This holds the tool we are using to draw the process graphs
This code allows you to plot the communications between your host and others.
-
It uses the
ss(socket statistics) command with the-npatuwoptions -n, --numeric Do now try to resolve service names. -a, --all Display all sockets. -p, --processes Show process using socket. -t, --tcp Display only TCP sockets. -u, --udp Display only UDP sockets. -w, --raw Display only RAW sockets. -
It creates an array of hashes of (sitename, hostname, domainname, localIP, localPort, process, user, peerIP, peerPort, socketUsers), and writes the interim data to a file,
-
Then it creates a graph, boxing up site, host, IP, ports, and connecting to destinations. Lines are color-alternated to keep them distinct.
In order to create the .png files, you must have graphviz installed
sudo yum install graphviz graphviz-devel graphviz-ruby...and to ensure you can see the Ruby libraries, type:
export RUBYLIB=/usr/lib64/graphviz/rubyBelow are the functions available under rake:
rake chmod # Ensure gemspec-safe permissions on all files
rake clean # Remove any temporary products
rake clobber # Remove any generated file
rake default # default - help
rake help # help
rake pkg:gem # build rubygem package for simp-processgraph
rake pkg:install_gem # build and install rubygem package for simp-processgraph
rake spec # run all RSpec tests
To run the program, build and install the gem by running
$ rake pkg:install_gem
and run it
$ processgraph -s [sitename]
or:
type in the command below to run it right from the ruby:
$ ruby simp-processgraph.rb
The parameters are:
Usage: processgraph [options]
-h, --help Help
-s, --site NAME Name to associate with your site **(REQUIRED)**
-i, --input filename NAME Input file or directory name, properly formatted files will have the .ss filetype, generated from an earlier run
-o, --output file NAME Output file or directory name (will look for files in the given directory and subdirectories named *.ss)