diff --git a/providers/aws/checks/accessanalyzer/check_extra769 b/providers_old/aws/checks/accessanalyzer/check_extra769 similarity index 99% rename from providers/aws/checks/accessanalyzer/check_extra769 rename to providers_old/aws/checks/accessanalyzer/check_extra769 index 48c37e53..5c529ca7 100644 --- a/providers/aws/checks/accessanalyzer/check_extra769 +++ b/providers_old/aws/checks/accessanalyzer/check_extra769 @@ -40,7 +40,7 @@ extra769(){ if [[ $ANALYZER_ACTIVE_FINDINGS_COUNT -eq 0 ]];then textPass "$regx: IAM Access Analyzer $accessAnalyzerArn has no active findings" "$regx" "$accessAnalyzerArn" else - textInfo "$regx: IAM Access Analyzer $accessAnalyzerArn has $ANALYZER_ACTIVE_FINDINGS_COUNT active findings" "$regx" + textInfo "$regx: IAM Access Analyzer $accessAnalyzerArn has $ANALYZER_ACTIVE_FINDINGS_COUNT active findings" "$regx" fi done else diff --git a/providers/aws/checks/acm/check_extra724 b/providers_old/aws/checks/acm/check_extra724 similarity index 100% rename from providers/aws/checks/acm/check_extra724 rename to providers_old/aws/checks/acm/check_extra724 diff --git a/providers/aws/checks/acm/check_extra730 b/providers_old/aws/checks/acm/check_extra730 similarity index 100% rename from providers/aws/checks/acm/check_extra730 rename to providers_old/aws/checks/acm/check_extra730 diff --git a/providers/aws/checks/apigateway/check_extra7156 b/providers_old/aws/checks/apigateway/check_extra7156 similarity index 99% rename from providers/aws/checks/apigateway/check_extra7156 rename to providers_old/aws/checks/apigateway/check_extra7156 index 7c8de499..2d47f1fd 100644 --- a/providers/aws/checks/apigateway/check_extra7156 +++ b/providers_old/aws/checks/apigateway/check_extra7156 @@ -54,4 +54,4 @@ extra7156(){ textInfo "$regx: No API Gateway found" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/apigateway/check_extra7157 b/providers_old/aws/checks/apigateway/check_extra7157 similarity index 100% rename from providers/aws/checks/apigateway/check_extra7157 rename to providers_old/aws/checks/apigateway/check_extra7157 diff --git a/providers/aws/checks/apigateway/check_extra722 b/providers_old/aws/checks/apigateway/check_extra722 similarity index 99% rename from providers/aws/checks/apigateway/check_extra722 rename to providers_old/aws/checks/apigateway/check_extra722 index ab992174..e86b4406 100644 --- a/providers/aws/checks/apigateway/check_extra722 +++ b/providers_old/aws/checks/apigateway/check_extra722 @@ -30,7 +30,7 @@ extra722(){ if [[ $(echo "$LIST_OF_API_GW" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to get rest APIs" "$regx" continue - fi + fi if [[ $LIST_OF_API_GW ]];then for apigwid in $LIST_OF_API_GW;do API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$apigwid\`].name" --output text) diff --git a/providers/aws/checks/apigateway/check_extra743 b/providers_old/aws/checks/apigateway/check_extra743 similarity index 99% rename from providers/aws/checks/apigateway/check_extra743 rename to providers_old/aws/checks/apigateway/check_extra743 index abc15f09..8f81b88e 100644 --- a/providers/aws/checks/apigateway/check_extra743 +++ b/providers_old/aws/checks/apigateway/check_extra743 @@ -29,7 +29,7 @@ extra743(){ if [[ $(echo "$LIST_OF_REST_APIS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to get rest APIs" "$regx" continue - fi + fi if [[ $LIST_OF_REST_APIS ]];then for api in $LIST_OF_REST_APIS; do API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$api\`].name" --output text) diff --git a/providers/aws/checks/apigateway/check_extra744 b/providers_old/aws/checks/apigateway/check_extra744 similarity index 99% rename from providers/aws/checks/apigateway/check_extra744 rename to providers_old/aws/checks/apigateway/check_extra744 index e7dcd10e..79a6ded2 100644 --- a/providers/aws/checks/apigateway/check_extra744 +++ b/providers_old/aws/checks/apigateway/check_extra744 @@ -30,7 +30,7 @@ extra744(){ if [[ $(echo "$LIST_OF_REST_APIS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to get rest APIs" "$regx" continue - fi + fi if [[ $LIST_OF_REST_APIS ]];then for api in $LIST_OF_REST_APIS; do API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$api\`].name" --output text) diff --git a/providers/aws/checks/apigateway/check_extra745 b/providers_old/aws/checks/apigateway/check_extra745 similarity index 99% rename from providers/aws/checks/apigateway/check_extra745 rename to providers_old/aws/checks/apigateway/check_extra745 index f6e6fe8b..1dcf923b 100644 --- a/providers/aws/checks/apigateway/check_extra745 +++ b/providers_old/aws/checks/apigateway/check_extra745 @@ -29,7 +29,7 @@ extra745(){ if [[ $(echo "$LIST_OF_REST_APIS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to get rest APIs" "$regx" continue - fi + fi if [[ $LIST_OF_REST_APIS ]];then for api in $LIST_OF_REST_APIS; do API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$api\`].name" --output text) diff --git a/providers/aws/checks/apigateway/check_extra746 b/providers_old/aws/checks/apigateway/check_extra746 similarity index 99% rename from providers/aws/checks/apigateway/check_extra746 rename to providers_old/aws/checks/apigateway/check_extra746 index d5b6512b..3d22ae69 100644 --- a/providers/aws/checks/apigateway/check_extra746 +++ b/providers_old/aws/checks/apigateway/check_extra746 @@ -29,7 +29,7 @@ extra746(){ if [[ $(echo "$LIST_OF_REST_APIS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to get rest APIs" "$regx" continue - fi + fi if [[ $LIST_OF_REST_APIS ]];then for api in $LIST_OF_REST_APIS; do API_GW_NAME=$($AWSCLI apigateway get-rest-apis $PROFILE_OPT --region $regx --query "items[?id==\`$api\`].name" --output text) diff --git a/providers/aws/checks/autoscaling/check_extra775 b/providers_old/aws/checks/autoscaling/check_extra775 similarity index 98% rename from providers/aws/checks/autoscaling/check_extra775 rename to providers_old/aws/checks/autoscaling/check_extra775 index 79564cfb..c7c1b6ef 100644 --- a/providers/aws/checks/autoscaling/check_extra775 +++ b/providers_old/aws/checks/autoscaling/check_extra775 @@ -24,10 +24,10 @@ CHECK_CAF_EPIC_extra775='IAM' extra775(){ SECRETS_TEMP_FOLDER="$PROWLER_DIR/secrets-$ACCOUNT_NUM-$PROWLER_START_TIME" - if [[ ! -d $SECRETS_TEMP_FOLDER ]]; then + if [[ ! -d $SECRETS_TEMP_FOLDER ]]; then # this folder is deleted once this check is finished mkdir $SECRETS_TEMP_FOLDER - fi + fi for regx in $REGIONS; do CHECK_DETECT_SECRETS_INSTALLATION=$(secretsDetector) @@ -69,7 +69,7 @@ extra775(){ textFail "$regx: Potential secret found in $autoscaling_configuration" "$regx" "$autoscaling_configuration" fi fi - else + else textPass "$regx: No secrets found in $autoscaling_configuration User Data or it is empty" "$regx" "$autoscaling_configuration" fi done diff --git a/providers/aws/checks/cloudformation/check_extra7154 b/providers_old/aws/checks/cloudformation/check_extra7154 similarity index 100% rename from providers/aws/checks/cloudformation/check_extra7154 rename to providers_old/aws/checks/cloudformation/check_extra7154 diff --git a/providers/aws/checks/cloudformation/check_extra742 b/providers_old/aws/checks/cloudformation/check_extra742 similarity index 100% rename from providers/aws/checks/cloudformation/check_extra742 rename to providers_old/aws/checks/cloudformation/check_extra742 diff --git a/providers/aws/checks/cloudfront/check_extra714 b/providers_old/aws/checks/cloudfront/check_extra714 similarity index 98% rename from providers/aws/checks/cloudfront/check_extra714 rename to providers_old/aws/checks/cloudfront/check_extra714 index 9408fa6d..5395bb5d 100644 --- a/providers/aws/checks/cloudfront/check_extra714 +++ b/providers_old/aws/checks/cloudfront/check_extra714 @@ -33,10 +33,10 @@ extra714(){ if [[ $LOG_ENABLED || $LOG_ENABLED_REALTIME ]]; then textPass "$REGION: CloudFront distribution $dist has logging enabled" "$REGION" "$dist" else - textFail "$REGION: CloudFront distribution $dist has logging disabled" "$REGION" "$dist" + textFail "$REGION: CloudFront distribution $dist has logging disabled" "$REGION" "$dist" fi done else - textInfo "$REGION: No CloudFront distributions found" "$REGION" "$dist" + textInfo "$REGION: No CloudFront distributions found" "$REGION" "$dist" fi } diff --git a/providers/aws/checks/cloudfront/check_extra732 b/providers_old/aws/checks/cloudfront/check_extra732 similarity index 100% rename from providers/aws/checks/cloudfront/check_extra732 rename to providers_old/aws/checks/cloudfront/check_extra732 diff --git a/providers/aws/checks/cloudfront/check_extra738 b/providers_old/aws/checks/cloudfront/check_extra738 similarity index 100% rename from providers/aws/checks/cloudfront/check_extra738 rename to providers_old/aws/checks/cloudfront/check_extra738 diff --git a/providers/aws/checks/cloudfront/check_extra767 b/providers_old/aws/checks/cloudfront/check_extra767 similarity index 100% rename from providers/aws/checks/cloudfront/check_extra767 rename to providers_old/aws/checks/cloudfront/check_extra767 diff --git a/providers/aws/checks/cloudfront/check_extra773 b/providers_old/aws/checks/cloudfront/check_extra773 similarity index 100% rename from providers/aws/checks/cloudfront/check_extra773 rename to providers_old/aws/checks/cloudfront/check_extra773 diff --git a/providers/aws/checks/cloudfront/check_extra791 b/providers_old/aws/checks/cloudfront/check_extra791 similarity index 100% rename from providers/aws/checks/cloudfront/check_extra791 rename to providers_old/aws/checks/cloudfront/check_extra791 diff --git a/providers/aws/checks/cloudtrail/check21 b/providers_old/aws/checks/cloudtrail/check21 similarity index 99% rename from providers/aws/checks/cloudtrail/check21 rename to providers_old/aws/checks/cloudtrail/check21 index d34ed292..db08b75e 100644 --- a/providers/aws/checks/cloudtrail/check21 +++ b/providers_old/aws/checks/cloudtrail/check21 @@ -53,7 +53,7 @@ check21(){ textFail "$regx: Trail $trail is configured for all regions but it is OFF" "$regx" "$trail" else textPass "$regx: Trail $trail is enabled for all regions" "$regx" "$trail" - fi + fi fi done fi @@ -63,6 +63,6 @@ check21(){ textFail "$regx: No CloudTrail trails were found in the filtered region" "$regx" "$trail" else textFail "$regx: No CloudTrail trails were found in the account" "$regx" "$trail" - fi + fi fi -} \ No newline at end of file +} diff --git a/providers/aws/checks/cloudtrail/check22 b/providers_old/aws/checks/cloudtrail/check22 similarity index 100% rename from providers/aws/checks/cloudtrail/check22 rename to providers_old/aws/checks/cloudtrail/check22 diff --git a/providers/aws/checks/cloudtrail/check23 b/providers_old/aws/checks/cloudtrail/check23 similarity index 100% rename from providers/aws/checks/cloudtrail/check23 rename to providers_old/aws/checks/cloudtrail/check23 diff --git a/providers/aws/checks/cloudtrail/check24 b/providers_old/aws/checks/cloudtrail/check24 similarity index 100% rename from providers/aws/checks/cloudtrail/check24 rename to providers_old/aws/checks/cloudtrail/check24 diff --git a/providers/aws/checks/cloudtrail/check27 b/providers_old/aws/checks/cloudtrail/check27 similarity index 100% rename from providers/aws/checks/cloudtrail/check27 rename to providers_old/aws/checks/cloudtrail/check27 diff --git a/providers/aws/checks/cloudtrail/check35 b/providers_old/aws/checks/cloudtrail/check35 similarity index 100% rename from providers/aws/checks/cloudtrail/check35 rename to providers_old/aws/checks/cloudtrail/check35 diff --git a/providers/aws/checks/cloudwatch/check_extra7144 b/providers_old/aws/checks/cloudwatch/check_extra7144 similarity index 100% rename from providers/aws/checks/cloudwatch/check_extra7144 rename to providers_old/aws/checks/cloudwatch/check_extra7144 diff --git a/providers/aws/checks/cloudwatch/check_extra7162 b/providers_old/aws/checks/cloudwatch/check_extra7162 similarity index 99% rename from providers/aws/checks/cloudwatch/check_extra7162 rename to providers_old/aws/checks/cloudwatch/check_extra7162 index b0d17eac..5420b487 100644 --- a/providers/aws/checks/cloudwatch/check_extra7162 +++ b/providers_old/aws/checks/cloudwatch/check_extra7162 @@ -48,7 +48,7 @@ extra7162() { : else textInfo "$regx does not have a Log Group!" "$regx" - + fi done } diff --git a/providers/aws/checks/cloudwatch/check_extra7164 b/providers_old/aws/checks/cloudwatch/check_extra7164 similarity index 100% rename from providers/aws/checks/cloudwatch/check_extra7164 rename to providers_old/aws/checks/cloudwatch/check_extra7164 diff --git a/providers/aws/checks/codebuild/check_extra7174 b/providers_old/aws/checks/codebuild/check_extra7174 similarity index 99% rename from providers/aws/checks/codebuild/check_extra7174 rename to providers_old/aws/checks/codebuild/check_extra7174 index 5b5ff434..0a1752d1 100644 --- a/providers/aws/checks/codebuild/check_extra7174 +++ b/providers_old/aws/checks/codebuild/check_extra7174 @@ -56,7 +56,7 @@ extra7174(){ fi fi done - else + else textInfo "${regx}: No CodeBuild Projects found" "${regx}" fi done diff --git a/providers/aws/checks/codebuild/check_extra7175 b/providers_old/aws/checks/codebuild/check_extra7175 similarity index 99% rename from providers/aws/checks/codebuild/check_extra7175 rename to providers_old/aws/checks/codebuild/check_extra7175 index bc80bcdc..b1752228 100644 --- a/providers/aws/checks/codebuild/check_extra7175 +++ b/providers_old/aws/checks/codebuild/check_extra7175 @@ -45,7 +45,7 @@ extra7175(){ textPass "${regx}: Codebuild project ${project} not uses a user controlled buildspec" "${regx}" "${project}" fi done - else + else textInfo "${regx}: No CodeBuild Projects found" "${regx}" fi done diff --git a/providers/aws/checks/config/check25 b/providers_old/aws/checks/config/check25 similarity index 100% rename from providers/aws/checks/config/check25 rename to providers_old/aws/checks/config/check25 diff --git a/providers/aws/checks/config/check39 b/providers_old/aws/checks/config/check39 similarity index 100% rename from providers/aws/checks/config/check39 rename to providers_old/aws/checks/config/check39 diff --git a/providers/aws/checks/custom/custom-defined-check/custom-defined-check.sh b/providers_old/aws/checks/custom/custom-defined-check/custom-defined-check.sh similarity index 97% rename from providers/aws/checks/custom/custom-defined-check/custom-defined-check.sh rename to providers_old/aws/checks/custom/custom-defined-check/custom-defined-check.sh index 23f2966b..1045fedc 100644 --- a/providers/aws/checks/custom/custom-defined-check/custom-defined-check.sh +++ b/providers_old/aws/checks/custom/custom-defined-check/custom-defined-check.sh @@ -32,7 +32,7 @@ extra9999(){ continue fi if [[ $MY_CUSTOM_CMD ]]; then - for element in $MY_CUSTOM_CMD; do + for element in $MY_CUSTOM_CMD; do textFail "$regx: Custom output is: $element" "$regx" "$CHECK_SGDEFAULT_ID" done else diff --git a/providers/aws/checks/custom/sample-check/sample-check.sh b/providers_old/aws/checks/custom/sample-check/sample-check.sh similarity index 100% rename from providers/aws/checks/custom/sample-check/sample-check.sh rename to providers_old/aws/checks/custom/sample-check/sample-check.sh diff --git a/providers/aws/checks/dynamodb/check_extra7128 b/providers_old/aws/checks/dynamodb/check_extra7128 similarity index 99% rename from providers/aws/checks/dynamodb/check_extra7128 rename to providers_old/aws/checks/dynamodb/check_extra7128 index 61c7f6e3..1191c4e6 100644 --- a/providers/aws/checks/dynamodb/check_extra7128 +++ b/providers_old/aws/checks/dynamodb/check_extra7128 @@ -40,8 +40,8 @@ extra7128(){ textInfo "$regx: DynamoDB table $table does have DEFAULT encryption enabled" "$regx" "$table" fi done - else + else textInfo "$regx: There are no DynamoDB tables" "$regx" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/dynamodb/check_extra7151 b/providers_old/aws/checks/dynamodb/check_extra7151 similarity index 100% rename from providers/aws/checks/dynamodb/check_extra7151 rename to providers_old/aws/checks/dynamodb/check_extra7151 diff --git a/providers/aws/checks/dynamodb/check_extra7165 b/providers_old/aws/checks/dynamodb/check_extra7165 similarity index 99% rename from providers/aws/checks/dynamodb/check_extra7165 rename to providers_old/aws/checks/dynamodb/check_extra7165 index 95f990a5..7ce1043c 100644 --- a/providers/aws/checks/dynamodb/check_extra7165 +++ b/providers_old/aws/checks/dynamodb/check_extra7165 @@ -65,4 +65,4 @@ extra7165(){ textInfo "$regx: No DynamoDB: DAX Clusters found." "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ec2/check119 b/providers_old/aws/checks/ec2/check119 similarity index 100% rename from providers/aws/checks/ec2/check119 rename to providers_old/aws/checks/ec2/check119 diff --git a/providers/aws/checks/ec2/check310 b/providers_old/aws/checks/ec2/check310 similarity index 100% rename from providers/aws/checks/ec2/check310 rename to providers_old/aws/checks/ec2/check310 diff --git a/providers/aws/checks/ec2/check41 b/providers_old/aws/checks/ec2/check41 similarity index 100% rename from providers/aws/checks/ec2/check41 rename to providers_old/aws/checks/ec2/check41 diff --git a/providers/aws/checks/ec2/check42 b/providers_old/aws/checks/ec2/check42 similarity index 100% rename from providers/aws/checks/ec2/check42 rename to providers_old/aws/checks/ec2/check42 diff --git a/providers/aws/checks/ec2/check43 b/providers_old/aws/checks/ec2/check43 similarity index 100% rename from providers/aws/checks/ec2/check43 rename to providers_old/aws/checks/ec2/check43 diff --git a/providers/aws/checks/ec2/check45 b/providers_old/aws/checks/ec2/check45 similarity index 100% rename from providers/aws/checks/ec2/check45 rename to providers_old/aws/checks/ec2/check45 diff --git a/providers/aws/checks/ec2/check46 b/providers_old/aws/checks/ec2/check46 similarity index 100% rename from providers/aws/checks/ec2/check46 rename to providers_old/aws/checks/ec2/check46 diff --git a/providers/aws/checks/ec2/check_extra710 b/providers_old/aws/checks/ec2/check_extra710 similarity index 100% rename from providers/aws/checks/ec2/check_extra710 rename to providers_old/aws/checks/ec2/check_extra710 diff --git a/providers/aws/checks/ec2/check_extra7102 b/providers_old/aws/checks/ec2/check_extra7102 similarity index 98% rename from providers/aws/checks/ec2/check_extra7102 rename to providers_old/aws/checks/ec2/check_extra7102 index f70492c7..6f6eb131 100644 --- a/providers/aws/checks/ec2/check_extra7102 +++ b/providers_old/aws/checks/ec2/check_extra7102 @@ -23,7 +23,7 @@ CHECK_REMEDIATION_extra7102='Check Identified IPs; consider changing them to pri CHECK_DOC_extra7102='https://www.shodan.io/' CHECK_CAF_EPIC_extra7102='Infrastructure Security' -# Watch out, always use Shodan API key, if you use `curl https://www.shodan.io/host/{ip}` massively +# Watch out, always use Shodan API key, if you use `curl https://www.shodan.io/host/{ip}` massively # your IP will be banned by Shodan # This is the right way to do so @@ -34,7 +34,7 @@ CHECK_CAF_EPIC_extra7102='Infrastructure Security' extra7102(){ if [[ ! $SHODAN_API_KEY ]]; then textInfo "[extra7102] Requires a Shodan API key to work. Use -N " - else + else for regx in $REGIONS; do LIST_OF_EIP=$($AWSCLI $PROFILE_OPT --region $regx ec2 describe-network-interfaces --query 'NetworkInterfaces[*].Association.PublicIp' --output text 2>&1) if [[ $(echo "$LIST_OF_EIP" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then diff --git a/providers/aws/checks/ec2/check_extra7134 b/providers_old/aws/checks/ec2/check_extra7134 similarity index 99% rename from providers/aws/checks/ec2/check_extra7134 rename to providers_old/aws/checks/ec2/check_extra7134 index 4919262f..8bea2b32 100644 --- a/providers/aws/checks/ec2/check_extra7134 +++ b/providers_old/aws/checks/ec2/check_extra7134 @@ -38,4 +38,4 @@ extra7134(){ textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for FTP ports" "$regx" "$SG" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ec2/check_extra7135 b/providers_old/aws/checks/ec2/check_extra7135 similarity index 99% rename from providers/aws/checks/ec2/check_extra7135 rename to providers_old/aws/checks/ec2/check_extra7135 index 74c9cb74..61c625fc 100644 --- a/providers/aws/checks/ec2/check_extra7135 +++ b/providers_old/aws/checks/ec2/check_extra7135 @@ -38,4 +38,4 @@ extra7135(){ textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Kafka ports" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ec2/check_extra7136 b/providers_old/aws/checks/ec2/check_extra7136 similarity index 99% rename from providers/aws/checks/ec2/check_extra7136 rename to providers_old/aws/checks/ec2/check_extra7136 index 3646a827..fee08e98 100644 --- a/providers/aws/checks/ec2/check_extra7136 +++ b/providers_old/aws/checks/ec2/check_extra7136 @@ -38,4 +38,4 @@ extra7136(){ textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Telnet ports" "$regx" "$SG" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ec2/check_extra7137 b/providers_old/aws/checks/ec2/check_extra7137 similarity index 99% rename from providers/aws/checks/ec2/check_extra7137 rename to providers_old/aws/checks/ec2/check_extra7137 index 00afed61..c6c6f925 100644 --- a/providers/aws/checks/ec2/check_extra7137 +++ b/providers_old/aws/checks/ec2/check_extra7137 @@ -38,4 +38,4 @@ extra7137(){ textPass "$regx: No Security Groups found with any port open to 0.0.0.0/0 for Microsoft SQL Server ports" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ec2/check_extra7138 b/providers_old/aws/checks/ec2/check_extra7138 similarity index 99% rename from providers/aws/checks/ec2/check_extra7138 rename to providers_old/aws/checks/ec2/check_extra7138 index 14b05ebb..6c69b91b 100644 --- a/providers/aws/checks/ec2/check_extra7138 +++ b/providers_old/aws/checks/ec2/check_extra7138 @@ -39,4 +39,4 @@ extra7138(){ textPass "$regx: No Network ACL found with any port open to 0.0.0.0/0" "$regx" "$NACL" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ec2/check_extra7146 b/providers_old/aws/checks/ec2/check_extra7146 similarity index 100% rename from providers/aws/checks/ec2/check_extra7146 rename to providers_old/aws/checks/ec2/check_extra7146 diff --git a/providers/aws/checks/ec2/check_extra7173 b/providers_old/aws/checks/ec2/check_extra7173 similarity index 97% rename from providers/aws/checks/ec2/check_extra7173 rename to providers_old/aws/checks/ec2/check_extra7173 index 05c2e518..7af800f5 100644 --- a/providers/aws/checks/ec2/check_extra7173 +++ b/providers_old/aws/checks/ec2/check_extra7173 @@ -38,7 +38,7 @@ extra7173(){ textFail "${regx}: Security Group ${SECURITY_GROUP_NAME} (ID: ${CHECK_SGDEFAULT_ID}) was created using the EC2 Launch Wizard" "${regx}" "${CHECK_SGDEFAULT_ID}" done else - textPass "${regx}: No Security Groups found that were created using the Wizard" "${regx}" "${CHECK_SGDEFAULT_ID}" + textPass "${regx}: No Security Groups found that were created using the Wizard" "${regx}" "${CHECK_SGDEFAULT_ID}" fi done } diff --git a/providers/aws/checks/ec2/check_extra72 b/providers_old/aws/checks/ec2/check_extra72 similarity index 100% rename from providers/aws/checks/ec2/check_extra72 rename to providers_old/aws/checks/ec2/check_extra72 diff --git a/providers/aws/checks/ec2/check_extra729 b/providers_old/aws/checks/ec2/check_extra729 similarity index 99% rename from providers/aws/checks/ec2/check_extra729 rename to providers_old/aws/checks/ec2/check_extra729 index 89ee70d9..e108833d 100644 --- a/providers/aws/checks/ec2/check_extra729 +++ b/providers_old/aws/checks/ec2/check_extra729 @@ -32,7 +32,7 @@ extra729(){ if [[ $(echo "$LIST_OF_EBS_NON_ENC_VOLUMES" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to describe volumes" "$regx" continue - fi + fi if [[ $LIST_OF_EBS_NON_ENC_VOLUMES ]];then for volume in $LIST_OF_EBS_NON_ENC_VOLUMES; do textFail "$regx: $volume is not encrypted!" "$regx" "$volume" diff --git a/providers/aws/checks/ec2/check_extra74 b/providers_old/aws/checks/ec2/check_extra74 similarity index 100% rename from providers/aws/checks/ec2/check_extra74 rename to providers_old/aws/checks/ec2/check_extra74 diff --git a/providers/aws/checks/ec2/check_extra740 b/providers_old/aws/checks/ec2/check_extra740 similarity index 99% rename from providers/aws/checks/ec2/check_extra740 rename to providers_old/aws/checks/ec2/check_extra740 index 6695c8fb..4d7436e8 100644 --- a/providers/aws/checks/ec2/check_extra740 +++ b/providers_old/aws/checks/ec2/check_extra740 @@ -26,7 +26,7 @@ CHECK_CAF_EPIC_extra740='Data Protection' extra740(){ # This does NOT use max-items, which would limit the number of items - # considered. It considers all snapshots, but only reports at most + # considered. It considers all snapshots, but only reports at most # max-items passing and max-items failing. for regx in ${REGIONS}; do UNENCRYPTED_SNAPSHOTS=$(${AWSCLI} ec2 describe-snapshots ${PROFILE_OPT} \ @@ -36,8 +36,8 @@ extra740(){ if [[ $(echo "$UNENCRYPTED_SNAPSHOTS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe snapshots" "$regx" continue - fi - + fi + ENCRYPTED_SNAPSHOTS=$(${AWSCLI} ec2 describe-snapshots ${PROFILE_OPT} \ --region ${regx} --owner-ids ${ACCOUNT_NUM} --output text \ --query 'Snapshots[?Encrypted==`true`]|[*].{Id:SnapshotId}' 2>&1 \ @@ -45,7 +45,7 @@ extra740(){ if [[ $(echo "$ENCRYPTED_SNAPSHOTS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe snapshots" "$regx" continue - fi + fi typeset -i unencrypted typeset -i encrypted unencrypted=0 diff --git a/providers/aws/checks/ec2/check_extra741 b/providers_old/aws/checks/ec2/check_extra741 similarity index 99% rename from providers/aws/checks/ec2/check_extra741 rename to providers_old/aws/checks/ec2/check_extra741 index 4ba7fa1c..eb1ff336 100644 --- a/providers/aws/checks/ec2/check_extra741 +++ b/providers_old/aws/checks/ec2/check_extra741 @@ -39,7 +39,7 @@ extra741(){ if [[ $(echo "$LIST_OF_EC2_INSTANCES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe instances" "$regx" continue - fi + fi if [[ $LIST_OF_EC2_INSTANCES ]];then for instance in $LIST_OF_EC2_INSTANCES; do EC2_USERDATA_FILE="$SECRETS_TEMP_FOLDER/extra741-$instance-userData.decoded" diff --git a/providers/aws/checks/ec2/check_extra748 b/providers_old/aws/checks/ec2/check_extra748 similarity index 99% rename from providers/aws/checks/ec2/check_extra748 rename to providers_old/aws/checks/ec2/check_extra748 index f9a62174..1f874879 100644 --- a/providers/aws/checks/ec2/check_extra748 +++ b/providers_old/aws/checks/ec2/check_extra748 @@ -29,7 +29,7 @@ extra748(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra749 b/providers_old/aws/checks/ec2/check_extra749 similarity index 99% rename from providers/aws/checks/ec2/check_extra749 rename to providers_old/aws/checks/ec2/check_extra749 index 4f2ee184..e4a2c1d3 100644 --- a/providers/aws/checks/ec2/check_extra749 +++ b/providers_old/aws/checks/ec2/check_extra749 @@ -30,7 +30,7 @@ extra749(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Oracle ports" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra75 b/providers_old/aws/checks/ec2/check_extra75 similarity index 100% rename from providers/aws/checks/ec2/check_extra75 rename to providers_old/aws/checks/ec2/check_extra75 diff --git a/providers/aws/checks/ec2/check_extra750 b/providers_old/aws/checks/ec2/check_extra750 similarity index 99% rename from providers/aws/checks/ec2/check_extra750 rename to providers_old/aws/checks/ec2/check_extra750 index 14e1f003..2c93fbfb 100644 --- a/providers/aws/checks/ec2/check_extra750 +++ b/providers_old/aws/checks/ec2/check_extra750 @@ -30,7 +30,7 @@ extra750(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for MySQL port" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra751 b/providers_old/aws/checks/ec2/check_extra751 similarity index 99% rename from providers/aws/checks/ec2/check_extra751 rename to providers_old/aws/checks/ec2/check_extra751 index 4eec1a02..07fa30e2 100644 --- a/providers/aws/checks/ec2/check_extra751 +++ b/providers_old/aws/checks/ec2/check_extra751 @@ -30,7 +30,7 @@ extra751(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Postgres port" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra752 b/providers_old/aws/checks/ec2/check_extra752 similarity index 99% rename from providers/aws/checks/ec2/check_extra752 rename to providers_old/aws/checks/ec2/check_extra752 index 4b74116a..b74193f0 100644 --- a/providers/aws/checks/ec2/check_extra752 +++ b/providers_old/aws/checks/ec2/check_extra752 @@ -30,7 +30,7 @@ extra752(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Redis port" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra753 b/providers_old/aws/checks/ec2/check_extra753 similarity index 99% rename from providers/aws/checks/ec2/check_extra753 rename to providers_old/aws/checks/ec2/check_extra753 index 8ee93c6b..a89c3796 100644 --- a/providers/aws/checks/ec2/check_extra753 +++ b/providers_old/aws/checks/ec2/check_extra753 @@ -30,7 +30,7 @@ extra753(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for MongoDB ports" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra754 b/providers_old/aws/checks/ec2/check_extra754 similarity index 99% rename from providers/aws/checks/ec2/check_extra754 rename to providers_old/aws/checks/ec2/check_extra754 index ef89bcf8..9ab1763b 100644 --- a/providers/aws/checks/ec2/check_extra754 +++ b/providers_old/aws/checks/ec2/check_extra754 @@ -30,7 +30,7 @@ extra754(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Cassandra ports" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra755 b/providers_old/aws/checks/ec2/check_extra755 similarity index 99% rename from providers/aws/checks/ec2/check_extra755 rename to providers_old/aws/checks/ec2/check_extra755 index a766b033..24e289d9 100644 --- a/providers/aws/checks/ec2/check_extra755 +++ b/providers_old/aws/checks/ec2/check_extra755 @@ -30,7 +30,7 @@ extra755(){ if [[ $(echo "$SG_LIST" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe security groups" "$regx" continue - fi + fi if [[ $SG_LIST ]];then for SG in $SG_LIST;do textFail "$regx: Found Security Group: $SG open to 0.0.0.0/0 for Memcached port" "$regx" "$SG" diff --git a/providers/aws/checks/ec2/check_extra757 b/providers_old/aws/checks/ec2/check_extra757 similarity index 99% rename from providers/aws/checks/ec2/check_extra757 rename to providers_old/aws/checks/ec2/check_extra757 index 55dc81b5..8fd1c284 100644 --- a/providers/aws/checks/ec2/check_extra757 +++ b/providers_old/aws/checks/ec2/check_extra757 @@ -30,7 +30,7 @@ extra757(){ if [[ $(echo "$EC2_RUNNING" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe instances" "$regx" continue - fi + fi if [[ $EC2_RUNNING ]]; then INSTACES_OLD_THAN_AGE=$($AWSCLI ec2 describe-instances --query "Reservations[].Instances[?LaunchTime<='$OLDAGE'][].