From 0bfa263ad95787a4ba7e0fa098938eaf986c9830 Mon Sep 17 00:00:00 2001 From: Ramon Diez Date: Thu, 12 Nov 2020 12:30:22 +0100 Subject: [PATCH] Fixing some descriptions --- checks/check_extra7115 | 8 ++++---- checks/check_extra7116 | 4 ++-- checks/check_extra7117 | 4 ++-- checks/check_extra7118 | 12 ++++++------ checks/check_extra7120 | 10 +++++----- checks/check_extra7122 | 10 +++++----- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/checks/check_extra7115 b/checks/check_extra7115 index 52f0f64b..a8b5b166 100644 --- a/checks/check_extra7115 +++ b/checks/check_extra7115 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra7115="7.115" -CHECK_TITLE_extra7115="[extra7115] Check if Glue Database connection must have SSL connection enabled. (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra7115="[extra7115] Check if Glue database connection must have SSL connection enabled. (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra7115="NOT_SCORED" CHECK_TYPE_extra7115="EXTRA" CHECK_SEVERITY_extra7115="Medium" @@ -26,13 +26,13 @@ extra7115(){ CONNECTION_NAME=$(echo $connection | base64 --decode | jq -r '.Name' ) CONNECTION_SSL_STATE=$(echo $connection | base64 --decode | jq -r '.SSL') if [[ "$CONNECTION_SSL_STATE" == "false" ]]; then - textFail "$regx: Connection $CONNECTION_NAME has SSL connection disabled" "$regx" + textFail "$regx: Glue connection $CONNECTION_NAME has SSL connection disabled" "$regx" else - textInfo "$regx: Connection $CONNECTION_NAME has SSL connection enabled" "$regx" + textInfo "$regx: Glue connection $CONNECTION_NAME has SSL connection enabled" "$regx" fi done else - textInfo "$regx: There are no connections" "$regx" + textInfo "$regx: There are no Glue connections" "$regx" fi done } diff --git a/checks/check_extra7116 b/checks/check_extra7116 index a789a8c2..d862559c 100644 --- a/checks/check_extra7116 +++ b/checks/check_extra7116 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra7116="7.116" -CHECK_TITLE_extra7116="[extra7116] Check if Data catalog settings must have metadata encryption enabled. (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra7116="[extra7116] Check if Glue data-catalog settings must have metadata encryption enabled. (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra7116="NOT_SCORED" CHECK_TYPE_extra7116="EXTRA" CHECK_SEVERITY_extra7116="Medium" @@ -24,7 +24,7 @@ extra7116(){ if [[ "$METADATA_ENCRYPTED" == "DISABLED" ]]; then textFail "$regx: Glue Catalog is not encrypted" "$regx" else - textInfo "$regx:Glue catalog is encrypted with $METADATA_ENCRYPTED" "$regx" + textInfo "$regx: Glue catalog is encrypted with $METADATA_ENCRYPTED" "$regx" fi done } diff --git a/checks/check_extra7117 b/checks/check_extra7117 index ac195606..6a019c70 100644 --- a/checks/check_extra7117 +++ b/checks/check_extra7117 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra7117="7.117" -CHECK_TITLE_extra7117="[extra7117] Check if Data catalog settings must have Encrypt connection password enabled. (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra7117="[extra7117] Check if Glue data-catalog settings must have Encrypt connection password enabled. (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra7117="NOT_SCORED" CHECK_TYPE_extra7117="EXTRA" CHECK_SEVERITY_extra7117="Medium" @@ -24,7 +24,7 @@ extra7117(){ if [[ "$METADATA_ENCRYPTED" == "False" ]]; then textFail "$regx: Glue Catalog connection password is not encrypted" "$regx" else - textInfo "$regx:Glue catalog connection password is encrypted" "$regx" + textInfo "$regx: Glue catalog connection password is encrypted" "$regx" fi done } diff --git a/checks/check_extra7118 b/checks/check_extra7118 index 3cc70617..516b3086 100644 --- a/checks/check_extra7118 +++ b/checks/check_extra7118 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra7118="7.117" -CHECK_TITLE_extra7118="[extra7118] Check if Security configurations used by ETL Jobs have S3 encryption enabled. (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra7118="[extra7118] Check if Glue Security configurations used by ETL Jobs have S3 encryption enabled. (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra7118="NOT_SCORED" CHECK_TYPE_extra7118="EXTRA" CHECK_SEVERITY_extra7118="Medium" @@ -29,18 +29,18 @@ extra7118(){ if [[ ! -z "$SECURITY_CONFIGURATION" ]]; then S3_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${SECURITY_CONFIGURATION}" $PROFILE_OPT --region $regx --output text --query 