From 2bc3575de8286f64d008c67896e0ee5948faad35 Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Mon, 4 Mar 2019 22:25:04 -0500 Subject: [PATCH] Improved extra714 to find secrets --- checks/check_extra741 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/checks/check_extra741 b/checks/check_extra741 index dbd66930..0618276e 100644 --- a/checks/check_extra741 +++ b/checks/check_extra741 @@ -17,7 +17,7 @@ CHECK_TYPE_extra741="EXTRA" CHECK_ALTERNATE_check741="extra741" extra741(){ - textInfo "Looking for keys in EC2 User Data all regions... (max 100 instances per region, use -m to increase it) " + textInfo "Looking for keys in EC2 User Data in instances across all regions... (max 100 instances per region, use -m to increase it) " for regx in $REGIONS; do LIST_OF_EC2_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query Reservations[*].Instances[*].InstanceId --output text --max-items $MAXITEMS | grep -v None) if [[ $LIST_OF_EC2_INSTANCES ]];then @@ -26,7 +26,8 @@ extra741(){ USERDATA=$($AWSCLI ec2 describe-instance-attribute --attribute userData --query UserData.Value $PROFILE_OPT --region $regx --instance-id $instance --output text | decode_report > $USERDATA_FILE) if [ -s $USERDATA_FILE ];then FILE_FORMAT_ASCII=$(file -b $USERDATA_FILE|grep ASCII) - FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE|wc -l|tr -d '\ ') + #FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE | grep -i -e key -e secret -e token -e pass - |wc -l|tr -d '\ ') + FINDINGS=$(grep -i -e key -e secret -e token -e pass $USERDATA_FILE |wc -l|tr -d '\ ') if [[ $FILE_FORMAT_ASCII ]]; then if [[ $FINDINGS -eq 0 ]]; then textPass "$regx: Nothing found in $instance" "$regx"