{id: InstanceId, launched: LaunchTime}" $PROFILE_OPT --region $regx --output text) if [[ $INSTACES_OLD_THAN_AGE ]]; then diff --git a/providers/aws/checks/ec2/check_extra758 b/providers_old/aws/checks/ec2/check_extra758 similarity index 99% rename from providers/aws/checks/ec2/check_extra758 rename to providers_old/aws/checks/ec2/check_extra758 index 5884e96e..5575cb2b 100644 --- a/providers/aws/checks/ec2/check_extra758 +++ b/providers_old/aws/checks/ec2/check_extra758 @@ -31,7 +31,7 @@ extra758(){ if [[ $(echo "${INSTACES_OLD_THAN_AGE}" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "${regx}: Access Denied trying to describe instances" "${regx}" continue - fi + fi if [[ "${INSTACES_OLD_THAN_AGE}" ]]; then while read -r EC2_ID LAUNCH_DATE STATE do diff --git a/providers/aws/checks/ec2/check_extra76 b/providers_old/aws/checks/ec2/check_extra76 similarity index 100% rename from providers/aws/checks/ec2/check_extra76 rename to providers_old/aws/checks/ec2/check_extra76 diff --git a/providers/aws/checks/ec2/check_extra761 b/providers_old/aws/checks/ec2/check_extra761 similarity index 100% rename from providers/aws/checks/ec2/check_extra761 rename to providers_old/aws/checks/ec2/check_extra761 diff --git a/providers/aws/checks/ec2/check_extra770 b/providers_old/aws/checks/ec2/check_extra770 similarity index 99% rename from providers/aws/checks/ec2/check_extra770 rename to providers_old/aws/checks/ec2/check_extra770 index 6975c22f..51c0f678 100644 --- a/providers/aws/checks/ec2/check_extra770 +++ b/providers_old/aws/checks/ec2/check_extra770 @@ -30,7 +30,7 @@ extra770(){ if [[ $(echo "$LIST_OF_PUBLIC_INSTANCES_WITH_INSTANCE_PROFILES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe instances" "$regx" continue - fi + fi if [[ $LIST_OF_PUBLIC_INSTANCES_WITH_INSTANCE_PROFILES ]];then while read -r instance;do INSTANCE_ID=$(echo $instance | awk '{ print $1; }') diff --git a/providers/aws/checks/ec2/check_extra772 b/providers_old/aws/checks/ec2/check_extra772 similarity index 99% rename from providers/aws/checks/ec2/check_extra772 rename to providers_old/aws/checks/ec2/check_extra772 index 560cc1ad..6a23abef 100644 --- a/providers/aws/checks/ec2/check_extra772 +++ b/providers_old/aws/checks/ec2/check_extra772 @@ -29,7 +29,7 @@ extra772(){ if [[ $(echo "$EIP_DUMP" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe addresses" "$regx" continue - fi + fi EIP_LIST=$(echo $EIP_DUMP | jq -r '.Addresses[].AllocationId') if [[ $EIP_LIST ]]; then for eip in $EIP_LIST; do diff --git a/providers/aws/checks/ec2/check_extra777 b/providers_old/aws/checks/ec2/check_extra777 similarity index 100% rename from providers/aws/checks/ec2/check_extra777 rename to providers_old/aws/checks/ec2/check_extra777 diff --git a/providers/aws/checks/ec2/check_extra778 b/providers_old/aws/checks/ec2/check_extra778 similarity index 100% rename from providers/aws/checks/ec2/check_extra778 rename to providers_old/aws/checks/ec2/check_extra778 diff --git a/providers/aws/checks/ec2/check_extra779 b/providers_old/aws/checks/ec2/check_extra779 similarity index 99% rename from providers/aws/checks/ec2/check_extra779 rename to providers_old/aws/checks/ec2/check_extra779 index c835eb4c..668d529b 100644 --- a/providers/aws/checks/ec2/check_extra779 +++ b/providers_old/aws/checks/ec2/check_extra779 @@ -49,7 +49,7 @@ extra779(){ if [[ "$eip" == "None" ]];then textInfo "$regx: Found instance $instance with private IP on Security Group: $sg" "$regx" else - textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg open to 0.0.0.0/0 on for Elasticsearch/Kibana ports - use extra787 to test AUTH" "$regx" "$sg" + textFail "$regx: Found instance $instance with public IP $eip on Security Group: $sg open to 0.0.0.0/0 on for Elasticsearch/Kibana ports - use extra787 to test AUTH" "$regx" "$sg" fi done < <(cat $TEMP_EXTRA779_FILE) fi diff --git a/providers/aws/checks/ec2/check_extra786 b/providers_old/aws/checks/ec2/check_extra786 similarity index 100% rename from providers/aws/checks/ec2/check_extra786 rename to providers_old/aws/checks/ec2/check_extra786 diff --git a/providers/aws/checks/ecr/check_extra765 b/providers_old/aws/checks/ecr/check_extra765 similarity index 100% rename from providers/aws/checks/ecr/check_extra765 rename to providers_old/aws/checks/ecr/check_extra765 diff --git a/providers/aws/checks/ecr/check_extra77 b/providers_old/aws/checks/ecr/check_extra77 similarity index 100% rename from providers/aws/checks/ecr/check_extra77 rename to providers_old/aws/checks/ecr/check_extra77 diff --git a/providers/aws/checks/ecr/check_extra776 b/providers_old/aws/checks/ecr/check_extra776 similarity index 100% rename from providers/aws/checks/ecr/check_extra776 rename to providers_old/aws/checks/ecr/check_extra776 diff --git a/providers/aws/checks/ecs/check_extra768 b/providers_old/aws/checks/ecs/check_extra768 similarity index 99% rename from providers/aws/checks/ecs/check_extra768 rename to providers_old/aws/checks/ecs/check_extra768 index 9e035a50..f5e97db2 100644 --- a/providers/aws/checks/ecs/check_extra768 +++ b/providers_old/aws/checks/ecs/check_extra768 @@ -38,7 +38,7 @@ extra768(){ if [[ $(echo "$FAMILIES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to list task definition families" "$regx" continue - fi + fi if [[ $(echo $FAMILIES | jq -r .families[]) ]]; then for FAMILY in $(echo $FAMILIES | jq -r .families[]);do # Get the full task definition arn: diff --git a/providers/aws/checks/efs/check_extra7143 b/providers_old/aws/checks/efs/check_extra7143 similarity index 100% rename from providers/aws/checks/efs/check_extra7143 rename to providers_old/aws/checks/efs/check_extra7143 diff --git a/providers/aws/checks/efs/check_extra7148 b/providers_old/aws/checks/efs/check_extra7148 similarity index 100% rename from providers/aws/checks/efs/check_extra7148 rename to providers_old/aws/checks/efs/check_extra7148 diff --git a/providers/aws/checks/efs/check_extra7161 b/providers_old/aws/checks/efs/check_extra7161 similarity index 100% rename from providers/aws/checks/efs/check_extra7161 rename to providers_old/aws/checks/efs/check_extra7161 diff --git a/providers/aws/checks/eks/check_extra794 b/providers_old/aws/checks/eks/check_extra794 similarity index 100% rename from providers/aws/checks/eks/check_extra794 rename to providers_old/aws/checks/eks/check_extra794 diff --git a/providers/aws/checks/eks/check_extra795 b/providers_old/aws/checks/eks/check_extra795 similarity index 100% rename from providers/aws/checks/eks/check_extra795 rename to providers_old/aws/checks/eks/check_extra795 diff --git a/providers/aws/checks/eks/check_extra796 b/providers_old/aws/checks/eks/check_extra796 similarity index 100% rename from providers/aws/checks/eks/check_extra796 rename to providers_old/aws/checks/eks/check_extra796 diff --git a/providers/aws/checks/eks/check_extra797 b/providers_old/aws/checks/eks/check_extra797 similarity index 100% rename from providers/aws/checks/eks/check_extra797 rename to providers_old/aws/checks/eks/check_extra797 diff --git a/providers/aws/checks/elb/check_extra7129 b/providers_old/aws/checks/elb/check_extra7129 similarity index 99% rename from providers/aws/checks/elb/check_extra7129 rename to providers_old/aws/checks/elb/check_extra7129 index 29031a6c..74a309c1 100644 --- a/providers/aws/checks/elb/check_extra7129 +++ b/providers_old/aws/checks/elb/check_extra7129 @@ -33,7 +33,7 @@ extra7129(){ if [[ $(echo "$LIST_OF_ELBSV2" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe load balancers" "$regx" continue - fi + fi LIST_OF_WAFV2_WEBACL_ARN=$($AWSCLI wafv2 list-web-acls $PROFILE_OPT --region=$regx --scope=REGIONAL --query WebACLs[*].ARN --output text) LIST_OF_WAFV1_WEBACL_WEBACLID=$($AWSCLI waf-regional list-web-acls $PROFILE_OPT --region $regx --query WebACLs[*].[WebACLId] --output text) @@ -75,7 +75,7 @@ extra7129(){ else textInfo "$regx: No Application Load Balancers found" "$regx" fi - # ) & + # ) & done # wait -} \ No newline at end of file +} diff --git a/providers/aws/checks/elb/check_extra7142 b/providers_old/aws/checks/elb/check_extra7142 similarity index 99% rename from providers/aws/checks/elb/check_extra7142 rename to providers_old/aws/checks/elb/check_extra7142 index ded331ec..f11a1486 100644 --- a/providers/aws/checks/elb/check_extra7142 +++ b/providers_old/aws/checks/elb/check_extra7142 @@ -41,7 +41,7 @@ extra7142(){ textFail "$regx: Application Load Balancer $alb is not dropping invalid header fields" "$regx" "$alb" fi done - else + else textInfo "$regx: no ALBs found" fi done diff --git a/providers/aws/checks/elb/check_extra7150 b/providers_old/aws/checks/elb/check_extra7150 similarity index 100% rename from providers/aws/checks/elb/check_extra7150 rename to providers_old/aws/checks/elb/check_extra7150 diff --git a/providers/aws/checks/elb/check_extra7155 b/providers_old/aws/checks/elb/check_extra7155 similarity index 98% rename from providers/aws/checks/elb/check_extra7155 rename to providers_old/aws/checks/elb/check_extra7155 index e593a805..04554f61 100644 --- a/providers/aws/checks/elb/check_extra7155 +++ b/providers_old/aws/checks/elb/check_extra7155 @@ -14,7 +14,7 @@ # # https://docs.aws.amazon.com/cli/latest/reference/elbv2/modify-load-balancer-attributes.html # -# aws elbv2 modify-load-balancer-attributes +# aws elbv2 modify-load-balancer-attributes # --load-balancer-arn \ # --attributes Key=routing.http.desync_mitigation_mode,Value= diff --git a/providers/aws/checks/elb/check_extra7158 b/providers_old/aws/checks/elb/check_extra7158 similarity index 99% rename from providers/aws/checks/elb/check_extra7158 rename to providers_old/aws/checks/elb/check_extra7158 index ee1bad9f..dbed2d73 100644 --- a/providers/aws/checks/elb/check_extra7158 +++ b/providers_old/aws/checks/elb/check_extra7158 @@ -44,4 +44,4 @@ extra7158(){ textInfo "$regx: No ELBs found" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/elb/check_extra7159 b/providers_old/aws/checks/elb/check_extra7159 similarity index 99% rename from providers/aws/checks/elb/check_extra7159 rename to providers_old/aws/checks/elb/check_extra7159 index ddbe5452..08accb6f 100644 --- a/providers/aws/checks/elb/check_extra7159 +++ b/providers_old/aws/checks/elb/check_extra7159 @@ -43,4 +43,4 @@ extra7159(){ textInfo "$regx: No ELBs found" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/elb/check_extra717 b/providers_old/aws/checks/elb/check_extra717 similarity index 99% rename from providers/aws/checks/elb/check_extra717 rename to providers_old/aws/checks/elb/check_extra717 index 4be331cd..b0006078 100644 --- a/providers/aws/checks/elb/check_extra717 +++ b/providers_old/aws/checks/elb/check_extra717 @@ -30,12 +30,12 @@ extra717(){ if [[ $(echo "$LIST_OF_ELBS" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to list load balancers v1" "$regx" continue - fi + fi LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[*].LoadBalancerArn' --output text 2>&1 |xargs -n1) if [[ $(echo "$LIST_OF_ELBSV2" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to list load balancers v2" "$regx" continue - fi + fi if [[ $LIST_OF_ELBS || $LIST_OF_ELBSV2 ]]; then if [[ $LIST_OF_ELBS ]]; then for elb in $LIST_OF_ELBS; do diff --git a/providers/aws/checks/elb/check_extra79 b/providers_old/aws/checks/elb/check_extra79 similarity index 100% rename from providers/aws/checks/elb/check_extra79 rename to providers_old/aws/checks/elb/check_extra79 diff --git a/providers/aws/checks/elb/check_extra792 b/providers_old/aws/checks/elb/check_extra792 similarity index 96% rename from providers/aws/checks/elb/check_extra792 rename to providers_old/aws/checks/elb/check_extra792 index 87b49489..64e4fc5c 100644 --- a/providers/aws/checks/elb/check_extra792 +++ b/providers_old/aws/checks/elb/check_extra792 @@ -49,12 +49,12 @@ extra792(){ ELB_PROTOCOLS=$(echo $ELB_LISTENERS | jq -r '.ListenerDescriptions[].Listener.Protocol') if [[ $(echo $ELB_PROTOCOLS | grep HTTPS) || $(echo $ELB_PROTOCOLS | grep SSL) ]]; then - ELB_POLICIES=$(echo $ELB_LISTENERS | jq -r '.ListenerDescriptions[].PolicyNames | .[]') + ELB_POLICIES=$(echo $ELB_LISTENERS | jq -r '.ListenerDescriptions[].PolicyNames | .[]') passed=true for policy in $ELB_POLICIES; do - # Check for secure default policy + # Check for secure default policy REFPOLICY=$($AWSCLI elb describe-load-balancer-policies $PROFILE_OPT --region $regx --load-balancer-name $elb --policy-name $policy --query "PolicyDescriptions[0].PolicyAttributeDescriptions[?