ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added check extra714 CloudFront logging

Browse Source
This commit is contained in:
Toni de la Fuente
2018-02-07 23:49:26 -05:00
parent b92ba781ba
commit 3665d64f2b
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -583,7 +583,7 @@ We are adding additional checks to improve the information gather from each acco
Note: Some of these checks for publicly facing resources may not actually be fully public due to other layered controls like S3 Bucket Policies, Security Groups or Network ACLs. Note: Some of these checks for publicly facing resources may not actually be fully public due to other layered controls like S3 Bucket Policies, Security Groups or Network ACLs.
At this moment we have 11 extra checks: At this moment we have 14 extra checks:
- 7.1 (`extra71`) Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark) - 7.1 (`extra71`) Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)
- 7.2 (`extra72`) Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark) - 7.2 (`extra72`) Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)
@@ -597,7 +597,8 @@ At this moment we have 11 extra checks:
- 7.10 (`extra710`) Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark) - 7.10 (`extra710`) Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)
- 7.11 (`extra711`) Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark) - 7.11 (`extra711`) Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)
- 7.12 (`extra712`) Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark) - 7.12 (`extra712`) Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)
- 7.13 (`extra713`) Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)
- 7.14 (`extra714`) Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
To check all extras in one command: To check all extras in one command:
``` ```
@@ -621,6 +622,7 @@ With this group of checks, Prowler looks if each service with logging or audit c
- 4.3 Ensure VPC Flow Logging is Enabled in all VPCs (Scored) - 4.3 Ensure VPC Flow Logging is Enabled in all VPCs (Scored)
- 7.12 Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark) - 7.12 Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)
- 7.13 Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark) - 7.13 Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)
- 7.14 Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
The `forensics-ready` group of checks uses existing and extra checks. To get a forensics readiness report, run this command: The `forensics-ready` group of checks uses existing and extra checks. To get a forensics readiness report, run this command:
``` ```

29
prowler
View File

@@ -494,6 +494,8 @@ ID712="7.12,7.12"
TITLE712="Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)" TITLE712="Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
ID713="7.13,7.13" ID713="7.13,7.13"
TITLE713="Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)" TITLE713="Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
ID714="7.14,7.14"
TITLE714="Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
printCsvHeader() { printCsvHeader() {
>&2 echo "" >&2 echo ""
@@ -1890,6 +1892,26 @@ extra713(){
done done
} }
extra714(){
# "Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
textTitle "$ID714" "$TITLE714" "NOT_SCORED" "EXTRA"
for regx in $REGIONS; do
LIST_OF_DISTRIBUTIONS=$($AWSCLI cloudfront list-distributions $PROFILE_OPT --region $regx --query 'DistributionList.Items[].Id' --output text |grep -v "^None")
if [[ $LIST_OF_DISTRIBUTIONS ]]; then
for cdn in $LIST_OF_DISTRIBUTIONS;do
CDN_LOG_ENABLED=$($AWSCLI cloudfront get-distribution $PROFILE_OPT --region $regx --id "$cdn" --query 'Distribution.DistributionConfig.Logging.Enabled' | grep true)
if [[ $CDN_LOG_ENABLED ]];then
textOK "$regx: CDN $cdn logging enabled" "$regx"
else
textWarn "$regx: CDN $cdn logging disabled!" "$regx"
fi
done
else
textOK "$regx: CDN not configured" "$regx"
fi
done
}
callCheck(){ callCheck(){
if [[ $CHECKNUMBER ]];then if [[ $CHECKNUMBER ]];then
case "$CHECKNUMBER" in case "$CHECKNUMBER" in
@@ -1958,6 +1980,7 @@ callCheck(){
extra711|extra711 ) extra711;; extra711|extra711 ) extra711;;
extra712|extra712 ) extra712;; extra712|extra712 ) extra712;;
extra713|extra713 ) extra713;; extra713|extra713 ) extra713;;
extra714|extra714 ) extra714;;
## Groups of Checks ## Groups of Checks
check1 ) check1 )
@@ -1994,12 +2017,12 @@ callCheck(){
;; ;;
extras ) extras )
extra71;extra72;extra73;extra74;extra75;extra76;extra77;extra78; extra71;extra72;extra73;extra74;extra75;extra76;extra77;extra78;
extra79;extra710;extra711;extra712;extra713 extra79;extra710;extra711;extra712;extra713;extra714
;; ;;
forensics-ready ) forensics-ready )
check21;check22;check23;check24;check25;check26;check27; check21;check22;check23;check24;check25;check26;check27;
check43; check43;
extra712;extra713 extra712;extra713;extra714
;; ;;
* ) * )
textWarn "ERROR! Use a valid check name (i.e. check41 or extra71)\n"; textWarn "ERROR! Use a valid check name (i.e. check41 or extra71)\n";
@@ -2083,6 +2106,7 @@ if [[ $PRINTCHECKSONLY == "1" ]]; then
textTitle "$ID711" "$TITLE711" "NOT_SCORED" "EXTRA" textTitle "$ID711" "$TITLE711" "NOT_SCORED" "EXTRA"
textTitle "$ID712" "$TITLE712" "NOT_SCORED" "EXTRA" textTitle "$ID712" "$TITLE712" "NOT_SCORED" "EXTRA"
textTitle "$ID713" "$TITLE713" "NOT_SCORED" "EXTRA" textTitle "$ID713" "$TITLE713" "NOT_SCORED" "EXTRA"
textTitle "$ID714" "$TITLE713" "NOT_SCORED" "EXTRA"
exit $EXITCODE exit $EXITCODE
fi fi
@@ -2172,6 +2196,7 @@ extra710
extra711 extra711
extra712 extra712
extra713 extra713
extra714
cleanTemp cleanTemp
exit $EXITCODE exit $EXITCODE