'SecurityConfiguration.EncryptionConfiguration.S3Encryption[0].S3EncryptionMode') if [[ "$S3_ENCRYPTION" == "DISABLED" ]]; then - textFail "$regx: Job $JOB_NAME does not have S3 encryption enabled" "$regx" + textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" else - textInfo "$regx: Job $JOB_NAME does have $S3_ENCRYPTION S3 encryption enabled" "$regx" + textInfo "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION S3 encryption enabled" "$regx" fi elif [[ ! -z "$JOB_ENCRYPTION" ]]; then - textInfo "$regx: Job $JOB_NAME does have $JOB_ENCRYPTION S3 encryption enabled" "$regx" + textInfo "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION S3 encryption enabled" "$regx" else - textFail "$regx: Job $JOB_NAME does not have S3 encryption enabled" "$regx" + textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" fi done else - textInfo "$regx: There are no jobs" "$regx" + textInfo "$regx: There are no Glue jobs" "$regx" fi done } \ No newline at end of file diff --git a/checks/check_extra7120 b/checks/check_extra7120 index c2782e5f..751f74f2 100644 --- a/checks/check_extra7120 +++ b/checks/check_extra7120 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra7120="7.117" -CHECK_TITLE_extra7120="[extra7120] Check if Security configurations used by ETL Jobs have CloudWatch logs encryption enabled. (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra7120="[extra7120] Check if Glue security configurations used by ETL Jobs have CloudWatch logs encryption enabled. (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra7120="NOT_SCORED" CHECK_TYPE_extra7120="EXTRA" CHECK_SEVERITY_extra7120="Medium" @@ -28,16 +28,16 @@ extra7120(){ if [[ ! -z "$SECURITY_CONFIGURATION" ]]; then CLOUDWATCH_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${SECURITY_CONFIGURATION}" $PROFILE_OPT --region $regx --output text --query 'SecurityConfiguration.EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode') if [[ "$CLOUDWATCH_ENCRYPTION" == "DISABLED" ]]; then - textFail "$regx: Job $JOB_NAME does not have CloudWatch logs encryption enabled" "$regx" + textFail "$regx: Glue job $JOB_NAME does not have CloudWatch logs encryption enabled" "$regx" else - textInfo "$regx: Job $JOB_NAME does have $CLOUDWATCH_ENCRYPTION CloudWatch logs encryption enabled" "$regx" + textInfo "$regx: Glue job $JOB_NAME does have $CLOUDWATCH_ENCRYPTION CloudWatch logs encryption enabled" "$regx" fi else - textFail "$regx: Job $JOB_NAME does not have CloudWatch logs encryption enabled" "$regx" + textFail "$regx: Glue job $JOB_NAME does not have CloudWatch logs encryption enabled" "$regx" fi done else - textInfo "$regx: There are no jobs" "$regx" + textInfo "$regx: There are no Glue jobs" "$regx" fi done } \ No newline at end of file diff --git a/checks/check_extra7122 b/checks/check_extra7122 index 0ef7bc9d..438be869 100644 --- a/checks/check_extra7122 +++ b/checks/check_extra7122 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra7122="7.117" -CHECK_TITLE_extra7122="[extra7122] Check if Security configurations used by ETL Jobs have Job bookmark encryption enabled. (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra7122="[extra7122] Check if Glue security configurations used by ETL Jobs have Job bookmark encryption enabled. (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra7122="NOT_SCORED" CHECK_TYPE_extra7122="EXTRA" CHECK_SEVERITY_extra7122="Medium" @@ -28,16 +28,16 @@ extra7122(){ if [[ ! -z "$SECURITY_CONFIGURATION" ]]; then JOB_BOOKMARK_ENCRYPTION=$($AWSCLI glue get-security-configuration --name "${SECURITY_CONFIGURATION}" $PROFILE_OPT --region $regx --output text --query 'SecurityConfiguration.EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode') if [[ "$JOB_BOOKMARK_ENCRYPTION" == "DISABLED" ]]; then - textFail "$regx: Job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" + textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" else - textInfo "$regx: Job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION Job bookmark encryption enabled" "$regx" + textInfo "$regx: Glue job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION Job bookmark encryption enabled" "$regx" fi else - textFail "$regx: Job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" + textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" fi done else - textInfo "$regx: There are no jobs" "$regx" + textInfo "$regx: There are no Glue jobs" "$regx" fi done } \ No newline at end of file