(AttributeName == 'Reference-Security-Policy')].AttributeValue" --output text) - if [[ -n "$REFPOLICY" ]]; then + if [[ -n "$REFPOLICY" ]]; then if array_contains ELBSECUREPOLICIES "$REFPOLICY"; then continue # Passed for this listener/policy else @@ -68,11 +68,11 @@ extra792(){ continue else passed=false - fi + fi done fi done - + if $passed; then textPass "$regx: $elb has no insecure SSL ciphers" "$regx" "$elb" else @@ -84,7 +84,7 @@ extra792(){ done fi if [[ $LIST_OF_ELBSV2 ]]; then - # NOTE - ALBs do NOT support custom security policies + # NOTE - ALBs do NOT support custom security policies # https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html ELBV2SECUREPOLICIES=("ELBSecurityPolicy-TLS-1-2-2017-01" "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" "ELBSecurityPolicy-FS-1-2-2019-08" "ELBSecurityPolicy-FS-1-2-Res-2019-08" "ELBSecurityPolicy-FS-1-2-Res-2020-10" "ELBSecurityPolicy-TLS13-1-2-2021-06" "ELBSecurityPolicy-TLS13-1-3-2021-06" "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06" "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06") @@ -104,7 +104,7 @@ extra792(){ if [[ $(echo $ELBV2_PROTOCOLS | grep HTTPS) || $(echo $ELBV2_PROTOCOLS | grep TLS) ]]; then ELBV2_SSL_POLICIES=$($AWSCLI elbv2 describe-listeners $PROFILE_OPT --region $regx --load-balancer-arn $elbarn --query 'Listeners[*].SslPolicy' --output text) - + for policy in $ELBV2_SSL_POLICIES; do if array_contains ELBV2SECUREPOLICIES "$policy"; then continue # Passed for this listener/policy @@ -112,7 +112,7 @@ extra792(){ passed=false fi done - + if $passed; then textPass "$regx: $elbname has no insecure SSL ciphers" "$regx" "$elbname" else @@ -129,7 +129,7 @@ extra792(){ done } -array_contains () { +array_contains () { local array="$1[@]" local seeking=$2 local in=1 diff --git a/providers/aws/checks/elb/check_extra793 b/providers_old/aws/checks/elb/check_extra793 similarity index 97% rename from providers/aws/checks/elb/check_extra793 rename to providers_old/aws/checks/elb/check_extra793 index 6f9e0efa..fea5f8bc 100644 --- a/providers/aws/checks/elb/check_extra793 +++ b/providers_old/aws/checks/elb/check_extra793 @@ -39,9 +39,9 @@ extra793(){ fi if [[ $LIST_OF_ELBS || $LIST_OF_ELBSV2 ]]; then if [[ $LIST_OF_ELBS ]]; then - ENCRYPTEDPROTOCOLS=("HTTPS" "SSL") + ENCRYPTEDPROTOCOLS=("HTTPS" "SSL") for elb in $LIST_OF_ELBS; do - ELB_PROTOCOLS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --load-balancer-name $elb --query "LoadBalancerDescriptions[0].ListenerDescriptions[*].Listener.Protocol" --output text) + ELB_PROTOCOLS=$($AWSCLI elb describe-load-balancers $PROFILE_OPT --region $regx --load-balancer-name $elb --query "LoadBalancerDescriptions[0].ListenerDescriptions[*].Listener.Protocol" --output text) passed=true potential_redirect=false for protocol in $ELB_PROTOCOLS; do @@ -49,13 +49,13 @@ extra793(){ continue else # Check if both HTTP and HTTPS in use - if [[ $(echo $ELB_PROTOCOLS | grep HTTPS) ]]; then + if [[ $(echo $ELB_PROTOCOLS | grep HTTPS) ]]; then potential_redirect=true fi passed=false fi done - + if $passed; then textPass "$regx: $elb has encrypted listeners" "$regx" else @@ -63,7 +63,7 @@ extra793(){ textInfo "$regx: $elb has both encrypted and non-encrypted listeners" "$regx" else textFail "$regx: $elb has non-encrypted listeners" "$regx" "$elb" - fi + fi fi done fi @@ -75,7 +75,7 @@ extra793(){ ELBV2_LISTENERS=$($AWSCLI elbv2 describe-listeners $PROFILE_OPT --region $regx --load-balancer-arn $elbarn --query "Listeners[*]") ELBV2_PROTOCOLS=$(echo $ELBV2_LISTENERS | jq -r '.[].Protocol') - + if [[ $(echo $ELBV2_PROTOCOLS | grep HTTPS) ]]; then for line in $(echo $ELBV2_LISTENERS | jq -r '.[] | .Protocol + "," + .ListenerArn'); do protocol=$(echo $line | awk -F ',' '{print $1}') @@ -110,7 +110,7 @@ extra793(){ done } -array_contains () { +array_contains () { local array="$1[@]" local seeking=$2 local in=1 diff --git a/providers/aws/checks/emr/check_extra7176 b/providers_old/aws/checks/emr/check_extra7176 similarity index 98% rename from providers/aws/checks/emr/check_extra7176 rename to providers_old/aws/checks/emr/check_extra7176 index 3bd611b1..f4c5ce82 100644 --- a/providers/aws/checks/emr/check_extra7176 +++ b/providers_old/aws/checks/emr/check_extra7176 @@ -27,7 +27,7 @@ CHECK_CAF_EPIC_extra7176='Infrastructure Security' extra7176(){ # Public EMR cluster have their DNS ending with .amazonaws.com while private ones have format of ip-xxx-xx-xx.us-east-1.compute.internal. for regx in ${REGIONS}; do - # List only EMR clusters with the following states: STARTING, BOOTSTRAPPING, RUNNING, WAITING, TERMINATING + # List only EMR clusters with the following states: STARTING, BOOTSTRAPPING, RUNNING, WAITING, TERMINATING # [NOT TERMINATED AND TERMINATED_WITH_ERRORS] LIST_OF_CLUSTERS=$("${AWSCLI}" emr list-clusters ${PROFILE_OPT} --region "${regx}" --query 'Clusters[?(Status.State!=`TERMINATED` && Status.State!=`TERMINATED_WITH_ERRORS`)].Id' --output text 2>&1) if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${LIST_OF_CLUSTERS}"; then diff --git a/providers/aws/checks/emr/check_extra7177 b/providers_old/aws/checks/emr/check_extra7177 similarity index 99% rename from providers/aws/checks/emr/check_extra7177 rename to providers_old/aws/checks/emr/check_extra7177 index 5a82a0ef..54615ddb 100644 --- a/providers/aws/checks/emr/check_extra7177 +++ b/providers_old/aws/checks/emr/check_extra7177 @@ -27,7 +27,7 @@ CHECK_CAF_EPIC_extra7177='Infrastructure Security' extra7177(){ for regx in ${REGIONS}; do - # List only EMR clusters with the following states: STARTING, BOOTSTRAPPING, RUNNING, WAITING, TERMINATING + # List only EMR clusters with the following states: STARTING, BOOTSTRAPPING, RUNNING, WAITING, TERMINATING # [NOT TERMINATED AND TERMINATED_WITH_ERRORS] LIST_OF_CLUSTERS=$("${AWSCLI}" emr list-clusters ${PROFILE_OPT} --region "${regx}" --query 'Clusters[?(Status.State!=`TERMINATED` && Status.State!=`TERMINATED_WITH_ERRORS`)].Id' --output text 2>&1) if grep -q -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' <<< "${LIST_OF_CLUSTERS}"; then @@ -110,7 +110,7 @@ extra7177(){ # Check if EMR Cluster is publicly accessible through a Security Group if [[ -n "${master_node_sg_internet_open}" || -n "${slave_node_sg_internet_open}" || "${#additional_master_node_sg_internet_open_list[@]}" -ne 0 || "${#additional_slave_node_sg_internet_open_list[@]}" -ne 0 ]]; then textFail "${regx}: EMR Cluster ${cluster_id} is publicly accessible through the following Security Groups: Master Node ${master_node_sg_internet_open} ${additional_master_node_sg_internet_open_list[*]} -- Slaves Nodes ${slave_node_sg_internet_open} ${additional_slave_node_sg_internet_open_list[*]}" "${regx}" "${cluster_id}" - else + else textPass "${regx}: EMR Cluster ${cluster_id} is not publicly accessible" "${regx}" "${cluster_id}" fi else diff --git a/providers/aws/checks/emr/check_extra7178 b/providers_old/aws/checks/emr/check_extra7178 similarity index 99% rename from providers/aws/checks/emr/check_extra7178 rename to providers_old/aws/checks/emr/check_extra7178 index d49ef2dc..c86b12b2 100644 --- a/providers/aws/checks/emr/check_extra7178 +++ b/providers_old/aws/checks/emr/check_extra7178 @@ -38,4 +38,4 @@ extra7178(){ textFail "${regx}: EMR Account has Block Public Access disabled" "${regx}" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/es/check_extra7101 b/providers_old/aws/checks/es/check_extra7101 similarity index 100% rename from providers/aws/checks/es/check_extra7101 rename to providers_old/aws/checks/es/check_extra7101 diff --git a/providers/aws/checks/es/check_extra715 b/providers_old/aws/checks/es/check_extra715 similarity index 100% rename from providers/aws/checks/es/check_extra715 rename to providers_old/aws/checks/es/check_extra715 diff --git a/providers/aws/checks/es/check_extra716 b/providers_old/aws/checks/es/check_extra716 similarity index 98% rename from providers/aws/checks/es/check_extra716 rename to providers_old/aws/checks/es/check_extra716 index d44fc601..6eccfe79 100644 --- a/providers/aws/checks/es/check_extra716 +++ b/providers_old/aws/checks/es/check_extra716 @@ -29,7 +29,7 @@ extra716(){ if [[ $(echo "$LIST_OF_DOMAINS" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to list domain names" "$regx" continue - fi + fi if [[ $LIST_OF_DOMAINS ]]; then TEMP_POLICY_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-es-domain.policy.XXXXXXXXXX) for domain in $LIST_OF_DOMAINS;do @@ -51,9 +51,9 @@ extra716(){ fi # check if the policy has a principal set up CHECK_ES_POLICY_PRINCIPAL=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS != "*") or ((.Principal|type == "string") and .Principal != "*")) and select(has("Condition") | not))') - if [[ $CHECK_ES_POLICY_PRINCIPAL ]]; then + if [[ $CHECK_ES_POLICY_PRINCIPAL ]]; then textPass "$regx: Amazon ES domain $domain does have a Principal set up" "$regx" "$domain" - fi + fi CHECK_ES_DOMAIN_POLICY_OPEN=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and select(has("Condition") | not))') CHECK_ES_DOMAIN_POLICY_HAS_CONDITION=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and select(has("Condition")))' ) if [[ $CHECK_ES_DOMAIN_POLICY_HAS_CONDITION ]]; then diff --git a/providers/aws/checks/es/check_extra780 b/providers_old/aws/checks/es/check_extra780 similarity index 100% rename from providers/aws/checks/es/check_extra780 rename to providers_old/aws/checks/es/check_extra780 diff --git a/providers/aws/checks/es/check_extra781 b/providers_old/aws/checks/es/check_extra781 similarity index 100% rename from providers/aws/checks/es/check_extra781 rename to providers_old/aws/checks/es/check_extra781 diff --git a/providers/aws/checks/es/check_extra782 b/providers_old/aws/checks/es/check_extra782 similarity index 100% rename from providers/aws/checks/es/check_extra782 rename to providers_old/aws/checks/es/check_extra782 diff --git a/providers/aws/checks/es/check_extra783 b/providers_old/aws/checks/es/check_extra783 similarity index 100% rename from providers/aws/checks/es/check_extra783 rename to providers_old/aws/checks/es/check_extra783 diff --git a/providers/aws/checks/es/check_extra784 b/providers_old/aws/checks/es/check_extra784 similarity index 100% rename from providers/aws/checks/es/check_extra784 rename to providers_old/aws/checks/es/check_extra784 diff --git a/providers/aws/checks/es/check_extra785 b/providers_old/aws/checks/es/check_extra785 similarity index 100% rename from providers/aws/checks/es/check_extra785 rename to providers_old/aws/checks/es/check_extra785 diff --git a/providers/aws/checks/es/check_extra787 b/providers_old/aws/checks/es/check_extra787 similarity index 100% rename from providers/aws/checks/es/check_extra787 rename to providers_old/aws/checks/es/check_extra787 diff --git a/providers/aws/checks/es/check_extra788 b/providers_old/aws/checks/es/check_extra788 similarity index 100% rename from providers/aws/checks/es/check_extra788 rename to providers_old/aws/checks/es/check_extra788 diff --git a/providers/aws/checks/glacier/check_extra7147 b/providers_old/aws/checks/glacier/check_extra7147 similarity index 100% rename from providers/aws/checks/glacier/check_extra7147 rename to providers_old/aws/checks/glacier/check_extra7147 diff --git a/providers/aws/checks/glue/check_extra7114 b/providers_old/aws/checks/glue/check_extra7114 similarity index 99% rename from providers/aws/checks/glue/check_extra7114 rename to providers_old/aws/checks/glue/check_extra7114 index 9179e63f..f57815df 100644 --- a/providers/aws/checks/glue/check_extra7114 +++ b/providers_old/aws/checks/glue/check_extra7114 @@ -51,5 +51,3 @@ extra7114(){ fi done } - - diff --git a/providers/aws/checks/glue/check_extra7115 b/providers_old/aws/checks/glue/check_extra7115 similarity index 98% rename from providers/aws/checks/glue/check_extra7115 rename to providers_old/aws/checks/glue/check_extra7115 index 8abca268..41c69c98 100644 --- a/providers/aws/checks/glue/check_extra7115 +++ b/providers_old/aws/checks/glue/check_extra7115 @@ -36,12 +36,12 @@ extra7115(){ CONNECTION_SSL_STATE=$(echo $connection | base64 --decode | jq -r '.SSL') if [[ "$CONNECTION_SSL_STATE" == "false" ]]; then textFail "$regx: Glue connection $CONNECTION_NAME has SSL connection disabled" "$regx" "$CONNECTION_NAME" - else + else textPass "$regx: Glue connection $CONNECTION_NAME has SSL connection enabled" "$regx" "$CONNECTION_NAME" fi done - else + else textInfo "$regx: There are no Glue connections" "$regx" - fi - done + fi + done } diff --git a/providers/aws/checks/glue/check_extra7116 b/providers_old/aws/checks/glue/check_extra7116 similarity index 100% rename from providers/aws/checks/glue/check_extra7116 rename to providers_old/aws/checks/glue/check_extra7116 diff --git a/providers/aws/checks/glue/check_extra7117 b/providers_old/aws/checks/glue/check_extra7117 similarity index 100% rename from providers/aws/checks/glue/check_extra7117 rename to providers_old/aws/checks/glue/check_extra7117 diff --git a/providers/aws/checks/glue/check_extra7118 b/providers_old/aws/checks/glue/check_extra7118 similarity index 97% rename from providers/aws/checks/glue/check_extra7118 rename to providers_old/aws/checks/glue/check_extra7118 index 53303c08..d943c5a4 100644 --- a/providers/aws/checks/glue/check_extra7118 +++ b/providers_old/aws/checks/glue/check_extra7118 @@ -40,20 +40,20 @@ extra7118(){ if [[ "$S3_ENCRYPTION" == "DISABLED" ]]; then if [[ ! -z "$JOB_ENCRYPTION" ]]; then textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME" - else + else textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME" - fi + fi else textPass "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME" fi elif [[ ! -z "$JOB_ENCRYPTION" ]]; then textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME" - else + else textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME" fi done - else + else textInfo "$regx: There are no Glue jobs" "$regx" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/glue/check_extra7119 b/providers_old/aws/checks/glue/check_extra7119 similarity index 100% rename from providers/aws/checks/glue/check_extra7119 rename to providers_old/aws/checks/glue/check_extra7119 diff --git a/providers/aws/checks/glue/check_extra7120 b/providers_old/aws/checks/glue/check_extra7120 similarity index 99% rename from providers/aws/checks/glue/check_extra7120 rename to providers_old/aws/checks/glue/check_extra7120 index 018067c5..c421a8bb 100644 --- a/providers/aws/checks/glue/check_extra7120 +++ b/providers_old/aws/checks/glue/check_extra7120 @@ -45,8 +45,8 @@ extra7120(){ textFail "$regx: Glue job $JOB_NAME does not have CloudWatch Logs encryption enabled" "$regx" "$JOB_NAME" fi done - else + else textInfo "$regx: There are no Glue jobs" "$regx" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/glue/check_extra7121 b/providers_old/aws/checks/glue/check_extra7121 similarity index 99% rename from providers/aws/checks/glue/check_extra7121 rename to providers_old/aws/checks/glue/check_extra7121 index bdc041d1..439bc86a 100644 --- a/providers/aws/checks/glue/check_extra7121 +++ b/providers_old/aws/checks/glue/check_extra7121 @@ -51,5 +51,3 @@ extra7121(){ fi done } - - diff --git a/providers/aws/checks/glue/check_extra7122 b/providers_old/aws/checks/glue/check_extra7122 similarity index 99% rename from providers/aws/checks/glue/check_extra7122 rename to providers_old/aws/checks/glue/check_extra7122 index 6c91dfca..8b3ca524 