Check ip6tables_rules_for_open_ports.sh incorrectly parses output of `ip6tables -L INPUT -v -n`
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Security Guide |
Fix Committed
|
Undecided
|
Miha Purg | ||
Bug Description
usg version: 22.04.6
Check /usr/share/
As a result, ip6tables_
I have the system with the following opened ports:
```
# ss -6tuln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 [fc00:722d:
udp UNCONN 0 0 [::]:6081 [::]:*
tcp LISTEN 0 1024 [::1]:11211 [::]:*
tcp LISTEN 0 100 [::1]:25 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 511 *:80 *:*
tcp LISTEN 0 511 *:443 *:*
tcp LISTEN 0 511 *:9856 *:*
tcp LISTEN 0 511 *:9866 *:*
tcp LISTEN 0 4096 *:9876 *:*
```
On this system, running the check fails because:
```
# ss -6tuln | awk '($5!~/%lo:/ && $5!~/127.0.0.1:/ && $5!~/::1/) {split($5, a, ":"); print a[2]}i' | sor
t | uniq
443
722d <---- THIS IS INCORRECT
80
9856
9866
9876
```
| summary: |
- Check ip6tables_rules_for_open_ports.sh incorrectly incorrectly parses - output of `ip6tables -L INPUT -v -n` + Check ip6tables_rules_for_open_ports.sh incorrectly parses output of + `ip6tables -L INPUT -v -n` |
| description: | updated |
| Miha Purg (mihap) wrote | #1 |
| Changed in usg: | |
| status: | New → Confirmed |
| assignee: | nobody → Miha Purg (mihap) |
| Changed in usg: | |
| status: | Confirmed → In Progress |
| Miha Purg (mihap) wrote | #2 |
| Changed in usg: | |
| status: | In Progress → Fix Committed |
| Przemyslaw Hausman (phausman) wrote | #3 |
Hi Przemyslaw, thanks for reporting the bug!
Can you confirm that this gives the expected output:
# ss -6tulnH | awk '($5!~/::1/) {n=split($5, a, ":"); print a[n]}' | sort -u