Adding banned port option to detect banned ports

2016-03-21 17:41:14 +01:00 · 2016-03-21 17:41:14 +01:00 · 1ffee5606a
commit 1ffee5606a
parent 42b09f83ab
1 changed files with 15 additions and 1 deletions
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@ -72,7 +72,8 @@ my %opt = (
    "skipsize"     => 0,
    "checkversion" => 0,
    "buffers"      => 0,
-    "passwordfile" => 0,
+    "passwordfile" => 0, 
+    "bannedports"  => '', 
    "outputfile"   => 0,
    "dbstat"       => 0,
    "idxstat"      => 0,
@ -92,6 +93,7 @@ GetOptions(
    'mysqlcmd=s',     'help',         'buffers',      'skippassword',
    'passwordfile=s', 'outputfile=s', 'silent',       'dbstat', 'json',
    'idxstat', 'noask', 'template=s', 'reportfile=s', 'cvefile=s',
+    'bannedports=s',
 );

 if ( defined $opt{'help'} && $opt{'help'} == 1 ) { usage(); }
@ -134,6 +136,7 @@ sub usage {
      . "      --debug              Print debug information\n"
      . "      --dbstat             Print database information\n"
      . "      --idxstat            Print index information\n"
+      . "      --bannedports        ports banned separated by comma(,)\n"
      . "      --cvefile            CVE File for vulnerability checks\n"
      . "      --nocolor            Don't print output in color\n"
      . "      --json               Print result as JSON string\n"
@ -160,6 +163,9 @@ $opt{cvefile} = "/usr/share/mysqltuner/vulnerabilities.csv"
 $opt{cvefile} ='' unless -f "$opt{cvefile}";
 $opt{cvefile} ='./vulnerabilities.csv' if -f './vulnerabilities.csv';

+$opt{'bannedports'}='' unless defined($opt{'bannedports'});
+my @banned_ports=split ',', $opt{'bannedports'};
+
 #
 my $outputfile = undef;
 $outputfile = abs_path( $opt{outputfile} ) unless $opt{outputfile} eq "0";
@ -908,6 +914,14 @@ sub system_recommendations {
    }  else {
        goodprint "No Application server runing on 8080 or 8443 port.";
    }
+    foreach my $banport (@banned_ports) {
+	    if ( is_open_port($banport) ) {
+		    badprint "Banned port: $banport is opened..";
+		    push( @generalrec, "Port $banport is opened. Consider stopping program handling this port." );
+	    }  else {
+		    goodprint "$banport is not opened.";
+	    }
+    }
 }
    
 sub security_recommendations {