100644 --- a/providers/aws/checks/glue/check_extra7122 +++ b/providers_old/aws/checks/glue/check_extra7122 @@ -45,8 +45,8 @@ extra7122(){ textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME" fi done - else + else textInfo "$regx: There are no Glue jobs" "$regx" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/guardduty/check_extra713 b/providers_old/aws/checks/guardduty/check_extra713 similarity index 97% rename from providers/aws/checks/guardduty/check_extra713 rename to providers_old/aws/checks/guardduty/check_extra713 index 17b56827..0689c384 100644 --- a/providers/aws/checks/guardduty/check_extra713 +++ b/providers_old/aws/checks/guardduty/check_extra713 @@ -42,9 +42,9 @@ extra713(){ else textFail "$regx: GuardDuty detector not configured!" "$regx" fi - else - # if list-detectors return any error + else + # if list-detectors return any error textInfo "$regx: GuardDuty not checked or Access Denied trying to get detector" "$regx" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/guardduty/check_extra7139 b/providers_old/aws/checks/guardduty/check_extra7139 similarity index 99% rename from providers/aws/checks/guardduty/check_extra7139 rename to providers_old/aws/checks/guardduty/check_extra7139 index 4268c26f..99501cdb 100644 --- a/providers/aws/checks/guardduty/check_extra7139 +++ b/providers_old/aws/checks/guardduty/check_extra7139 @@ -22,7 +22,7 @@ CHECK_REMEDIATION_extra7139='Review and remediate critical GuardDuty findings as CHECK_DOC_extra7139='https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html' CHECK_CAF_EPIC_extra7139='Incident Response' extra7139(){ - + for regx in $REGIONS; do DETECTORS_LIST="" DETECTORS_LIST=$($AWSCLI guardduty list-detectors --query DetectorIds $PROFILE_OPT --region $regx --output text 2>&1) @@ -44,4 +44,4 @@ extra7139(){ textInfo "$regx: No GuardDuty detectors found." "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/iam/check11 b/providers_old/aws/checks/iam/check11 similarity index 100% rename from providers/aws/checks/iam/check11 rename to providers_old/aws/checks/iam/check11 diff --git a/providers/aws/checks/iam/check110 b/providers_old/aws/checks/iam/check110 similarity index 100% rename from providers/aws/checks/iam/check110 rename to providers_old/aws/checks/iam/check110 diff --git a/providers/aws/checks/iam/check111 b/providers_old/aws/checks/iam/check111 similarity index 100% rename from providers/aws/checks/iam/check111 rename to providers_old/aws/checks/iam/check111 diff --git a/providers/aws/checks/iam/check112 b/providers_old/aws/checks/iam/check112 similarity index 100% rename from providers/aws/checks/iam/check112 rename to providers_old/aws/checks/iam/check112 diff --git a/providers/aws/checks/iam/check113 b/providers_old/aws/checks/iam/check113 similarity index 100% rename from providers/aws/checks/iam/check113 rename to providers_old/aws/checks/iam/check113 diff --git a/providers/aws/checks/iam/check114 b/providers_old/aws/checks/iam/check114 similarity index 100% rename from providers/aws/checks/iam/check114 rename to providers_old/aws/checks/iam/check114 diff --git a/providers/aws/checks/iam/check116 b/providers_old/aws/checks/iam/check116 similarity index 100% rename from providers/aws/checks/iam/check116 rename to providers_old/aws/checks/iam/check116 diff --git a/providers/aws/checks/iam/check12 b/providers_old/aws/checks/iam/check12 similarity index 100% rename from providers/aws/checks/iam/check12 rename to providers_old/aws/checks/iam/check12 diff --git a/providers/aws/checks/iam/check120 b/providers_old/aws/checks/iam/check120 similarity index 100% rename from providers/aws/checks/iam/check120 rename to providers_old/aws/checks/iam/check120 diff --git a/providers/aws/checks/iam/check121 b/providers_old/aws/checks/iam/check121 similarity index 100% rename from providers/aws/checks/iam/check121 rename to providers_old/aws/checks/iam/check121 diff --git a/providers/aws/checks/iam/check122 b/providers_old/aws/checks/iam/check122 similarity index 100% rename from providers/aws/checks/iam/check122 rename to providers_old/aws/checks/iam/check122 diff --git a/providers/aws/checks/iam/check13 b/providers_old/aws/checks/iam/check13 similarity index 100% rename from providers/aws/checks/iam/check13 rename to providers_old/aws/checks/iam/check13 diff --git a/providers/aws/checks/iam/check14 b/providers_old/aws/checks/iam/check14 similarity index 100% rename from providers/aws/checks/iam/check14 rename to providers_old/aws/checks/iam/check14 diff --git a/providers/aws/checks/iam/check15 b/providers_old/aws/checks/iam/check15 similarity index 100% rename from providers/aws/checks/iam/check15 rename to providers_old/aws/checks/iam/check15 diff --git a/providers/aws/checks/iam/check16 b/providers_old/aws/checks/iam/check16 similarity index 100% rename from providers/aws/checks/iam/check16 rename to providers_old/aws/checks/iam/check16 diff --git a/providers/aws/checks/iam/check17 b/providers_old/aws/checks/iam/check17 similarity index 100% rename from providers/aws/checks/iam/check17 rename to providers_old/aws/checks/iam/check17 diff --git a/providers/aws/checks/iam/check18 b/providers_old/aws/checks/iam/check18 similarity index 100% rename from providers/aws/checks/iam/check18 rename to providers_old/aws/checks/iam/check18 diff --git a/providers/aws/checks/iam/check19 b/providers_old/aws/checks/iam/check19 similarity index 100% rename from providers/aws/checks/iam/check19 rename to providers_old/aws/checks/iam/check19 diff --git a/providers/aws/checks/iam/check31 b/providers_old/aws/checks/iam/check31 similarity index 100% rename from providers/aws/checks/iam/check31 rename to providers_old/aws/checks/iam/check31 diff --git a/providers/aws/checks/iam/check32 b/providers_old/aws/checks/iam/check32 similarity index 100% rename from providers/aws/checks/iam/check32 rename to providers_old/aws/checks/iam/check32 diff --git a/providers/aws/checks/iam/check33 b/providers_old/aws/checks/iam/check33 similarity index 100% rename from providers/aws/checks/iam/check33 rename to providers_old/aws/checks/iam/check33 diff --git a/providers/aws/checks/iam/check34 b/providers_old/aws/checks/iam/check34 similarity index 100% rename from providers/aws/checks/iam/check34 rename to providers_old/aws/checks/iam/check34 diff --git a/providers/aws/checks/iam/check36 b/providers_old/aws/checks/iam/check36 similarity index 100% rename from providers/aws/checks/iam/check36 rename to providers_old/aws/checks/iam/check36 diff --git a/providers/aws/checks/iam/check_extra71 b/providers_old/aws/checks/iam/check_extra71 similarity index 100% rename from providers/aws/checks/iam/check_extra71 rename to providers_old/aws/checks/iam/check_extra71 diff --git a/providers/aws/checks/iam/check_extra7100 b/providers_old/aws/checks/iam/check_extra7100 similarity index 100% rename from providers/aws/checks/iam/check_extra7100 rename to providers_old/aws/checks/iam/check_extra7100 diff --git a/providers/aws/checks/iam/check_extra7123 b/providers_old/aws/checks/iam/check_extra7123 similarity index 99% rename from providers/aws/checks/iam/check_extra7123 rename to providers_old/aws/checks/iam/check_extra7123 index fecf5185..e6f9b703 100644 --- a/providers/aws/checks/iam/check_extra7123 +++ b/providers_old/aws/checks/iam/check_extra7123 @@ -35,4 +35,4 @@ extra7123(){ else textPass "No users with 2 active access keys" fi -} \ No newline at end of file +} diff --git a/providers/aws/checks/iam/check_extra7125 b/providers_old/aws/checks/iam/check_extra7125 similarity index 95% rename from providers/aws/checks/iam/check_extra7125 rename to providers_old/aws/checks/iam/check_extra7125 index d41b8475..fc314ebd 100644 --- a/providers/aws/checks/iam/check_extra7125 +++ b/providers_old/aws/checks/iam/check_extra7125 @@ -31,15 +31,15 @@ extra7125(){ for user in $LIST_USERS; do # Would be virtual if sms-mfa or mfa, hardware is u2f or different. MFA_TYPE=$($AWSCLI iam list-mfa-devices --user-name $user $PROFILE_OPT --region $REGION --query MFADevices[].SerialNumber --output text | awk -F':' '{ print $6 }'| awk -F'/' '{ print $1 }') - if [[ $MFA_TYPE == "mfa" || $MFA_TYPE == "sms-mfa" ]]; then - textInfo "User $user has virtual MFA enabled" - elif [[ $MFA_TYPE == "" ]]; then + if [[ $MFA_TYPE == "mfa" || $MFA_TYPE == "sms-mfa" ]]; then + textInfo "User $user has virtual MFA enabled" + elif [[ $MFA_TYPE == "" ]]; then textFail "User $user has not hardware MFA enabled" "$REGION" "$user" - else + else textPass "User $user has hardware MFA enabled" "$REGION" "$user" fi done else textPass "No users found" fi -} \ No newline at end of file +} diff --git a/providers/aws/checks/iam/check_extra733 b/providers_old/aws/checks/iam/check_extra733 similarity index 100% rename from providers/aws/checks/iam/check_extra733 rename to providers_old/aws/checks/iam/check_extra733 diff --git a/providers/aws/checks/iam/check_extra774 b/providers_old/aws/checks/iam/check_extra774 similarity index 100% rename from providers/aws/checks/iam/check_extra774 rename to providers_old/aws/checks/iam/check_extra774 diff --git a/providers/aws/checks/kms/check28 b/providers_old/aws/checks/kms/check28 similarity index 100% rename from providers/aws/checks/kms/check28 rename to providers_old/aws/checks/kms/check28 diff --git a/providers/aws/checks/kms/check37 b/providers_old/aws/checks/kms/check37 similarity index 100% rename from providers/aws/checks/kms/check37 rename to providers_old/aws/checks/kms/check37 diff --git a/providers/aws/checks/kms/check_extra7126 b/providers_old/aws/checks/kms/check_extra7126 similarity index 99% rename from providers/aws/checks/kms/check_extra7126 rename to providers_old/aws/checks/kms/check_extra7126 index 31d9fdeb..fbd67c62 100644 --- a/providers/aws/checks/kms/check_extra7126 +++ b/providers_old/aws/checks/kms/check_extra7126 @@ -42,4 +42,4 @@ extra7126(){ textInfo "$regx: No KMS keys found" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/kms/check_extra736 b/providers_old/aws/checks/kms/check_extra736 similarity index 99% rename from providers/aws/checks/kms/check_extra736 rename to providers_old/aws/checks/kms/check_extra736 index 4c97e345..10c42a87 100644 --- a/providers/aws/checks/kms/check_extra736 +++ b/providers_old/aws/checks/kms/check_extra736 @@ -36,7 +36,7 @@ extra736(){ do KMS_KEY_MANAGER=$($AWSCLI kms describe-key $PROFILE_OPT --region "${regx}" --key-id "${keyID}" --query "KeyMetadata.KeyManager" --output text) if [[ "${KMS_KEY_MANAGER}" == "CUSTOMER" ]] - then + then CUSTOMER_MANAGED_KMS_KEYS+=( "${keyID}" ) fi done diff --git a/providers/aws/checks/lambda/check_extra7145 b/providers_old/aws/checks/lambda/check_extra7145 similarity index 100% rename from providers/aws/checks/lambda/check_extra7145 rename to providers_old/aws/checks/lambda/check_extra7145 diff --git a/providers/aws/checks/lambda/check_extra7179 b/providers_old/aws/checks/lambda/check_extra7179 similarity index 100% rename from providers/aws/checks/lambda/check_extra7179 rename to providers_old/aws/checks/lambda/check_extra7179 diff --git a/providers/aws/checks/lambda/check_extra7180 b/providers_old/aws/checks/lambda/check_extra7180 similarity index 100% rename from providers/aws/checks/lambda/check_extra7180 rename to providers_old/aws/checks/lambda/check_extra7180 diff --git a/providers/aws/checks/lambda/check_extra720 b/providers_old/aws/checks/lambda/check_extra720 similarity index 100% rename from providers/aws/checks/lambda/check_extra720 rename to providers_old/aws/checks/lambda/check_extra720 diff --git a/providers/aws/checks/lambda/check_extra759 b/providers_old/aws/checks/lambda/check_extra759 similarity index 99% rename from providers/aws/checks/lambda/check_extra759 rename to providers_old/aws/checks/lambda/check_extra759 index e8a71222..9aaef3c9 100644 --- a/providers/aws/checks/lambda/check_extra759 +++ b/providers_old/aws/checks/lambda/check_extra759 @@ -39,7 +39,7 @@ extra759(){ if [[ $(echo "$LIST_OF_FUNCTIONS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to list functions" "$regx" continue - fi + fi if [[ $LIST_OF_FUNCTIONS ]]; then for lambdafunction in $LIST_OF_FUNCTIONS;do LAMBDA_FUNCTION_VARIABLES_FILE="$SECRETS_TEMP_FOLDER/extra759-$lambdafunction-$regx-variables.txt" diff --git a/providers/aws/checks/lambda/check_extra760 b/providers_old/aws/checks/lambda/check_extra760 similarity index 99% rename from providers/aws/checks/lambda/check_extra760 rename to providers_old/aws/checks/lambda/check_extra760 index 8c7a265f..7383d11b 100644 --- a/providers/aws/checks/lambda/check_extra760 +++ b/providers_old/aws/checks/lambda/check_extra760 @@ -49,9 +49,9 @@ extra760(){ textInfo "${regx}: Access Denied trying to get Lambda functions" "${regx}" "${lambdafunction}" continue fi - + mkdir "${LAMBDA_FUNCTION_FOLDER}" - + # DOWNLOAD the code in a zip file CURL_ERROR=$(curl -s --show-error "${LAMBDA_CODE_LOCATION}" -o "${LAMBDA_FUNCTION_FOLDER}/${LAMBDA_FUNCTION_FILE}" 2>&1) if [[ -n "${CURL_ERROR}" ]]; then diff --git a/providers/aws/checks/lambda/check_extra762 b/providers_old/aws/checks/lambda/check_extra762 similarity index 99% rename from providers/aws/checks/lambda/check_extra762 rename to providers_old/aws/checks/lambda/check_extra762 index dfa41438..9fc6dc6f 100644 --- a/providers/aws/checks/lambda/check_extra762 +++ b/providers_old/aws/checks/lambda/check_extra762 @@ -34,7 +34,7 @@ extra762(){ if [[ $(echo "$LIST_OF_FUNCTIONS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to list functions" "$regx" continue - fi + fi if [[ $LIST_OF_FUNCTIONS ]]; then for lambdafunction in $LIST_OF_FUNCTIONS;do fname=$(echo "$lambdafunction" | cut -d'%' -f1) diff --git a/providers/aws/checks/lambda/check_extra798 b/providers_old/aws/checks/lambda/check_extra798 similarity index 100% rename from providers/aws/checks/lambda/check_extra798 rename to providers_old/aws/checks/lambda/check_extra798 diff --git a/providers/aws/checks/macie/check_extra712 b/providers_old/aws/checks/macie/check_extra712 similarity index 86% rename from providers/aws/checks/macie/check_extra712 rename to providers_old/aws/checks/macie/check_extra712 index d14d60ba..1d6562d4 100644 --- a/providers/aws/checks/macie/check_extra712 +++ b/providers_old/aws/checks/macie/check_extra712 @@ -23,11 +23,11 @@ CHECK_REMEDIATION_extra712='Enable Amazon Macie and create appropriate jobs to d CHECK_DOC_extra712='https://docs.aws.amazon.com/macie/latest/user/getting-started.html' CHECK_CAF_EPIC_extra712='Data Protection' - extra712(){ -# "No API commands available to check if Macie is enabled," -# "just looking if IAM Macie related permissions exist. " - MACIE_IAM_ROLES_CREATED=$($AWSCLI