
+    PasswdUid.new(self, uid)
+  end
+  def usernames
+    map_data('name')
+  end
+  def passwords
+    map_data('password')
+  end
+  def uids
+    map_data('uid')
+  end
+  def gids
+    map_data('gid')
+  end
+  def to_s
+    '/etc/passwd'
+  end
+  private
+  def map_data(id)
+    @parsed.map {|x|
+      x[id]
+    }
+  end
+end
+# object that hold a specifc uid view on passwd
+class PasswdUid
+  def initialize(passwd, uid)
+    @passwd = passwd
+    @users = @passwd.parsed.select { |x| x['uid'] == "#{uid}" }
+  end
+  def username
+    @users.at(0)['name']
+  end
+  def count
+    @users.size
+  end
+end

data/lib/resources/pip.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe pip('Jinja2') do
+#   it { should be_installed }
+# end
+#
+class PipPackage < Inspec.resource(1)
+  name 'pip'
+  def initialize(package_name)
+    @package_name = package_name
+  end
+  def info
+    return @info if defined?(@info)
+    @info = {}
+    @info[:type] = 'pip'
+    cmd = inspec.command("#{pip_cmd} show #{@package_name}")
+    return @info if cmd.exit_status != 0
+    params = SimpleConfig.new(
+      cmd.stdout,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: false,
+    ).params
+    @info[:name] = params['Name']
+    @info[:version] = params['Version']
+    @info[:installed] = true
+    @info
+  end
+  def installed?
+    info[:installed] == true
+  end
+  def version
+    info[:version]
+  end
+  def to_s
+    "Pip Package  #{@package_name}"
+  end
+  private
+  def pip_cmd
+    # Pip is not on the default path for Windows, therefore we do some logic
+    # to find the binary on Windows
+    family = inspec.os[:family]
+    case family
+    when 'windows'
+      # we need to detect the pip command on Windows
+      cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
+      begin
+        paths = JSON.parse(cmd.stdout)
+        # use pip if it on system path
+        pipcmd = paths['Pip']
+        # calculate path on windows
+        if defined?(paths['Python']) && pipcmd.nil?
+          pipdir = paths['Python'].split('\\')
+          # remove python.exe
+          pipdir.pop
+          pipcmd = pipdir.push('Scripts').push('pip.exe').join('/')
+        end
+      rescue JSON::ParserError => _e
+        return nil
+      end
+    end
+    pipcmd || 'pip'
+  end
+end

