ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure check28 only looks at symmetric keys

Browse Source
This commit is contained in:
Toni de la Fuente
2021-02-22 23:15:06 +01:00
parent f94bf38bdc
commit 2883de016e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
checks/check28
View File

@@ -29,7 +29,7 @@ check28(){
if [[ $CHECK_KMS_KEYLIST ]]; then
cmk_count=0
for key in $CHECK_KMS_KEYLIST; do
KMSDETAILS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.{key:KeyId,man:KeyManager,origin:Origin,state:KeyState}' --output text 2>&1)
KMSDETAILS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.{key:KeyId,man:KeyManager,origin:Origin,spec:CustomerMasterKeySpec,state:KeyState}' --output text 2>&1 | grep SYMMETRIC)
if [[ $(echo "$KMSDETAILS" | grep AccessDenied) ]]; then
textFail "$regx: Key $key Access Denied describing key"
continue
@@ -38,7 +38,7 @@ check28(){
KEYID=$(echo $KMSDETAILS | awk '{print $1}')
KEYMANAGER=$(echo $KMSDETAILS | awk '{print $2}')
KEYORIGIN=$(echo $KMSDETAILS | awk '{print $3}')
KEYSTATE=$(echo $KMSDETAILS | awk '{print $4}')
KEYSTATE=$(echo $KMSDETAILS | awk '{print $5}')
if [[ "$KEYMANAGER" == "AWS" ]]; then
continue