fix(scan): warning if lsof command not found (#1167)

future-architect · Feb 6, 2021 · 51b8e16 · 51b8e16
1 parent b4611ae
commit 51b8e16
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 14 deletions.
diff --git a/scan/base.go b/scan/base.go
@@ -322,7 +322,7 @@ func (l *base) detectPlatform() {
 
 var dsFingerPrintPrefix = "AgentStatus.agentCertHash: "
 
-func (l *base) detectDeepSecurity() (fingerprint string, err error) {
+func (l *base) detectDeepSecurity() (string, error) {
 	// only work root user
 	if l.getServerInfo().Mode.IsFastRoot() {
 		if r := l.exec("test -f /opt/ds_agent/dsa_query", sudo); r.isSuccess() {
@@ -621,7 +621,7 @@ func (d *DummyFileInfo) IsDir() bool { return false }
 //Sys is
 func (d *DummyFileInfo) Sys() interface{} { return nil }
 
-func (l *base) scanWordPress() (err error) {
+func (l *base) scanWordPress() error {
 	if l.ServerInfo.WordPress.IsZero() || l.ServerInfo.Type == config.ServerTypePseudo {
 		return nil
 	}
@@ -835,7 +835,7 @@ func (l *base) findPortTestSuccessOn(listenIPPorts []string, searchListenPort mo
 	return addrs
 }
 
-func (l *base) ps() (stdout string, err error) {
+func (l *base) ps() (string, error) {
 	cmd := `LANGUAGE=en_US.UTF-8 ps --no-headers --ppid 2 -p 2 --deselect -o pid,comm`
 	r := l.exec(util.PrependProxyEnv(cmd), noSudo)
 	if !r.isSuccess() {
@@ -858,7 +858,7 @@ func (l *base) parsePs(stdout string) map[string]string {
 	return pidNames
 }
 
-func (l *base) lsProcExe(pid string) (stdout string, err error) {
+func (l *base) lsProcExe(pid string) (string, error) {
 	cmd := fmt.Sprintf("ls -l /proc/%s/exe", pid)
 	r := l.exec(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess() {
@@ -875,7 +875,7 @@ func (l *base) parseLsProcExe(stdout string) (string, error) {
 	return ss[10], nil
 }
 
-func (l *base) grepProcMap(pid string) (stdout string, err error) {
+func (l *base) grepProcMap(pid string) (string, error) {
 	cmd := fmt.Sprintf(`cat /proc/%s/maps 2>/dev/null | grep -v " 00:00 " | awk '{print $6}' | sort -n | uniq`, pid)
 	r := l.exec(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess() {
@@ -894,10 +894,10 @@ func (l *base) parseGrepProcMap(stdout string) (soPaths []string) {
 	return soPaths
 }
 
-func (l *base) lsOfListen() (stdout string, err error) {
-	cmd := `lsof -i -P -n | grep LISTEN`
+func (l *base) lsOfListen() (string, error) {
+	cmd := `lsof -i -P -n`
 	r := l.exec(util.PrependProxyEnv(cmd), sudo)
-	if !r.isSuccess(0, 1) {
+	if !r.isSuccess() {
 		return "", xerrors.Errorf("Failed to lsof: %s", r)
 	}
 	return r.Stdout, nil
@@ -907,7 +907,11 @@ func (l *base) parseLsOf(stdout string) map[string][]string {
 	portPids := map[string][]string{}
 	scanner := bufio.NewScanner(strings.NewReader(stdout))
 	for scanner.Scan() {
-		ss := strings.Fields(scanner.Text())
+		line := scanner.Text()
+		if !strings.Contains(line, "LISTEN") {
+			continue
+		}
+		ss := strings.Fields(line)
 		if len(ss) < 10 {
 			continue
 		}

diff --git a/scan/base_test.go b/scan/base_test.go
@@ -257,6 +257,7 @@ sshd        644            root    4u  IPv6  16716      0t0  TCP *:22 (LISTEN)
 squid       959           proxy   11u  IPv6  16351      0t0  TCP *:3128 (LISTEN)
 node       1498          ubuntu   21u  IPv6  20132      0t0  TCP *:35401 (LISTEN)
 node       1498          ubuntu   22u  IPv6  20133      0t0  TCP *:44801 (LISTEN)
+rpcbind   568    rpc    7u  IPv6  15149      0t0  UDP *:111
 docker-pr  9135            root    4u  IPv6 297133      0t0  TCP *:6379 (LISTEN)`,
 			},
 			wantPortPid: map[string][]string{

diff --git a/scan/debian.go b/scan/debian.go
@@ -1297,7 +1297,8 @@ func (o *debian) dpkgPs() error {
 	pidListenPorts := map[string][]models.PortStat{}
 	stdout, err = o.lsOfListen()
 	if err != nil {
-		return xerrors.Errorf("Failed to ls of: %w", err)
+		// warning only, continue scanning
+		o.log.Warnf("Failed to lsof: %+v", err)
 	}
 	portPids := o.parseLsOf(stdout)
 	for ipPort, pids := range portPids {
@@ -1332,7 +1333,8 @@ func (o *debian) dpkgPs() error {
 		for _, n := range pkgNames {
 			p, ok := o.Packages[n]
 			if !ok {
-				return xerrors.Errorf("pkg not found %s", n)
+				o.log.Warnf("Failed to FindByFQPN: %+v", err)
+				continue
 			}
 			p.AffectedProcs = append(p.AffectedProcs, proc)
 			o.Packages[p.Name] = p

diff --git a/scan/redhatbase.go b/scan/redhatbase.go
@@ -492,7 +492,8 @@ func (o *redhatBase) yumPs() error {
 	pidListenPorts := map[string][]models.PortStat{}
 	stdout, err = o.lsOfListen()
 	if err != nil {
-		return xerrors.Errorf("Failed to lsof: %w", err)
+		// warning only, continue scanning
+		o.log.Warnf("Failed to lsof: %+v", err)
 	}
 	portPids := o.parseLsOf(stdout)
 	for ipPort, pids := range portPids {
@@ -532,7 +533,8 @@ func (o *redhatBase) yumPs() error {
 		for pkgNameVerRel := range uniq {
 			p, err := o.Packages.FindByFQPN(pkgNameVerRel)
 			if err != nil {
-				return err
+				o.log.Warnf("Failed to FindByFQPN: %+v", err)
+				continue
 			}
 			p.AffectedProcs = append(p.AffectedProcs, proc)
 			o.Packages[p.Name] = *p
@@ -604,7 +606,7 @@ func (o *redhatBase) parseNeedsRestarting(stdout string) (procs []models.NeedRes
 			cmd := fmt.Sprintf("LANGUAGE=en_US.UTF-8 which %s", path)
 			r := o.exec(cmd, sudo)
 			if !r.isSuccess() {
-				o.log.Warnf("Failed to exec which %s: %s", path, r)
+				o.log.Debugf("Failed to exec which %s: %s", path, r)
 				continue
 			}
 			path = strings.TrimSpace(r.Stdout)