iam list-roles $PROFILE_OPT --query 'Roles[*].Arn'|grep AWSMacieServiceCustomer|wc -l) - if [[ $MACIE_IAM_ROLES_CREATED -eq 2 ]];then + extra712(){ +# "No API commands available to check if Macie is enabled," +# "just looking if IAM Macie related permissions exist. " + MACIE_IAM_ROLES_CREATED=$($AWSCLI iam list-roles $PROFILE_OPT --query 'Roles[*].Arn'|grep AWSMacieServiceCustomer|wc -l) + if [[ $MACIE_IAM_ROLES_CREATED -eq 2 ]];then textPass "$REGION: Macie related IAM roles exist so it might be enabled. Check it out manually" "$REGION" else textFail "$REGION: No Macie related IAM roles found. It is most likely not to be enabled" "$REGION" diff --git a/providers/aws/checks/rds/check_extra7113 b/providers_old/aws/checks/rds/check_extra7113 similarity index 98% rename from providers/aws/checks/rds/check_extra7113 rename to providers_old/aws/checks/rds/check_extra7113 index 47fa2908..89dac00e 100644 --- a/providers/aws/checks/rds/check_extra7113 +++ b/providers_old/aws/checks/rds/check_extra7113 @@ -52,7 +52,7 @@ extra7113(){ fi done else - textInfo "$regx: No RDS instances found" "$regx" + textInfo "$regx: No RDS instances found" "$regx" fi done } diff --git a/providers/aws/checks/rds/check_extra7131 b/providers_old/aws/checks/rds/check_extra7131 similarity index 97% rename from providers/aws/checks/rds/check_extra7131 rename to providers_old/aws/checks/rds/check_extra7131 index af4bc429..ac08d35c 100644 --- a/providers/aws/checks/rds/check_extra7131 +++ b/providers_old/aws/checks/rds/check_extra7131 @@ -35,7 +35,7 @@ extra7131(){ while read -r rds_instance;do RDS_NAME=$(echo $rds_instance | awk '{ print $1; }') RDS_AUTOMINORUPGRADE_FLAG=$(echo $rds_instance | awk '{ print $2; }') - if [[ $RDS_AUTOMINORUPGRADE_FLAG == "True" ]];then + if [[ $RDS_AUTOMINORUPGRADE_FLAG == "True" ]];then textPass "$regx: RDS instance: $RDS_NAME is has minor version upgrade enabled" "$regx" "$RDS_NAME" else textFail "$regx: RDS instance: $RDS_NAME does not have minor version upgrade enabled" "$regx" "$RDS_NAME" diff --git a/providers/aws/checks/rds/check_extra7132 b/providers_old/aws/checks/rds/check_extra7132 similarity index 97% rename from providers/aws/checks/rds/check_extra7132 rename to providers_old/aws/checks/rds/check_extra7132 index a2bbba74..d3f0c9c4 100644 --- a/providers/aws/checks/rds/check_extra7132 +++ b/providers_old/aws/checks/rds/check_extra7132 @@ -34,7 +34,7 @@ extra7132(){ for rdsinstance in ${RDS_INSTANCES}; do RDS_NAME="$rdsinstance" MONITORING_FLAG=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].[EnhancedMonitoringResourceArn]' --output text) - if [[ $MONITORING_FLAG == "None" ]];then + if [[ $MONITORING_FLAG == "None" ]];then textFail "$regx: RDS instance: $RDS_NAME has enhanced monitoring disabled!" "$rex" "$RDS_NAME" else textPass "$regx: RDS instance: $RDS_NAME has enhanced monitoring enabled." "$regx" "$RDS_NAME" diff --git a/providers/aws/checks/rds/check_extra7133 b/providers_old/aws/checks/rds/check_extra7133 similarity index 98% rename from providers/aws/checks/rds/check_extra7133 rename to providers_old/aws/checks/rds/check_extra7133 index eae0f3a0..d39c20b8 100644 --- a/providers/aws/checks/rds/check_extra7133 +++ b/providers_old/aws/checks/rds/check_extra7133 @@ -34,7 +34,7 @@ extra7133(){ for rdsinstance in ${RDS_INSTANCES}; do RDS_NAME="$rdsinstance" MULTIAZ_FLAG=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].MultiAZ' --output text) - if [[ $MULTIAZ_FLAG == "True" ]];then + if [[ $MULTIAZ_FLAG == "True" ]];then textPass "$regx: RDS instance: $RDS_NAME has multi-AZ enabled" "$regx" "$RDS_NAME" else textFail "$regx: RDS instance: $RDS_NAME has multi-AZ disabled!" "$regx" "$RDS_NAME" diff --git a/providers/aws/checks/rds/check_extra723 b/providers_old/aws/checks/rds/check_extra723 similarity index 99% rename from providers/aws/checks/rds/check_extra723 rename to providers_old/aws/checks/rds/check_extra723 index 7f4aee3f..617b3bcb 100644 --- a/providers/aws/checks/rds/check_extra723 +++ b/providers_old/aws/checks/rds/check_extra723 @@ -31,7 +31,7 @@ extra723(){ if [[ $(echo "$LIST_OF_RDS_SNAPSHOTS" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to describe db snapshots" "$regx" continue - fi + fi if [[ $LIST_OF_RDS_SNAPSHOTS ]]; then for rdssnapshot in $LIST_OF_RDS_SNAPSHOTS;do SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-snapshot-attributes $PROFILE_OPT --region $regx --db-snapshot-identifier $rdssnapshot --query DBSnapshotAttributesResult.DBSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all) diff --git a/providers/aws/checks/rds/check_extra735 b/providers_old/aws/checks/rds/check_extra735 similarity index 99% rename from providers/aws/checks/rds/check_extra735 rename to providers_old/aws/checks/rds/check_extra735 index 1ce59e60..0c79f388 100644 --- a/providers/aws/checks/rds/check_extra735 +++ b/providers_old/aws/checks/rds/check_extra735 @@ -30,7 +30,7 @@ extra735(){ if [[ $(echo "$LIST_OF_RDS_INSTANCES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe DB instances" "$regx" continue - fi + fi if [[ $LIST_OF_RDS_INSTANCES ]];then for rdsinstance in $LIST_OF_RDS_INSTANCES; do IS_ENCRYPTED=$($AWSCLI rds describe-db-instances $PROFILE_OPT --region $regx --db-instance-identifier $rdsinstance --query 'DBInstances[*].StorageEncrypted' --output text) diff --git a/providers/aws/checks/rds/check_extra739 b/providers_old/aws/checks/rds/check_extra739 similarity index 99% rename from providers/aws/checks/rds/check_extra739 rename to providers_old/aws/checks/rds/check_extra739 index 06a67723..162b1a17 100644 --- a/providers/aws/checks/rds/check_extra739 +++ b/providers_old/aws/checks/rds/check_extra739 @@ -29,7 +29,7 @@ extra739(){ if [[ $(echo "$LIST_OF_RDS_INSTANCES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe DB instances" "$regx" continue - fi + fi if [[ $LIST_OF_RDS_INSTANCES ]];then for rdsinstance in $LIST_OF_RDS_INSTANCES; do # if retention is 0 then is disabled diff --git a/providers/aws/checks/rds/check_extra747 b/providers_old/aws/checks/rds/check_extra747 similarity index 99% rename from providers/aws/checks/rds/check_extra747 rename to providers_old/aws/checks/rds/check_extra747 index ade2b32f..4efd62ef 100644 --- a/providers/aws/checks/rds/check_extra747 +++ b/providers_old/aws/checks/rds/check_extra747 @@ -29,7 +29,7 @@ extra747(){ if [[ $(echo "$LIST_OF_RDS_INSTANCES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to get rest APIs" "$regx" continue - fi + fi if [[ $LIST_OF_RDS_INSTANCES ]];then for rdsinstance in $LIST_OF_RDS_INSTANCES; do # if retention is 0 then is disabled diff --git a/providers/aws/checks/rds/check_extra78 b/providers_old/aws/checks/rds/check_extra78 similarity index 100% rename from providers/aws/checks/rds/check_extra78 rename to providers_old/aws/checks/rds/check_extra78 diff --git a/providers/aws/checks/redshift/check_extra711 b/providers_old/aws/checks/redshift/check_extra711 similarity index 100% rename from providers/aws/checks/redshift/check_extra711 rename to providers_old/aws/checks/redshift/check_extra711 diff --git a/providers/aws/checks/redshift/check_extra7149 b/providers_old/aws/checks/redshift/check_extra7149 similarity index 100% rename from providers/aws/checks/redshift/check_extra7149 rename to providers_old/aws/checks/redshift/check_extra7149 diff --git a/providers/aws/checks/redshift/check_extra7160 b/providers_old/aws/checks/redshift/check_extra7160 similarity index 99% rename from providers/aws/checks/redshift/check_extra7160 rename to providers_old/aws/checks/redshift/check_extra7160 index 066fa66b..cafbec7e 100644 --- a/providers/aws/checks/redshift/check_extra7160 +++ b/providers_old/aws/checks/redshift/check_extra7160 @@ -43,4 +43,4 @@ extra7160(){ textInfo "$regx: No Redshift Clusters found" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/redshift/check_extra721 b/providers_old/aws/checks/redshift/check_extra721 similarity index 99% rename from providers/aws/checks/redshift/check_extra721 rename to providers_old/aws/checks/redshift/check_extra721 index 4d4116ff..96a1fe30 100644 --- a/providers/aws/checks/redshift/check_extra721 +++ b/providers_old/aws/checks/redshift/check_extra721 @@ -30,7 +30,7 @@ extra721(){ if [[ $(echo "$LIST_OF_REDSHIFT_CLUSTERS" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to describe clusters" "$regx" continue - fi + fi if [[ $LIST_OF_REDSHIFT_CLUSTERS ]]; then for redshiftcluster in $LIST_OF_REDSHIFT_CLUSTERS;do REDSHIFT_LOG_ENABLED=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query LoggingEnabled --output text | grep True) diff --git a/providers/aws/checks/route53/check_extra7152 b/providers_old/aws/checks/route53/check_extra7152 similarity index 100% rename from providers/aws/checks/route53/check_extra7152 rename to providers_old/aws/checks/route53/check_extra7152 diff --git a/providers/aws/checks/route53/check_extra7153 b/providers_old/aws/checks/route53/check_extra7153 similarity index 100% rename from providers/aws/checks/route53/check_extra7153 rename to providers_old/aws/checks/route53/check_extra7153 diff --git a/providers/aws/checks/route53/check_extra719 b/providers_old/aws/checks/route53/check_extra719 similarity index 97% rename from providers/aws/checks/route53/check_extra719 rename to providers_old/aws/checks/route53/check_extra719 index 20ad0a80..4b550e57 100644 --- a/providers/aws/checks/route53/check_extra719 +++ b/providers_old/aws/checks/route53/check_extra719 @@ -36,6 +36,6 @@ extra719(){ fi done else - textInfo "$REGION: No Route53 hosted zones found" "$REGION" + textInfo "$REGION: No Route53 hosted zones found" "$REGION" fi } diff --git a/providers/aws/checks/s3/check26 b/providers_old/aws/checks/s3/check26 similarity index 100% rename from providers/aws/checks/s3/check26 rename to providers_old/aws/checks/s3/check26 diff --git a/providers/aws/checks/s3/check38 b/providers_old/aws/checks/s3/check38 similarity index 100% rename from providers/aws/checks/s3/check38 rename to providers_old/aws/checks/s3/check38 diff --git a/providers/aws/checks/s3/check_extra7172 b/providers_old/aws/checks/s3/check_extra7172 similarity index 100% rename from providers/aws/checks/s3/check_extra7172 rename to providers_old/aws/checks/s3/check_extra7172 diff --git a/providers/aws/checks/s3/check_extra718 b/providers_old/aws/checks/s3/check_extra718 similarity index 100% rename from providers/aws/checks/s3/check_extra718 rename to providers_old/aws/checks/s3/check_extra718 diff --git a/providers/aws/checks/s3/check_extra725 b/providers_old/aws/checks/s3/check_extra725 similarity index 100% rename from providers/aws/checks/s3/check_extra725 rename to providers_old/aws/checks/s3/check_extra725 diff --git a/providers/aws/checks/s3/check_extra73 b/providers_old/aws/checks/s3/check_extra73 similarity index 100% rename from providers/aws/checks/s3/check_extra73 rename to providers_old/aws/checks/s3/check_extra73 diff --git a/providers/aws/checks/s3/check_extra734 b/providers_old/aws/checks/s3/check_extra734 similarity index 100% rename from providers/aws/checks/s3/check_extra734 rename to providers_old/aws/checks/s3/check_extra734 diff --git a/providers/aws/checks/s3/check_extra763 b/providers_old/aws/checks/s3/check_extra763 similarity index 100% rename from providers/aws/checks/s3/check_extra763 rename to providers_old/aws/checks/s3/check_extra763 diff --git a/providers/aws/checks/s3/check_extra764 b/providers_old/aws/checks/s3/check_extra764 similarity index 100% rename from providers/aws/checks/s3/check_extra764 rename to providers_old/aws/checks/s3/check_extra764 diff --git a/providers/aws/checks/s3/check_extra771 b/providers_old/aws/checks/s3/check_extra771 similarity index 100% rename from providers/aws/checks/s3/check_extra771 rename to providers_old/aws/checks/s3/check_extra771 diff --git a/providers/aws/checks/sagemaker/check_extra7103 b/providers_old/aws/checks/sagemaker/check_extra7103 similarity index 95% rename from providers/aws/checks/sagemaker/check_extra7103 rename to providers_old/aws/checks/sagemaker/check_extra7103 index 97713f20..33f4fd87 100644 --- a/providers/aws/checks/sagemaker/check_extra7103 +++ b/providers_old/aws/checks/sagemaker/check_extra7103 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -10,7 +10,7 @@ # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. - + CHECK_ID_extra7103="7.103" CHECK_TITLE_extra7103="[extra7103] Check if Amazon SageMaker Notebook instances have root access disabled" CHECK_SCORED_extra7103="NOT_SCORED" @@ -31,18 +31,17 @@ extra7103(){ textInfo "$regx: Access Denied trying to list notebook instances" "$regx" continue fi - if [[ $LIST_SM_NB_INSTANCES ]];then + if [[ $LIST_SM_NB_INSTANCES ]];then for nb_instance in $LIST_SM_NB_INSTANCES; do SM_NB_ROOTACCESS=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'RootAccess' --output text) if [[ "${SM_NB_ROOTACCESS}" == "Enabled" ]]; then textFail "${regx}: Sagemaker Notebook instance $nb_instance has root access enabled" "${regx}" "$nb_instance" else - textPass "${regx}: Sagemaker Notebook instance $nb_instance has root access disabled" "${regx}" "$nb_instance" - fi + textPass "${regx}: Sagemaker Notebook instance $nb_instance has root access disabled" "${regx}" "$nb_instance" + fi done - else + else textInfo "${regx}: No Sagemaker Notebook instances found" "${regx}" - fi + fi done } - \ No newline at end of file diff --git a/providers/aws/checks/sagemaker/check_extra7104 b/providers_old/aws/checks/sagemaker/check_extra7104 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7104 rename to providers_old/aws/checks/sagemaker/check_extra7104 index c1a44d44..7677db48 100644 --- a/providers/aws/checks/sagemaker/check_extra7104 +++ b/providers_old/aws/checks/sagemaker/check_extra7104 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,17 +31,17 @@ extra7104(){ textInfo "$regx: Access Denied trying to list notebook instances" "$regx" continue fi - if [[ $LIST_SM_NB_INSTANCES ]];then + if [[ $LIST_SM_NB_INSTANCES ]];then for nb_instance in $LIST_SM_NB_INSTANCES; do SM_NB_SUBNETID=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'SubnetId' --output text) if [[ "${SM_NB_SUBNETID}" == "None" ]]; then textFail "${regx}: Sagemaker Notebook instance $nb_instance has VPC settings disabled" "${regx}" "$nb_instance" else textPass "${regx}: Sagemaker Notebook instance $nb_instance is in a VPC" "${regx}" "$nb_instance" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Notebook instances found" "${regx}" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/sagemaker/check_extra7105 b/providers_old/aws/checks/sagemaker/check_extra7105 similarity index 97% rename from