Merge pull request #297 from toniblyx/devel

Devel

README.md

@@ -199,6 +199,8 @@ This script has been written in bash using AWS-CLI and it works in Linux and OSX
         -e                  exclude group extras
         -E                  execute all tests except a list of specified checks separated by comma (i.e. check21,check31)
         -b                  do not print Prowler banner
+        -V                  show version number & exit
+        -s                  show scoring report
         -h                  this help
     ```
 

checks/check_extra741

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra741="7.41"
+CHECK_TITLE_extra741="[extra741] Find keys in EC2 UserData (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra741="NOT_SCORED"
+CHECK_TYPE_extra741="EXTRA"
+CHECK_ALTERNATE_check741="extra741"
+
+extra741(){
+  textInfo "Looking for keys in EC2 User Data all regions... (max 100 instances per region, use -m to increase it)  "
+  for regx in $REGIONS; do
+    LIST_OF_EC2_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query Reservations[*].Instances[*].InstanceId --output text --max-items $MAXITEMS | grep -v None)
+    if [[ $LIST_OF_EC2_INSTANCES ]];then
+      for instance in $LIST_OF_EC2_INSTANCES; do
+        USERDATA_FILE=$instance-userdata.decoded
+        USERDATA=$($AWSCLI ec2 describe-instance-attribute --attribute userData --query UserData.Value $PROFILE_OPT --region $regx --instance-id $instance --output text | decode_report > $USERDATA_FILE)
+        if [ -s $USERDATA_FILE ];then
+          FILE_FORMAT_ASCII=$(file -b $USERDATA_FILE|grep ASCII)
+          FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE|wc -l|tr -d '\ ')
+          if [[ $FILE_FORMAT_ASCII ]]; then
+            if [[ $FINDINGS -eq 0 ]]; then
+              textPass "$regx: Nothing found in $instance" "$regx"
+              # delete file if nothing interesting is there
+              rm -f $USERDATA_FILE
+            else
+              textFail "$regx: Found $FINDINGS keys in $instance! Check file $USERDATA_FILE" "$regx"
+            fi
+          else
+            mv $USERDATA_FILE $USERDATA_FILE.gz ; gunzip $USERDATA_FILE.gz
+            if [[ $FINDINGS -eq 0 ]]; then
+              textPass "$regx: Nothing found in $instance" "$regx"
+              rm -f $USERDATA_FILE.gz
+            else
+              textFail "$regx: Found $FINDINGS keys in $instance! Check file $USERDATA_FILE" "$regx"
+            fi
+          fi
+        else
+          textPass "$regx: $instance nothing found" "$regx"
+        fi
+      done
+    else
+      textInfo "$regx: No EC2 instances found" "$regx"
+    fi
+  done
+}

groups/group7_extras

@@ -15,4 +15,4 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - [extras] **********************************************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741'

include/outputs

@@ -13,6 +13,7 @@
 
 # Output formatting functions
 textPass(){
+  PASS_COUNTER=$((PASS_COUNTER+1))
   if [[ "$MODE" == "csv" ]]; then
     if [[ $2 ]]; then
       REPREGION=$2
@@ -95,6 +96,7 @@ textInfo(){
 }
 
 textFail(){
+  FAIL_COUNTER=$((FAIL_COUNTER+1))
   EXITCODE=3
   if [[ "$MODE" == "csv" ]]; then
     if [[ $2 ]]; then
@@ -137,6 +139,7 @@ textFail(){
 }
 
 textTitle(){
+  CHECKS_COUNTER=$((CHECKS_COUNTER+1))
   TITLE_ID=$1
   if [[ $NUMERAL ]]; then
     TITLE_ID=$(echo $TITLE_ID | cut -d, -f2)

