ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #62 from MrSecure/keep-cred-report

Browse Source 
Keep cred report
This commit is contained in:
Toni de la Fuente
2017-07-12 11:57:21 -04:00
committed by GitHub
parent fb420d13cc 2ddf31ca22
commit 2de0b5e6b0
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -113,6 +113,7 @@ USAGE:
-f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1) -f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1)
-m <maxitems> specify the maximum number of items to return for long-running requests (default: 100) -m <maxitems> specify the maximum number of items to return for long-running requests (default: 100)
-M <mode> output mode: text (defalut), mono, csv (separator is "|"; data is on stdout; progress on stderr) -M <mode> output mode: text (defalut), mono, csv (separator is "|"; data is on stdout; progress on stderr)
-k keep the credential report
-h this help -h this help
``` ```

21
prowler
View File

@@ -37,6 +37,7 @@ MAXITEMS=100
MONOCHROME=0 MONOCHROME=0
MODE="text" MODE="text"
SEP=',' SEP=','
KEEPCREDREPORT=0
# Command usage menu # Command usage menu
@@ -51,17 +52,21 @@ USAGE:
-f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1) -f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1)
-m <maxitems> specify the maximum number of items to return for long-running requests (default: 100) -m <maxitems> specify the maximum number of items to return for long-running requests (default: 100)
-M <mode> output mode: text (defalut), mono, csv (separator is \"${SEP}\"; data is on stdout; progress on stderr) -M <mode> output mode: text (defalut), mono, csv (separator is \"${SEP}\"; data is on stdout; progress on stderr)
-k keep the credential report
-h this help -h this help
" "
exit exit
} }
while getopts ":hp:r:c:f:m:M:" OPTION; do while getopts ":hkp:r:c:f:m:M:" OPTION; do
case $OPTION in case $OPTION in
h ) h )
usage usage
exit 1 exit 1
;; ;;
k )
KEEPCREDREPORT=1
;;
p ) p )
PROFILE=$OPTARG PROFILE=$OPTARG
;; ;;
@@ -384,17 +389,23 @@ genCredReport() {
# Save report to a file, decode it, deletion at finish and after every single check, acb stands for AWS CIS Benchmark # Save report to a file, decode it, deletion at finish and after every single check, acb stands for AWS CIS Benchmark
saveReport(){ saveReport(){
TEMP_REPORT_FILE=$(mktemp -t prowler-XXXXX.cred_report ) TEMP_REPORT_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-XXXXX.cred_report )
$AWSCLI iam get-credential-report --query 'Content' --output text --profile $PROFILE --region $REGION | decode_report > $TEMP_REPORT_FILE $AWSCLI iam get-credential-report --query 'Content' --output text --profile $PROFILE --region $REGION | decode_report > $TEMP_REPORT_FILE
if [[ $KEEPCREDREPORT -eq 1 ]]; then
textTitle "0.2" "Saving IAM Credential Report ..."
textNotice "IAM Credential Report saved in $TEMP_REPORT_FILE"
fi
} }
# Delete temporary report file # Delete temporary report file
cleanTemp(){ cleanTemp(){
rm -fr $TEMP_REPORT_FILE if [[ $KEEPCREDREPORT -ne 1 ]]; then
rm -fr $TEMP_REPORT_FILE
fi
} }
# Delete the temporary report file if we get interrupted/terminated # Delete the temporary report file if we get interrupted/terminated
trap cleanTemp SIGHUP SIGINT SIGTERM trap cleanTemp EXIT
# Get a list of all available AWS Regions # Get a list of all available AWS Regions
REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \ REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
@@ -714,7 +725,7 @@ check118(){
# find attached policies in found roles # find attached policies in found roles
ATTACHEDPOLICIES=$($AWSCLI iam list-attached-role-policies --role-name $role --profile $PROFILE --region $REGION --query "AttachedPolicies[*]" --output text) ATTACHEDPOLICIES=$($AWSCLI iam list-attached-role-policies --role-name $role --profile $PROFILE --region $REGION --query "AttachedPolicies[*]" --output text)
for policy in $ATTACHEDPOLICIES;do for policy in $ATTACHEDPOLICIES;do
text-notice "$AWSCLI iam get-role-policy --role-name $role --policy-name $policy --profile $PROFILE --region $REGION" textNotice "$AWSCLI iam get-role-policy --role-name $role --policy-name $policy --profile $PROFILE --region $REGION"
done done
done done
else else