providers/aws/checks/sagemaker/check_extra7105 rename to providers_old/aws/checks/sagemaker/check_extra7105 index 5ba8d94d..cbff235d 100644 --- a/providers/aws/checks/sagemaker/check_extra7105 +++ b/providers_old/aws/checks/sagemaker/check_extra7105 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,18 +31,17 @@ extra7105(){ textInfo "$regx: Access Denied trying to list models" "$regx" continue fi - if [[ $LIST_SM_NB_MODELS ]];then + if [[ $LIST_SM_NB_MODELS ]];then for nb_model_name in $LIST_SM_NB_MODELS; do SM_NB_NETWORKISOLATION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-model --model-name $nb_model_name --query 'EnableNetworkIsolation' --output text) if [[ $SM_NB_NETWORKISOLATION == False ]]; then textFail "${regx}: SageMaker Model $nb_model_name has network isolation disabled" "${regx}" "$nb_model_name" else textPass "${regx}: SageMaker Model $nb_model_name has network isolation enabled" "${regx}" "$nb_model_name" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Models found" "${regx}" - fi + fi done } - \ No newline at end of file diff --git a/providers/aws/checks/sagemaker/check_extra7106 b/providers_old/aws/checks/sagemaker/check_extra7106 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7106 rename to providers_old/aws/checks/sagemaker/check_extra7106 index 9863edf7..be3d5d7f 100644 --- a/providers/aws/checks/sagemaker/check_extra7106 +++ b/providers_old/aws/checks/sagemaker/check_extra7106 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,18 +31,17 @@ extra7106(){ textInfo "$regx: Access Denied trying to list models" "$regx" continue fi - if [[ $LIST_SM_NB_MODELS ]];then + if [[ $LIST_SM_NB_MODELS ]];then for nb_model_name in $LIST_SM_NB_MODELS; do SM_NB_VPCCONFIG=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-model --model-name $nb_model_name --query 'VpcConfig.Subnets' --output text) if [[ $SM_NB_VPCCONFIG == "None" ]]; then textFail "${regx}: Amazon SageMaker Model $nb_model_name has VPC settings disabled" "${regx}" "$nb_model_name" else textPass "${regx}: Amazon SageMaker Model $nb_model_name has VPC settings enabled" "${regx}" "$nb_model_name" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Models found" "${regx}" - fi + fi done } - \ No newline at end of file diff --git a/providers/aws/checks/sagemaker/check_extra7107 b/providers_old/aws/checks/sagemaker/check_extra7107 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7107 rename to providers_old/aws/checks/sagemaker/check_extra7107 index 1a94873b..19ad16f5 100644 --- a/providers/aws/checks/sagemaker/check_extra7107 +++ b/providers_old/aws/checks/sagemaker/check_extra7107 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,18 +31,17 @@ extra7107(){ textInfo "$regx: Access Denied trying to list training jobs" "$regx" continue fi - if [[ $LIST_SM_NB_JOBS ]];then + if [[ $LIST_SM_NB_JOBS ]];then for nb_job_name in $LIST_SM_NB_JOBS; do SM_NB_INTERCONTAINERENCRYPTION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'EnableInterContainerTrafficEncryption' --output text) if [[ $SM_NB_INTERCONTAINERENCRYPTION == "False" ]]; then textFail "${regx}: SageMaker Training job $nb_job_name has intercontainer encryption disabled" "${regx}" "$nb_job_name" else textPass "${regx}: SageMaker Training jobs $nb_job_name has intercontainer encryption enabled" "${regx}" "$nb_job_name" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Training found" "${regx}" - fi + fi done } - \ No newline at end of file diff --git a/providers/aws/checks/sagemaker/check_extra7108 b/providers_old/aws/checks/sagemaker/check_extra7108 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7108 rename to providers_old/aws/checks/sagemaker/check_extra7108 index 183cd302..5f4311f5 100644 --- a/providers/aws/checks/sagemaker/check_extra7108 +++ b/providers_old/aws/checks/sagemaker/check_extra7108 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,17 +31,17 @@ extra7108(){ textInfo "$regx: Access Denied trying to list training jobs" "$regx" continue fi - if [[ $LIST_SM_NB_JOBS ]];then + if [[ $LIST_SM_NB_JOBS ]];then for nb_job_name in $LIST_SM_NB_JOBS; do SM_JOB_KMSENCRYPTION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'ResourceConfig.VolumeKmsKeyId' --output text) if [[ "${SM_JOB_KMSENCRYPTION}" == "None" ]];then textFail "${regx}: Sagemaker Trainings job $nb_job_name has KMS encryption disabled" "${regx}" "$nb_job_name" else textPass "${regx}: Sagemaker Trainings job $nb_job_name has KSM encryption enabled" "${regx}" "$nb_job_name" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Trainings jobs found" "${regx}" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/sagemaker/check_extra7109 b/providers_old/aws/checks/sagemaker/check_extra7109 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7109 rename to providers_old/aws/checks/sagemaker/check_extra7109 index 8775ee74..55c66afc 100644 --- a/providers/aws/checks/sagemaker/check_extra7109 +++ b/providers_old/aws/checks/sagemaker/check_extra7109 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,18 +31,17 @@ extra7109(){ textInfo "$regx: Access Denied trying to list training jobs" "$regx" continue fi - if [[ $LIST_SM_NB_JOBS ]];then + if [[ $LIST_SM_NB_JOBS ]];then for nb_job_name in $LIST_SM_NB_JOBS; do SM_NB_NETWORKISOLATION=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'EnableNetworkIsolation' --output text) if [[ $SM_NB_NETWORKISOLATION == False ]]; then textFail "${regx}: Sagemaker Training job $nb_job_name has network isolation disabled" "${regx}" "$nb_job_name" else textPass "${regx}: Sagemaker Training job $nb_job_name has network isolation enabled" "${regx}" "$nb_job_name" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Trainings jobs found" "${regx}" - fi + fi done } - \ No newline at end of file diff --git a/providers/aws/checks/sagemaker/check_extra7110 b/providers_old/aws/checks/sagemaker/check_extra7110 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7110 rename to providers_old/aws/checks/sagemaker/check_extra7110 index 151d35cf..9d4d8d0f 100644 --- a/providers/aws/checks/sagemaker/check_extra7110 +++ b/providers_old/aws/checks/sagemaker/check_extra7110 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -23,7 +23,7 @@ CHECK_RISK_extra7110='This could provide an avenue for unauthorized access to yo CHECK_REMEDIATION_extra7110='Restrict which traffic can access by launching Studio in a Virtual Private Cloud (VPC) of your choosing.' CHECK_DOC_extra7110='https://docs.aws.amazon.com/sagemaker/latest/dg/interface-vpc-endpoint.html' CHECK_CAF_EPIC_extra7110='Infrastructure Security' - + extra7110(){ for regx in ${REGIONS}; do LIST_SM_NB_JOBS=$($AWSCLI $PROFILE_OPT --region $regx sagemaker list-training-jobs --query 'TrainingJobSummaries[*].TrainingJobName' --output text 2>&1) @@ -31,18 +31,17 @@ extra7110(){ textInfo "$regx: Access Denied trying to list training jobs" "$regx" continue fi - if [[ $LIST_SM_NB_JOBS ]];then + if [[ $LIST_SM_NB_JOBS ]];then for nb_job_name in $LIST_SM_NB_JOBS; do SM_NB_SUBNETS=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-training-job --training-job-name $nb_job_name --query 'VpcConfig.Subnets' --output text) if [[ $SM_NB_SUBNETS == "None" ]]; then textFail "${regx}: Sagemaker Training job $nb_job_name has VPC settings for the training job volume and output disabled" "${regx}" "$nb_job_name" else textPass "${regx}: Sagemaker Training job $nb_job_name has VPC settings for the training job volume and output enabled" "${regx}" "$nb_job_name" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Trainings jobs found" "${regx}" - fi + fi done } - \ No newline at end of file diff --git a/providers/aws/checks/sagemaker/check_extra7111 b/providers_old/aws/checks/sagemaker/check_extra7111 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7111 rename to providers_old/aws/checks/sagemaker/check_extra7111 index 936931fd..2e632f21 100644 --- a/providers/aws/checks/sagemaker/check_extra7111 +++ b/providers_old/aws/checks/sagemaker/check_extra7111 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,17 +31,17 @@ extra7111(){ textInfo "$regx: Access Denied trying to list notebook instances" "$regx" continue fi - if [[ $LIST_SM_NB_INSTANCES ]];then + if [[ $LIST_SM_NB_INSTANCES ]];then for nb_instance in $LIST_SM_NB_INSTANCES; do SM_NB_DIRECTINET=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'DirectInternetAccess' --output text) if [[ "${SM_NB_DIRECTINET}" == "Enabled" ]]; then textFail "${regx}: Sagemaker Notebook instance $nb_instance has direct internet access enabled" "${regx}" "$nb_instance" else textPass "${regx}: Sagemaker Notebook instance $nb_instance has direct internet access disabled" "${regx}" "$nb_instance" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Notebook instances found" "${regx}" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/sagemaker/check_extra7112 b/providers_old/aws/checks/sagemaker/check_extra7112 similarity index 96% rename from providers/aws/checks/sagemaker/check_extra7112 rename to providers_old/aws/checks/sagemaker/check_extra7112 index c3143cb7..78ae27ad 100644 --- a/providers/aws/checks/sagemaker/check_extra7112 +++ b/providers_old/aws/checks/sagemaker/check_extra7112 @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + # Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente # # Licensed under the Apache License, Version 2.0 (the "License"); you may not @@ -31,17 +31,17 @@ extra7112(){ textInfo "$regx: Access Denied trying to list notebook instances" "$regx" continue fi - if [[ $LIST_SM_NB_INSTANCES ]];then + if [[ $LIST_SM_NB_INSTANCES ]];then for nb_instance in $LIST_SM_NB_INSTANCES; do SM_NB_KMSKEY=$($AWSCLI $PROFILE_OPT --region $regx sagemaker describe-notebook-instance --notebook-instance-name $nb_instance --query 'KmsKeyId' --output text) if [[ "${SM_NB_KMSKEY}" == "None" ]]; then textFail "${regx}: Sagemaker Notebook instance $nb_instance has data encryption disabled" "${regx}" "$nb_instance" else textPass "${regx}: Sagemaker Notebook instance $nb_instance has data encryption enabled" "${regx}" "$nb_instance" - fi + fi done - else + else textInfo "${regx}: No Sagemaker Notebook instances found" "${regx}" - fi + fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/secretsmanager/check_extra7163 b/providers_old/aws/checks/secretsmanager/check_extra7163 similarity index 100% rename from providers/aws/checks/secretsmanager/check_extra7163 rename to providers_old/aws/checks/secretsmanager/check_extra7163 diff --git a/providers/aws/checks/securityhub/check_extra799 b/providers_old/aws/checks/securityhub/check_extra799 similarity index 99% rename from providers/aws/checks/securityhub/check_extra799 rename to providers_old/aws/checks/securityhub/check_extra799 index b96f062a..131f6829 100644 --- a/providers/aws/checks/securityhub/check_extra799 +++ b/providers_old/aws/checks/securityhub/check_extra799 @@ -27,7 +27,7 @@ CHECK_CAF_EPIC_extra799='Logging and Monitoring' extra799(){ for regx in $REGIONS; do # If command below fails get nothing then it there are no subscriptions and Security Hub is not enabled. - LIST_OF_SECHUB_SUBSCRIPTIONS=$($AWSCLI $PROFILE_OPT --region $regx securityhub get-enabled-standards --query 'StandardsSubscriptions[?StandardsStatus == `READY`].StandardsSubscriptionArn' --output json 2>/dev/null | awk -F "/" '{ print $2 }' | tr '\n' ' ' ) + LIST_OF_SECHUB_SUBSCRIPTIONS=$($AWSCLI $PROFILE_OPT --region $regx securityhub get-enabled-standards --query 'StandardsSubscriptions[?StandardsStatus == `READY`].StandardsSubscriptionArn' --output json 2>/dev/null | awk -F "/" '{ print $2 }' | tr '\n' ' ' ) if [[ $LIST_OF_SECHUB_SUBSCRIPTIONS ]]; then textPass "$regx: Security Hub is enabled with standards $LIST_OF_SECHUB_SUBSCRIPTIONS" "$regx" else diff --git a/providers/aws/checks/shield/check_extra7166 b/providers_old/aws/checks/shield/check_extra7166 similarity index 100% rename from providers/aws/checks/shield/check_extra7166 rename to providers_old/aws/checks/shield/check_extra7166 diff --git a/providers/aws/checks/shield/check_extra7167 b/providers_old/aws/checks/shield/check_extra7167 similarity index 100% rename from providers/aws/checks/shield/check_extra7167 rename to providers_old/aws/checks/shield/check_extra7167 diff --git a/providers/aws/checks/shield/check_extra7168 b/providers_old/aws/checks/shield/check_extra7168 similarity index 100% rename from providers/aws/checks/shield/check_extra7168 rename to providers_old/aws/checks/shield/check_extra7168 diff --git a/providers/aws/checks/shield/check_extra7169 b/providers_old/aws/checks/shield/check_extra7169 similarity index 100% rename from providers/aws/checks/shield/check_extra7169 rename to providers_old/aws/checks/shield/check_extra7169 diff --git a/providers/aws/checks/shield/check_extra7170 b/providers_old/aws/checks/shield/check_extra7170 similarity index 100% rename from providers/aws/checks/shield/check_extra7170 rename to providers_old/aws/checks/shield/check_extra7170 diff --git a/providers/aws/checks/shield/check_extra7171 b/providers_old/aws/checks/shield/check_extra7171 similarity index 100% rename from providers/aws/checks/shield/check_extra7171 rename to providers_old/aws/checks/shield/check_extra7171 diff --git a/providers/aws/checks/sns/check_extra7130 b/providers_old/aws/checks/sns/check_extra7130 similarity index 99% rename from providers/aws/checks/sns/check_extra7130 rename to providers_old/aws/checks/sns/check_extra7130 index 0980eea9..20baecac 100644 --- a/providers/aws/checks/sns/check_extra7130 +++ b/providers_old/aws/checks/sns/check_extra7130 @@ -30,7 +30,7 @@ extra7130(){ if [[ $(echo "$LIST_SNS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to list topics" "$regx" continue - fi + fi if [[ $LIST_SNS ]];then for topic in $LIST_SNS; do SHORT_TOPIC=$(echo $topic | awk -F ":" '{print $NF}') diff --git a/providers/aws/checks/sns/check_extra731 b/providers_old/aws/checks/sns/check_extra731 similarity index 99% rename from providers/aws/checks/sns/check_extra731 rename to providers_old/aws/checks/sns/check_extra731 index fabb05eb..93a40966 100644 --- a/providers/aws/checks/sns/check_extra731 +++ b/providers_old/aws/checks/sns/check_extra731 @@ -30,7 +30,7 @@ extra731(){ if [[ $(echo "$LIST_SNS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to list topics" "$regx" continue - fi + fi if [[ $LIST_SNS ]]; then for topic in $LIST_SNS; do SHORT_TOPIC=$(echo $topic| cut -d: -f6) @@ -55,4 +55,4 @@ extra731(){ textInfo "$regx: No SNS topic found" "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/sqs/check_extra727 b/providers_old/aws/checks/sqs/check_extra727 similarity index 99% rename from providers/aws/checks/sqs/check_extra727 rename to providers_old/aws/checks/sqs/check_extra727 index c6b9a792..366e3720 100644 --- a/providers/aws/checks/sqs/check_extra727 +++ b/providers_old/aws/checks/sqs/check_extra727 @@ -30,7 +30,7 @@ extra727(){ if [[ $(echo "$LIST_SQS" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to list queues" "$regx" continue - fi + fi if [[ $LIST_SQS ]]; then for queue in $LIST_SQS; do SQS_POLICY=$($AWSCLI sqs get-queue-attributes --queue-url $queue $PROFILE_OPT --region $regx --attribute-names All --query Attributes.Policy) diff --git a/providers/aws/checks/sqs/check_extra728 b/providers_old/aws/checks/sqs/check_extra728 similarity index 99% rename from providers/aws/checks/sqs/check_extra728 rename to providers_old/aws/checks/sqs/check_extra728 index ada64c0f..dc3445bd 100644 --- a/providers/aws/checks/sqs/check_extra728 +++ b/providers_old/aws/checks/sqs/check_extra728 @@ -31,7 +31,7 @@ extra728(){ if [[ $(echo "$LIST_SQS" | grep -E 'AccessDenied|UnauthorizedOperation') ]]; then textInfo "$regx: Access Denied trying to list queues" "$regx" continue - fi + fi if [[ $LIST_SQS ]]; then for queue in $LIST_SQS; do # check if the policy has KmsMasterKeyId therefore SSE enabled diff --git a/providers/aws/checks/ssm/check_extra7124 b/providers_old/aws/checks/ssm/check_extra7124 similarity index 95% rename from providers/aws/checks/ssm/check_extra7124 rename to providers_old/aws/checks/ssm/check_extra7124 index 72b1e1c1..0e1df008 100644 --- a/providers/aws/checks/ssm/check_extra7124 +++ b/providers_old/aws/checks/ssm/check_extra7124 @@ -26,7 +26,7 @@ CHECK_CAF_EPIC_extra7124='Infrastructure Security' extra7124(){ for regx in $REGIONS; do - # Filters running instances only + # Filters running instances only LIST_EC2_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --query 'Reservations[*].Instances[*].