From 1419d4887aab3a8f7beeddeff7ec3ba7a22b70c0 Mon Sep 17 00:00:00 2001 From: Huang Yaming Date: Fri, 27 Mar 2020 14:49:52 +0800 Subject: [PATCH 1/2] Ignore imported ACM Certificate in check_extra724 --- checks/check_extra724 | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/checks/check_extra724 b/checks/check_extra724 index 068a07d2..bb750855 100644 --- a/checks/check_extra724 +++ b/checks/check_extra724 @@ -24,10 +24,16 @@ extra724(){ for cert_arn in $LIST_OF_CERTS;do CT_ENABLED=$($AWSCLI acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Options.CertificateTransparencyLoggingPreference --output text) CERT_DOMAIN_NAME=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.DomainName --output text) - if [[ $CT_ENABLED == "ENABLED" ]];then - textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx" + CERT_TYPE=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Type --output text) + if [[ $CERT_TYPE == "IMPORTED" ]];then + # Ignore imported certificate + textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx" else - textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx" + if [[ $CT_ENABLED == "ENABLED" ]];then + textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx" + else + textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx" + fi fi done else From 059c701923553a43a552c22b53712a12e3de9117 Mon Sep 17 00:00:00 2001 From: dhirajdatar Date: Tue, 31 Mar 2020 16:46:38 +0530 Subject: [PATCH 2/2] Update README.md --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index bc1a3fa1..e0c5d0e5 100644 --- a/README.md +++ b/README.md @@ -369,6 +369,13 @@ or to run just one of the checks: ./prowler -c extraNUMBER ``` +or to run multiple extras in one go: + +```sh +./prowler -c extraNumber,extraNumber +``` + + ## Forensics Ready Checks With this group of checks, Prowler looks if each service with logging or audit capabilities has them enabled to ensure all needed evidences are recorded and collected for an eventual digital forensic investigation in case of incident. List of checks part of this group (you can also see all groups with `./prowler -L`). The list of checks can be seen in the group file at: