ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(CIS): Compliance for CIS AWS 1.4 and 1.5 (#1509)

Browse Source
This commit is contained in:
Toni de la Fuente
2022-11-21 11:30:21 +01:00
committed by GitHub
parent 52a3e990c6
commit 25d92ca4b0
4 changed files with 2604 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.pre-commit-config.yaml
View File

@@ -11,8 +11,7 @@ repos:
- id: trailing-whitespace
- id: no-commit-to-branch
- id: pretty-format-json
args: ['--autofix']
exclude: .metadata.json
args: ['--autofix', --no-sort-keys, --no-ensure-ascii]
## BASH
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.8.0

1228
compliance/cis_1.4_aws.json Normal file
View File

File diff suppressed because it is too large Load Diff

1335
compliance/cis_1.5_aws.json Normal file
View File

File diff suppressed because it is too large Load Diff

40
util/generate_compliance_json_from_csv_for_cis15.py Normal file
View File

@@ -0,0 +1,40 @@
import csv
import json
import sys
# Convert a CSV file following the CIS 1.5 AWS benchmark into a Prowler v3.0 Compliance JSON file
# CSV fields:
# Id, Title,Checks,Attributes_Section,Attributes_Level,Attributes_AssessmentStatus,Attributes_Description,Attributes_RationalStatement,Attributes_ImpactStatement,Attributes_RemediationProcedure,Attributes_AuditProcedure,Attributes_AdditionalInformation,Attributes_References
# get the CSV filename to convert from
file_name = sys.argv[1]
# read the CSV file rows and use the column fields to form the Prowler compliance JSON file 'ens_rd2022_aws.json'
output = {"Framework": "CIS-AWS", "Version": "1.5", "Requirements": []}
with open(file_name, newline="", encoding="utf-8") as f:
reader = csv.reader(f, delimiter=",")
for row in reader:
attribute = {
"Section": row[3],
"Profile": row[4],
"AssessmentStatus": row[5],
"Description": row[6],
"RationaleStatement": row[7],
"ImpactStatement": row[8],
"RemediationProcedure": row[9],
"AuditProcedure": row[10],
"AdditionalInformation": row[11],
"References": row[12],
}
output["Requirements"].append(
{
"Id": row[0],
"Description": row[1],
"Checks": list(map(str.strip, row[2].split(","))),
"Attributes": [attribute],
}
)
# Write the output Prowler compliance JSON file 'cis_1.5_aws.json' locally
with open("cis_1.5_aws.json", "w", encoding="utf-8") as outfile:
json.dump(output, outfile, indent=4, ensure_ascii=False)