data/lib/resources/port.rb ADDED Viewed

@@ -0,0 +1,296 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+# describe port(80) do
+#   it { should be_listening }
+#   its('protocol') {should eq 'tcp'}
+# end
+#
+# not supported serverspec syntax
+# describe port(80) do
+#   it { should be_listening.with('tcp') }
+# end
+#
+# TODO: currently we return local ip only
+# TODO: improve handling of same port on multiple interfaces
+class Port < Inspec.resource(1)
+  name 'port'
+  def initialize(port)
+    @port = port
+    @port_manager = nil
+    @cache = nil
+    case inspec.os[:family]
+    when 'ubuntu', 'debian', 'redhat', 'fedora', 'arch'
+      @port_manager = LinuxPorts.new(inspec)
+    when 'darwin'
+      @port_manager = DarwinPorts.new(inspec)
+    when 'windows'
+      @port_manager = WindowsPorts.new(inspec)
+    when 'freebsd'
+      @port_manager = FreeBsdPorts.new(inspec)
+    else
+      return skip_resource 'The `port` resource is not supported on your OS yet.'
+    end
+  end
+  def listening?(_protocol = nil, _local_address = nil)
+    info.size > 0
+  end
+  def protocol
+    res = info.map { |x| x[:protocol] }.uniq.compact
+    res.size > 0 ? res : nil
+  end
+  def process
+    res = info.map { |x| x[:process] }.uniq.compact
+    res.size > 0 ? res : nil
+  end
+  def pid
+    res = info.map { |x| x[:pid] }.uniq.compact
+    res.size > 0 ? res : nil
+  end
+  def to_s
+    "Port  #{@port}"
+  end
+  private
+  def info
+    return @cache if !@cache.nil?
+    # abort if os detection has not worked
+    return @cache = [] if @port_manager.nil?
+    # query ports
+    ports = @port_manager.info || []
+    @cache = ports.select { |p| p[:port] == @port }
+  end
+end
+# implements an info method and returns all ip adresses and protocols for
+# each port
+# [{
+#   port: 80,
+#   address: [{
+#     ip: '0.0.0.0'
+#     protocol: 'tcp'
+#   }],
+# }]
+class PortsInfo
+  attr_reader :inspec
+  def initialize(inspec)
+    @inspec = inspec
+  end
+end
+# TODO: Add UDP infromation Get-NetUDPEndpoint
+# TODO: currently Windows only supports tcp ports
+# TODO: Get-NetTCPConnection does not return PIDs
+# TODO: double-check output with 'netstat -ano'
+# @see https://connect.microsoft.com/PowerShell/feedback/details/1349420/get-nettcpconnection-does-not-show-processid
+class WindowsPorts < PortsInfo
+  def info
+    # get all port information
+    cmd = inspec.command('Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json')
+    begin
+      ports = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    return nil if ports.nil?
+    ports.map { |x|
+      {
+        port: x['LocalPort'],
+        address: x['LocalAddress'],
+        protocol: 'tcp',
+        process: nil,
+        pid: nil,
+      }
+    }
+  end
+end
+# extracts udp and tcp ports from macos
+class DarwinPorts < PortsInfo
+  def info
+    # collects UDP and TCP information
+    cmd = inspec.command('lsof -nP -iTCP -iUDP -sTCP:LISTEN')
+    return nil if cmd.exit_status.to_i != 0
+    ports = []
+    # split on each newline
+    cmd.stdout.each_line do |line|
+      # parse each line
+      # 1 - COMMAND, 2 - PID, 3 - USER, 4 - FD, 5 - TYPE, 6 - DEVICE, 7 - SIZE/OFF, 8 - NODE, 9 - NAME
+      parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+).*$/.match(line)
+      # extract network info
+      net_addr = parsed[9].split(':')
+      # convert to number if possible
+      net_port = net_addr[1]
+      net_port = net_port.to_i if /^\d+$/.match(net_port)
+      protocol = parsed[8].downcase
+      # add version to protocol
+      type = parsed[5].downcase
+      protocol += '6' if type == 'IPv6'
+      # map data
+      port_info = {
+        port: net_port,
+        address: net_addr[0],
+        protocol: protocol,
+        process: parsed[1],
+        pid: parsed[2].to_i,
+      }
+      # push data, if not headerfile
+      ports.push(port_info) if %w{tcp tcp6 udp udp6}.include?(protocol)
+    end
+    ports
+  end
+end
+# extract port information from netstat
+class LinuxPorts < PortsInfo
+  def info
+    cmd = inspec.command('netstat -tulpen')
+    return nil if cmd.exit_status.to_i != 0
+    ports = []
+    # parse all lines
+    cmd.stdout.each_line do |line|
+      port_info = parse_netstat_line(line)
+      # only push protocols we are interested in
+      next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+      ports.push(port_info)
+    end
+    ports
+  end
+  def parse_net_address(net_addr, protocol)
+    if protocol.eql?('tcp6') || protocol.eql?('udp6')
+      # prep for URI parsing, parse ip6 port
+      ip6 = /^(\S+:)(\d+)$/.match(net_addr)
+      ip6addr = ip6[1]
+      ip6addr = '::' if /^:::$/.match(ip6addr)
+      # build uri
+      ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
+      # replace []
+      host = ip_addr.host[1..ip_addr.host.size-2]
+      port = ip_addr.port
+    else
+      ip_addr = URI('addr://'+net_addr)
+      host = ip_addr.host
+      port = ip_addr.port
+    end
+    [host, port]
+  end
+  def parse_netstat_line(line)
+    # parse each line
+    # 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - Inode, 8 - PID/Program name
+    parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
+    return {} if parsed.nil?
+    # parse ip4 and ip6 addresses
+    protocol = parsed[1].downcase
+    host, port = parse_net_address(parsed[4], protocol)
+    # extract PID
+    process = parsed[9].split('/')
+    pid = process[0]
+    pid = pid.to_i if /^\d+$/.match(pid)
+    process = process[1]
+    # map data
+    {
+      port: port,
+      address: host,
+      protocol: protocol,
+      process: process,
+      pid: pid,
+    }
+  end
+end
+# extracts information from sockstat
+class FreeBsdPorts < PortsInfo
+  def info
+    cmd = inspec.command('sockstat -46l')
+    return nil if cmd.exit_status.to_i != 0
+    ports = []
+    # split on each newline
+    cmd.stdout.each_line do |line|
+      port_info = parse_sockstat_line(line)
+      # push data, if not headerfile
+      next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+      ports.push(port_info)
+    end
+    ports
+  end
+  def parse_net_address(net_addr, protocol)
+    case protocol
+    when 'tcp4', 'udp4'
+      # replace * with 0.0.0.0
+      net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if /^*:(\d+)$/.match(net_addr)
+      ip_addr = URI('addr://'+net_addr)
+      host = ip_addr.host
+      port = ip_addr.port
+    when 'tcp6', 'udp6'
+      return [] if net_addr == '*:*' # abort for now
+      # replace * with 0:0:0:0:0:0:0:0
+      net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if /^*:(\d+)$/.match(net_addr)
+      # extract port
+      ip6 = /^(\S+):(\d+)$/.match(net_addr)
+      ip6addr = ip6[1]
+      ip_addr = URI("addr://[#{ip6addr}]:#{ip6[2]}")
+      # replace []
+      host = ip_addr.host[1..ip_addr.host.size-2]
+      port = ip_addr.port
+    end
+    [host, port]
+  end
+  def parse_sockstat_line(line)
+    # 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
+    parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
+    return {} if parsed.nil?
+    # extract ip information
+    protocol = parsed[5].downcase
+    host, port = parse_net_address(parsed[6], protocol)
+    return {} if host.nil? or port.nil?
+    # extract process
+    process = parsed[2]
+    # extract PID
+    pid = parsed[3]
+    pid = pid.to_i if /^\d+$/.match(pid)
+    # map tcp4 and udp4
+    protocol = 'tcp' if protocol.eql?('tcp4')
+    protocol = 'udp' if protocol.eql?('udp4')
+    # map data
+    {
+      port: port,
+      address: host,
+      protocol: protocol,
+      process: process,
+      pid: pid,
+    }
+  end
+end