Replace netstat with ss
The `ss` program is now the official replacement for `netstat` which is deprecated in most Linux distributions. Also replace the messy sed rules which do not work on all versions with a clean command-line that just displays the key information that does **not** change on every command run (e.g. PID) resulting in false positives.
This commit is contained in:
Pawel Krawczyk
parent
f527db79f7
commit
81058daf1b
@ -284,7 +284,7 @@ wazuh_agent_config:
|
|||||||
command: 'df -P'
|
command: 'df -P'
|
||||||
frequency: '360'
|
frequency: '360'
|
||||||
- format: 'full_command'
|
- format: 'full_command'
|
||||||
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
|
command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
|
||||||
alias: 'netstat listening ports'
|
alias: 'netstat listening ports'
|
||||||
frequency: '360'
|
frequency: '360'
|
||||||
- format: 'full_command'
|
- format: 'full_command'
|
||||||
|
|||||||
@ -186,7 +186,7 @@ wazuh_manager_config:
|
|||||||
command: 'df -P'
|
command: 'df -P'
|
||||||
frequency: '360'
|
frequency: '360'
|
||||||
- format: 'full_command'
|
- format: 'full_command'
|
||||||
command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
|
command: ss -nutal | awk '{print $1,$5,$6;}' | sort -b | column -t
|
||||||
alias: 'netstat listening ports'
|
alias: 'netstat listening ports'
|
||||||
frequency: '360'
|
frequency: '360'
|
||||||
- format: 'full_command'
|
- format: 'full_command'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user