[InstanceId]' --filters Name=instance-state-name,Values=running --region $regx --output text 2>&1) if [[ $(echo "$LIST_EC2_INSTANCES" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to describe instances" "$regx" @@ -39,13 +39,13 @@ extra7124(){ for instance in $LIST_EC2_UNMANAGED; do textFail "$regx: EC2 instance $instance is not managed by Systems Manager" "$regx" "$instance" done - fi + fi if [[ $LIST_SSM_MANAGED_INSTANCES ]]; then - for instance in $LIST_SSM_MANAGED_INSTANCES; do + for instance in $LIST_SSM_MANAGED_INSTANCES; do textPass "$regx: EC2 instance $instance is managed by Systems Manager" "$regx" "$instance" - done - fi - else + done + fi + else textInfo "$regx: No EC2 instances running found" "$regx" fi done diff --git a/providers/aws/checks/ssm/check_extra7127 b/providers_old/aws/checks/ssm/check_extra7127 similarity index 99% rename from providers/aws/checks/ssm/check_extra7127 rename to providers_old/aws/checks/ssm/check_extra7127 index 34650167..c448f421 100644 --- a/providers/aws/checks/ssm/check_extra7127 +++ b/providers_old/aws/checks/ssm/check_extra7127 @@ -43,8 +43,8 @@ extra7127(){ for instance in $COMPLIANT_SSM_MANAGED_INSTANCES; do textPass "$regx: EC2 managed instance $instance is compliant" "$regx" "$instance" done - fi - else + fi + else textInfo "$regx: No EC2 managed instances found" "$regx" fi done diff --git a/providers/aws/checks/ssm/check_extra7140 b/providers_old/aws/checks/ssm/check_extra7140 similarity index 97% rename from providers/aws/checks/ssm/check_extra7140 rename to providers_old/aws/checks/ssm/check_extra7140 index 3cab4570..ad1efec6 100644 --- a/providers/aws/checks/ssm/check_extra7140 +++ b/providers_old/aws/checks/ssm/check_extra7140 @@ -22,15 +22,15 @@ CHECK_REMEDIATION_extra7140='Carefully review the contents of the document befor CHECK_DOC_extra7140='https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-before-you-share.html' CHECK_CAF_EPIC_extra7140='Data Protection' extra7140(){ - + for regx in $REGIONS; do SSM_DOCS=$($AWSCLI $PROFILE_OPT --region $regx ssm list-documents --filters Key=Owner,Values=Self --query DocumentIdentifiers[].Name --output text 2>&1) if [[ $(echo "$SSM_DOCS" | grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError') ]]; then textInfo "$regx: Access Denied trying to list documents" "$regx" continue - fi + fi if [[ $SSM_DOCS ]];then - for ssmdoc in $SSM_DOCS; do + for ssmdoc in $SSM_DOCS; do SSM_DOC_SHARED_ALL=$($AWSCLI $PROFILE_OPT --region $regx ssm describe-document-permission --name "$ssmdoc" --permission-type "Share" --query AccountIds[] --output text | grep all) if [[ $SSM_DOC_SHARED_ALL ]];then textFail "$regx: SSM Document $ssmdoc is public." "$regx" "$ssmdoc" @@ -42,4 +42,4 @@ extra7140(){ textInfo "$regx: No SSM Document found." "$regx" fi done -} \ No newline at end of file +} diff --git a/providers/aws/checks/ssm/check_extra7141 b/providers_old/aws/checks/ssm/check_extra7141 similarity index 98% rename from providers/aws/checks/ssm/check_extra7141 rename to providers_old/aws/checks/ssm/check_extra7141 index e47f98e1..e664a5a8 100644 --- a/providers/aws/checks/ssm/check_extra7141 +++ b/providers_old/aws/checks/ssm/check_extra7141 @@ -41,7 +41,7 @@ extra7141(){ continue fi if [[ ${SSM_DOCS} ]];then - for ssmdoc in ${SSM_DOCS}; do + for ssmdoc in ${SSM_DOCS}; do SSM_DOC_FILE="${SECRETS_TEMP_FOLDER}/extra7141-${ssmdoc}-${regx}-content.txt" "${AWSCLI}" ${PROFILE_OPT} --region "${regx}" ssm get-document --name "${ssmdoc}" --output text --document-format JSON > "${SSM_DOC_FILE}" 2>&1 if [[ $(grep -E 'AccessDenied|UnauthorizedOperation|AuthorizationError' "${SSM_DOC_FILE}") ]]; then diff --git a/providers/aws/checks/support/check115 b/providers_old/aws/checks/support/check115 similarity index 100% rename from providers/aws/checks/support/check115 rename to providers_old/aws/checks/support/check115 diff --git a/providers/aws/checks/support/check117 b/providers_old/aws/checks/support/check117 similarity index 100% rename from providers/aws/checks/support/check117 rename to providers_old/aws/checks/support/check117 diff --git a/providers/aws/checks/support/check118 b/providers_old/aws/checks/support/check118 similarity index 100% rename from providers/aws/checks/support/check118 rename to providers_old/aws/checks/support/check118 diff --git a/providers/aws/checks/trustedadvisor/check_extra726 b/providers_old/aws/checks/trustedadvisor/check_extra726 similarity index 100% rename from providers/aws/checks/trustedadvisor/check_extra726 rename to providers_old/aws/checks/trustedadvisor/check_extra726 diff --git a/providers/aws/checks/vpc/check29 b/providers_old/aws/checks/vpc/check29 similarity index 100% rename from providers/aws/checks/vpc/check29 rename to providers_old/aws/checks/vpc/check29 diff --git a/providers/aws/checks/vpc/check311 b/providers_old/aws/checks/vpc/check311 similarity index 100% rename from providers/aws/checks/vpc/check311 rename to providers_old/aws/checks/vpc/check311 diff --git a/providers/aws/checks/vpc/check312 b/providers_old/aws/checks/vpc/check312 similarity index 100% rename from providers/aws/checks/vpc/check312 rename to providers_old/aws/checks/vpc/check312 diff --git a/providers/aws/checks/vpc/check313 b/providers_old/aws/checks/vpc/check313 similarity index 100% rename from providers/aws/checks/vpc/check313 rename to providers_old/aws/checks/vpc/check313 diff --git a/providers/aws/checks/vpc/check314 b/providers_old/aws/checks/vpc/check314 similarity index 100% rename from providers/aws/checks/vpc/check314 rename to providers_old/aws/checks/vpc/check314 diff --git a/providers/aws/checks/vpc/check44 b/providers_old/aws/checks/vpc/check44 similarity index 100% rename from providers/aws/checks/vpc/check44 rename to providers_old/aws/checks/vpc/check44 diff --git a/providers/aws/checks/vpc/check_extra789 b/providers_old/aws/checks/vpc/check_extra789 similarity index 100% rename from providers/aws/checks/vpc/check_extra789 rename to providers_old/aws/checks/vpc/check_extra789 diff --git a/providers/aws/checks/vpc/check_extra790 b/providers_old/aws/checks/vpc/check_extra790 similarity index 100% rename from providers/aws/checks/vpc/check_extra790 rename to providers_old/aws/checks/vpc/check_extra790 diff --git a/providers/aws/common/assume_role b/providers_old/aws/common/assume_role similarity index 97% rename from providers/aws/common/assume_role rename to providers_old/aws/common/assume_role index 66276b59..232cdf88 100644 --- a/providers/aws/common/assume_role +++ b/providers_old/aws/common/assume_role @@ -18,7 +18,7 @@ assume_role(){ # If profile is not defined, restore original credentials from environment variables, if they exists! restoreInitialAWSCredentials fi - + # Both variables are mandatory to be set together if [[ -z $ROLE_TO_ASSUME || -z $ACCOUNT_TO_ASSUME ]]; then echo "$OPTRED ERROR!$OPTNORMAL - Both Account ID (-A) and IAM Role to assume (-R) must be set" @@ -62,12 +62,12 @@ assume_role(){ EXITCODE=1 exit $EXITCODE fi - + # echo FILE WITH TEMP CREDS: $TEMP_STS_ASSUMED_FILE - + # The profile shouldn't be used for CLI PROFILE="" - PROFILE_OPT="" + PROFILE_OPT="" # Set AWS environment variables with assumed role credentials ASSUME_AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' "${TEMP_STS_ASSUMED_FILE}") @@ -92,11 +92,11 @@ cleanSTSAssumeFile() { } backupInitialAWSCredentials() { - if [[ $(printenv AWS_ACCESS_KEY_ID) && $(printenv AWS_SECRET_ACCESS_KEY) && $(printenv AWS_SESSION_TOKEN) ]]; then + if [[ $(printenv AWS_ACCESS_KEY_ID) && $(printenv AWS_SECRET_ACCESS_KEY) && $(printenv AWS_SESSION_TOKEN) ]]; then INITIAL_AWS_ACCESS_KEY_ID=$(printenv AWS_ACCESS_KEY_ID) INITIAL_AWS_SECRET_ACCESS_KEY=$(printenv AWS_SECRET_ACCESS_KEY) INITIAL_AWS_SESSION_TOKEN=$(printenv AWS_SESSION_TOKEN) - fi + fi } restoreInitialAWSCredentials() { diff --git a/providers/aws/common/aws_profile_loader b/providers_old/aws/common/aws_profile_loader similarity index 100% rename from providers/aws/common/aws_profile_loader rename to providers_old/aws/common/aws_profile_loader diff --git a/providers/aws/common/awscli_detector b/providers_old/aws/common/awscli_detector similarity index 100% rename from providers/aws/common/awscli_detector rename to providers_old/aws/common/awscli_detector diff --git a/providers/aws/common/check3x b/providers_old/aws/common/check3x similarity index 100% rename from providers/aws/common/check3x rename to providers_old/aws/common/check3x diff --git a/providers/aws/common/credentials_report b/providers_old/aws/common/credentials_report similarity index 100% rename from providers/aws/common/credentials_report rename to providers_old/aws/common/credentials_report diff --git a/providers/aws/common/organizations_metadata b/providers_old/aws/common/organizations_metadata similarity index 98% rename from providers/aws/common/organizations_metadata rename to providers_old/aws/common/organizations_metadata index bb51df83..6faff87f 100644 --- a/providers/aws/common/organizations_metadata +++ b/providers_old/aws/common/organizations_metadata @@ -15,7 +15,7 @@ # Prowler requires organizations:ListAccounts* and organizations:ListTagsForResource # in the management account in order to get that data. SecurityAudit managed policy includes them. -# Account Tags are in json format with comma, however they are converted to Base64 +# Account Tags are in json format with comma, however they are converted to Base64 # in order to avoid breaking the CSV or JSON. To use them a post-processor is needed. get_orgs_account_details(){ @@ -33,7 +33,7 @@ get_orgs_account_details(){ ACCOUNT_DETAILS_ARN=$(jq -r --arg ACCOUNT_ID "${ACCOUNT_NUM}" '.Accounts[] | select(.Status == "ACTIVE") | select(.Id == $ACCOUNT_ID) | "\(.Arn)"' <<< "${ACCOUNTS_DETAILS}") ACCOUNT_DETAILS_ORG=$(jq -r --arg ACCOUNT_ID "${ACCOUNT_NUM}" '.Accounts[] | select(.Status == "ACTIVE") | select(.Id == $ACCOUNT_ID) | "\(.Arn)"' <<< "${ACCOUNTS_DETAILS}" | awk -F/ '{ print $2 }') ACCOUNT_DETAILS_TAGS=$($AWSCLI $PROFILE_OPT --region "${REGION}" organizations list-tags-for-resource --resource-id "${MANAGEMENT_ACCOUNT_ID}" --output json | jq -c '. | @base64' 2>&1) - else + else # textFail "${regx}: Access Denied trying to list AWS Organization accounts. Prowler requires organizations:List*" "$regx" textInfo "Access Denied trying to list AWS Organization accounts. Prowler requires organizations:List*" exit 1 diff --git a/providers/aws/common/outputs_bucket b/providers_old/aws/common/outputs_bucket similarity index 94% rename from providers/aws/common/outputs_bucket rename to providers_old/aws/common/outputs_bucket index d6a433cd..5120927c 100644 --- a/providers/aws/common/outputs_bucket +++ b/providers_old/aws/common/outputs_bucket @@ -13,19 +13,19 @@ if [[ $OUTPUT_BUCKET ]]; then # output mode has to be set to other than text - if [[ "${MODES[*]}" =~ "text" ]]; then + if [[ "${MODES[*]}" =~ "text" ]]; then echo "$OPTRED ERROR!$OPTNORMAL - Mode (-M) can't be text when using custom output bucket. Use -h for help." exit 1 else # need to make sure last / is not set to avoid // in S3 - if [[ $OUTPUT_BUCKET == *"/" ]]; then + if [[ $OUTPUT_BUCKET == *"/" ]]; then OUTPUT_BUCKET=${OUTPUT_BUCKET::-1} fi - fi + fi fi copyToS3() { - # Prowler will copy each format to its own folder in S3, that is for better handling + # Prowler will copy each format to its own folder in S3, that is for better handling # and processing by Quicksight or others. # Also, check if -F was introduced if [ -n "${OUTPUT_FILE_NAME+x}" ]; then diff --git a/providers/aws/common/securityhub_integration b/providers_old/aws/common/securityhub_integration similarity index 99% rename from providers/aws/common/securityhub_integration rename to providers_old/aws/common/securityhub_integration index 7a380e75..184c7035 100644 --- a/providers/aws/common/securityhub_integration +++ b/providers_old/aws/common/securityhub_integration @@ -71,7 +71,7 @@ resolveSecurityHubPreviousFails(){ if [[ $SECURITY_HUB_PREVIOUS_FINDINGS != "[]" ]]; then FINDINGS_COUNT=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq '. | length') for i in $(seq 0 50 $FINDINGS_COUNT); - do + do BATCH_FINDINGS=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq -c '.['"$i:$i+50"']') BATCH_FINDINGS_COUNT=$(echo $BATCH_FINDINGS | jq '. | length') if [ "$BATCH_FINDINGS_COUNT" -gt 0 ]; then @@ -94,7 +94,7 @@ sendToSecurityHub(){ local finding_id=$(echo ${findings} | jq -r .Id ) SECURITYHUB_NEW_FINDINGS_IDS+=( "$finding_id" ) BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$region" $PROFILE_OPT batch-import-findings --findings "${findings}") - + # Check for success if imported if [[ -z "${BATCH_IMPORT_RESULT}" ]] || ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then echo -e "\n$RED ERROR!$NORMAL Failed to send check output to AWS Security Hub\n"