ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(network-acls): change textFail to textInfo because NACLs are stateless

Browse Source
This commit is contained in:
Pepe Fagoaga
2021-04-24 13:23:14 +02:00
parent 8f784a4548
commit 056190cfc9
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/check45
View File

@@ -29,7 +29,7 @@ check45(){
NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`22` && PortRange.To>=`22`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
if [[ $NACL_LIST ]];then
for NACL in $NACL_LIST;do
textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx"
textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for SSH port 22" "$regx"
done
else
textPass "$regx: No Network ACL found with SSH port 22 open to 0.0.0.0/0" "$regx"

2
checks/check46
View File

@@ -29,7 +29,7 @@ check46(){
NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?(((!PortRange) || (PortRange.From<=`3389` && PortRange.To>=`3389`)) && ((CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`)))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
if [[ $NACL_LIST ]];then
for NACL in $NACL_LIST;do
textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx"
textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for Microsoft RDP port 3389" "$regx"
done
else
textPass "$regx: No Network ACL found with Microsoft RDP port 3389 open to 0.0.0.0/0" "$regx"

2
checks/check_extra7138
View File

@@ -30,7 +30,7 @@ extra7138(){
NACL_LIST=$($AWSCLI ec2 describe-network-acls --query 'NetworkAcls[?Entries[?((!PortRange) && (CidrBlock == `0.0.0.0/0`) && (Egress == `false`) && (RuleAction == `allow`))]].{NetworkAclId:NetworkAclId}' $PROFILE_OPT --region $regx --output text)
if [[ $NACL_LIST ]];then
for NACL in $NACL_LIST;do
textFail "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx"
textInfo "$regx: Found Network ACL: $NACL open to 0.0.0.0/0 for any port" "$regx"
done
else
textPass "$regx: No Network ACL found with any port open to 0.0.0.0/0" "$regx"