ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ec2 ebs/instance checks): unify checks logic (#2795)

Browse Source
This commit is contained in:
Nacho Rivera
2023-08-31 11:55:10 +02:00
committed by GitHub
parent 2891bc0b96
commit 38a7dc1a93
5 changed files with 22 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
prowler/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.py
View File

@@ -10,16 +10,14 @@ class ec2_ebs_public_snapshot(Check):
report.region = snapshot.region
report.resource_arn = snapshot.arn
report.resource_tags = snapshot.tags
if not snapshot.public:
report.status = "PASS"
report.status_extended = f"EBS Snapshot {snapshot.id} is not Public."
report.resource_id = snapshot.id
else:
report.status = "PASS"
report.status_extended = f"EBS Snapshot {snapshot.id} is not Public."
report.resource_id = snapshot.id
if snapshot.public:
report.status = "FAIL"
report.status_extended = (
f"EBS Snapshot {snapshot.id} is currently Public."
)
report.resource_id = snapshot.id
findings.append(report)
return findings

9
prowler/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.py
View File

@@ -10,11 +10,10 @@ class ec2_ebs_snapshots_encrypted(Check):
report.region = snapshot.region
report.resource_arn = snapshot.arn
report.resource_tags = snapshot.tags
if snapshot.encrypted:
report.status = "PASS"
report.status_extended = f"EBS Snapshot {snapshot.id} is encrypted."
report.resource_id = snapshot.id
else:
report.status = "PASS"
report.status_extended = f"EBS Snapshot {snapshot.id} is encrypted."
report.resource_id = snapshot.id
if not snapshot.encrypted:
report.status = "FAIL"
report.status_extended = f"EBS Snapshot {snapshot.id} is unencrypted."
report.resource_id = snapshot.id

7
prowler/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption.py
View File

@@ -11,10 +11,9 @@ class ec2_ebs_volume_encryption(Check):
report.resource_id = volume.id
report.resource_arn = volume.arn
report.resource_tags = volume.tags
if volume.encrypted:
report.status = "PASS"
report.status_extended = f"EBS Snapshot {volume.id} is encrypted."
else:
report.status = "PASS"
report.status_extended = f"EBS Snapshot {volume.id} is encrypted."
if not volume.encrypted:
report.status = "FAIL"
report.status_extended = f"EBS Snapshot {volume.id} is unencrypted."
findings.append(report)

12
prowler/providers/aws/services/ec2/ec2_instance_managed_by_ssm/ec2_instance_managed_by_ssm.py
View File

@@ -12,18 +12,16 @@ class ec2_instance_managed_by_ssm(Check):
report.region = instance.region
report.resource_arn = instance.arn
report.resource_tags = instance.tags
report.status = "PASS"
report.status_extended = (
f"EC2 Instance {instance.id} is managed by Systems Manager."
)
report.resource_id = instance.id
if not ssm_client.managed_instances.get(instance.id):
report.status = "FAIL"
report.status_extended = (
f"EC2 Instance {instance.id} is not managed by Systems Manager."
)
report.resource_id = instance.id
else:
report.status = "PASS"
report.status_extended = (
f"EC2 Instance {instance.id} is managed by Systems Manager."
)
report.resource_id = instance.id
findings.append(report)
return findings

12
prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py
View File

@@ -11,16 +11,16 @@ class ec2_instance_public_ip(Check):
report.region = instance.region
report.resource_arn = instance.arn
report.resource_tags = instance.tags
report.status = "PASS"
report.status_extended = (
f"EC2 Instance {instance.id} does not have a Public IP."
)
report.resource_id = instance.id
if instance.public_ip:
report.status = "FAIL"
report.status_extended = f"EC2 Instance {instance.id} has a Public IP: {instance.public_ip} ({instance.public_dns})."
report.resource_id = instance.id
else:
report.status = "PASS"
report.status_extended = (
f"EC2 Instance {instance.id} does not have a Public IP."
)
report.resource_id = instance.id
findings.append(report)
return findings