include/scoring

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+# Scoring POC
+scoring(){
+  if [[ $SCORING == "1" ]]; then
+    if [[ ! $PASS_COUNTER ]]; then
+      PASS_COUNTER=0
+    fi
+    if [[ ! $FAIL_COUNTER ]]; then
+      FAIL_COUNTER=0
+    fi
+
+    # TOTAL_RESOURCES=$(awk "BEGIN {print $FAIL_COUNTER+$PASS_COUNTER; exit}")
+    TOTAL_RESOURCES=$(($FAIL_COUNTER + $PASS_COUNTER))
+    # Score is % of passed compared to failures. The higher score, the better
+    PROWLER_SCORE=$(( $PASS_COUNTER * 100 / $TOTAL_RESOURCES ))
+
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e "$CYAN                          _"
+    echo -e "  _ __  _ __ _____      _| | ___ _ __"
+    echo -e " | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|"
+    echo -e " | |_) | | | (_) \ V  V /| |  __/ |"
+    echo -e " | .__/|_|  \___/ \_/\_/ |_|\___|_|v$PROWLER_VERSION"
+    echo -e " |_|$NORMAL$BLUE the handy cloud security tool$NORMAL\n"
+    echo -e "$YELLOW Date: $(date)"
+    echo -e "\n$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e " Security Assessment Summary Report for AWS Account: $ACCOUNT_NUM $NORMAL"
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e " Your Prowler Score* is = $PROWLER_SCORE $NORMAL "
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e "$BAD FAIL$NORMAL =$BAD $FAIL_COUNTER $NORMAL"
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e "$OK PASS$NORMAL =$OK $PASS_COUNTER $NORMAL"
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e " Total Resources Reviewed =$NOTICE $TOTAL_RESOURCES $NORMAL"
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e " Checks Performed =$NOTICE $CHECKS_COUNTER $NORMAL"
+    echo -e "$BLUE------------------------------------------------------------------ $NORMAL"
+    echo -e " * the highest the better (0 to 100)$NORMAL"
+    echo -e " Prowler scoring uses any check, including CIS not scored checks$NORMAL"
+  fi
+}

prowler

@@ -32,7 +32,7 @@ OPTRED=""
 OPTNORMAL=""
 
 # Set the defaults variables
-PROWLER_VERSION=2.0
+PROWLER_VERSION=2.0.1-devel
 PROWLER_DIR=$(dirname "$0")
 
 REGION=""
@@ -73,12 +73,13 @@ USAGE:
       -E                  execute all tests except a list of specified checks separated by comma (i.e. check21,check31)
       -b                  do not print Prowler banner
       -V                  show version number & exit
+      -s                  show scoring report
       -h                  this help
   "
   exit
 }
 
-while getopts ":hlLkp:r:c:g:f:m:M:E:enbV" OPTION; do
+while getopts ":hlLkp:r:c:g:f:m:M:E:enbVs" OPTION; do
    case $OPTION in
      h )
         usage
@@ -132,6 +133,9 @@ while getopts ":hlLkp:r:c:g:f:m:M:E:enbV" OPTION; do
         EXITCODE=0
         exit $EXITCODE
         ;;
+     s )
+        SCORING=1
+        ;;
      : )
         echo ""
         echo "$OPTRED ERROR!$OPTNORMAL  -$OPTARG requires an argument"
@@ -158,6 +162,7 @@ done
 . $PROWLER_DIR/include/banner
 . $PROWLER_DIR/include/whoami
 . $PROWLER_DIR/include/credentials_report
+. $PROWLER_DIR/include/scoring
 
 # Get a list of all available AWS Regions
 REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
@@ -369,6 +374,7 @@ if [[ $GROUP_ID_READ ]];then
     fi
     execute_group_by_id $GROUP_ID_READ
     cleanTemp
+    scoring
     exit $EXITCODE
   else
     textFail "Use a valid check group ID i.e.: group1, extras, forensics-ready, etc."
@@ -378,5 +384,6 @@ if [[ $GROUP_ID_READ ]];then
 fi
 
 execute_all
+scoring
 cleanTemp
 exit $EXITCODE