mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
Toni de la Fuente
@@ -25,6 +25,6 @@ extra733(){
|
||||
textInfo "SAML Provider $PROVIDER_NAME has been found"
|
||||
done
|
||||
else
|
||||
textFail "No SAML Provider found, add one and use STS"
|
||||
textInfo "No SAML Provider found, add one and use STS"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ extra741(){
|
||||
# This finds ftp or http URLs with credentials and common keywords
|
||||
FINDINGS=$(egrep -i '[[:alpha:]]*://[[:alnum:]]*:[[:alnum:]]*@.*/|key|secret|token|pass' $USERDATA_FILE |wc -l|tr -d '\ ')
|
||||
if [[ $FILE_FORMAT_ASCII ]]; then
|
||||
if [[ $FINDINGS -eq 0 ]]; then
|
||||
if [[ $FINDINGS -eq "0" ]]; then
|
||||
textPass "$regx: No keys found in $instance" "$regx"
|
||||
# delete file if nothing interesting is there
|
||||
rm -f $USERDATA_FILE
|
||||
|
||||
47
checks/check_extra742
Normal file
47
checks/check_extra742
Normal file
@@ -0,0 +1,47 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy
|
||||
# of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software distributed
|
||||
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra742="7.42"
|
||||
CHECK_TITLE_extra742="[extra742] Find keys in CloudFormation outputs (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra742="NOT_SCORED"
|
||||
CHECK_TYPE_extra742="EXTRA"
|
||||
CHECK_ALTERNATE_check742="extra742"
|
||||
|
||||
extra742(){
|
||||
textInfo "Looking for keys in CloudFormation output across all regions... "
|
||||
for regx in $REGIONS; do
|
||||
LIST_OF_CFN_STACKS=$($AWSCLI cloudformation describe-stacks $PROFILE_OPT --region $regx --query Stacks[*].[StackName] --output text)
|
||||
if [[ $LIST_OF_CFN_STACKS ]];then
|
||||
for stack in $LIST_OF_CFN_STACKS; do
|
||||
OUTPUTS_FILE=$stack-$regx-output.txt
|
||||
OUTPUTS=$($AWSCLI $PROFILE_OPT --region $regx cloudformation describe-stacks --query "Stacks[?StackName==\`$stack\`].Outputs[*].[OutputKey,OutputValue]" --output text > $OUTPUTS_FILE)
|
||||
if [ -s $OUTPUTS ];then
|
||||
#FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE | grep -i -e key -e secret -e token -e pass - |wc -l|tr -d '\ ')
|
||||
#FINDINGS=$(grep -i -e key -e secret -e token -e pass $USERDATA_FILE |wc -l|tr -d '\ ')
|
||||
# This finds ftp or http URLs with credentials and common keywords
|
||||
FINDINGS=$(egrep -i '[[:alpha:]]*://[[:alnum:]]*:[[:alnum:]]*@.*/|key|secret|token|pass' $OUTPUTS_FILE |wc -l|tr -d '\ ')
|
||||
if [[ $FINDINGS -eq "0" ]]; then
|
||||
textPass "$regx: No keys found in Stack $stack" "$regx"
|
||||
# delete file if nothing interesting is there
|
||||
rm -f $OUTPUTS_FILE
|
||||
else
|
||||
textFail "$regx: Found $FINDINGS keys in $stack! Check file $OUTPUTS_FILE" "$regx"
|
||||
fi
|
||||
else
|
||||
textPass "$regx: Stack $stack has not Outputs" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No CloudFormation stacks found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
@@ -15,7 +15,7 @@ GROUP_ID[10]='hipaa'
|
||||
GROUP_NUMBER[10]='10.0'
|
||||
GROUP_TITLE[10]='HIPAA Compliance - ONLY AS REFERENCE - [hipaa] ****************'
|
||||
GROUP_RUN_BY_DEFAULT[10]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra739,extra729,extra734,check38,extra73,extra740,extra735'
|
||||
GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra717,extra729,extra734,check38,extra73,extra740,extra735'
|
||||
|
||||
# Resources:
|
||||
# https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf
|
||||
|
||||
22
groups/group11_keys
Normal file
22
groups/group11_keys
Normal file
@@ -0,0 +1,22 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy
|
||||
# of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software distributed
|
||||
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
|
||||
GROUP_ID[11]='keys'
|
||||
GROUP_NUMBER[11]='11.0'
|
||||
GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [keys] ****************'
|
||||
GROUP_RUN_BY_DEFAULT[11]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[11]='extra741,extra742'
|
||||
|
||||
# Initially:
|
||||
# - EC2 UserData
|
||||
# - CloudFormation Outputs
|
||||
@@ -15,4 +15,4 @@ GROUP_ID[7]='extras'
|
||||
GROUP_NUMBER[7]='7.0'
|
||||
GROUP_TITLE[7]='Extras - [extras] **********************************************'
|
||||
GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
|
||||
GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741'
|
||||
GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra740,extra741'
|
||||
|
||||
@@ -15,4 +15,4 @@ GROUP_ID[8]='forensics-ready'
|
||||
GROUP_NUMBER[8]='8.0'
|
||||
GROUP_TITLE[8]='Forensics Readiness - [forensics-ready] ************************'
|
||||
GROUP_RUN_BY_DEFAULT[8]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[8]='check21,check22,check23,check24,check25,check26,check27,check29,extra712,extra713,extra714,extra715,extra717,extra718,extra719,extra720,extra721,extra722,extra725,extra739'
|
||||
GROUP_CHECKS[8]='check21,check22,check23,check24,check25,check26,check27,check29,extra712,extra713,extra714,extra715,extra717,extra718,extra719,extra720,extra721,extra722,extra725'
|
||||
|
||||
@@ -15,7 +15,7 @@ GROUP_ID[9]='gdpr'
|
||||
GROUP_NUMBER[9]='9.0'
|
||||
GROUP_TITLE[9]='GDPR Readiness - ONLY AS REFERENCE - [gdpr] ********************'
|
||||
GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738,extra739,extra740'
|
||||
GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738,extra740'
|
||||
|
||||
# Resources:
|
||||
# https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
|
||||
|
||||
# Functions to manage dates depending on OS
|
||||
if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then
|
||||
if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ] || ["$OSTYPE" == "freebsd" ]; then
|
||||
TEMP_REPORT_FILE=$(mktemp -t -p /tmp prowler.cred_report-XXXXXX)
|
||||
# function to compare in days, usage how_older_from_today date
|
||||
# date format %Y-%m-%d
|
||||
|
||||
@@ -1,4 +1,15 @@
|
||||
FROM python
|
||||
MAINTAINER Steve Neuharth <steve@aethereal.io>
|
||||
RUN apt-get update && apt-get upgrade -y && pip install awscli ansi2html
|
||||
ADD prowler* /usr/local/bin/
|
||||
FROM alpine:3.9
|
||||
|
||||
ARG USERNAME=prowler
|
||||
ARG USERID=34000
|
||||
|
||||
RUN addgroup -g ${USERID} ${USERNAME} && \
|
||||
adduser -s /bin/sh -G ${USERNAME} -D -u ${USERID} ${USERNAME} && \
|
||||
apk --update --no-cache add python3 bash curl git jq && \
|
||||
pip3 install --upgrade pip && \
|
||||
pip install awscli ansi2html boto3 &&\
|
||||
git clone https://github.com/toniblyx/prowler/
|
||||
|
||||
USER ${USERNAME}
|
||||
|
||||
ENTRYPOINT ["/prowler/prowler"]
|
||||
Reference in New Issue
Block a user