man lsof_ports

NAME

  lsof_ports - pdsh|push wrapper invoking lsof_ps.ksh

SYNOPSIS

  lsof_ports [-options]

DESCRIPTION

  The  lsof_ports script is distributed with uaxtools and invokes lsof_ps.ksh to ana-
  lyze open ports on a collection of systems.  The results of 'lsof  -Pi'  is  merged
  with  ps  output  and  filtered  for  documented acceptable open ports to produce a
  report of anomalies.

  Many sites use external scans on a periodic (typically monthly) basis.  While  this
  is  not a bad idea, especially when implementing new systems, it is not very effec-
  tive.  A monthly scan will likely only uncover a longer term problem.  In addition,
  most  sites  implement  iptables  blocking  external  network  queries beyond those
  required for node purpose  and  related,established  commmunications.   This  makes
  external scans ineffective to identify ports users may have inappropriately opened.
  This script can easily be run daily or more frequently.  Building the filter for  a
  system  generally  requires watching for a period of time and some understanding of
  what users are doing.  It typically only needs to be run on  network  facing  nodes
  unless a proxy service is being used for ipforward.

OPTIONS

  -f file
         lsof output file name for reanalysis.

  -m alert
         who to alert, use a null value for no email.

  -u filter
         sourced filter, default is specified in lsof_ps.ksh.  Use '.' for no filter.

  -l list
         push|pdsh list of nodes to check.

  -quiet do NOT show undefined userid:executable ports.

ACKNOWLEDGEMENTS

  Written at the University of Alaska.  Ongoing maintenance via SourceForge by Denali
  Sun Consulting.

  Suggestions or bug reports can be directed to denalisun907@gmail.com.

RELATED INFORMATION

  See: uaxtools(8), lsof_ps.ksh(8), push(8).