---
# tasks file for verify

- name: Gather facts on listening ports
  become: yes
  community.general.listen_ports_facts:

- name: TCP denylist violation
  ansible.builtin.debug:
    msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the denylist
  vars:
    tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_denylist) | list }}"
    tcp_denylist:
      - 111
  loop: "{{ tcp_listen_violations }}"