mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
Changed how color codes are shown in text mode
This commit is contained in:
Toni de la Fuente
@@ -67,7 +67,10 @@ fi
|
||||
|
||||
printColorsCode(){
|
||||
if [[ $MONOCHROME -eq 0 ]]; then
|
||||
echo -e "\n$NORMAL Colors code for results: "
|
||||
echo -e "$NOTICE INFO (Information)$NORMAL,$OK PASS (Recommended value)$NORMAL, $WARNING WARNING (Ignored by whitelist)$NORMAL, $BAD FAIL (Fix required)$NORMAL, $PURPLE Not Scored $NORMAL"
|
||||
echo -e "\n$NORMAL Color code for results: "
|
||||
echo -e " - $NOTICE INFO (Information)$NORMAL"
|
||||
echo -e " - $OK PASS (Recommended value)$NORMAL"
|
||||
echo -e " - $WARNING WARNING (Ignored by whitelist)$NORMAL"
|
||||
echo -e " - $BAD FAIL (Fix required)$NORMAL"
|
||||
fi
|
||||
}
|
||||
|
||||
307
util/dashboard/index.html
Normal file
307
util/dashboard/index.html
Normal file
@@ -0,0 +1,307 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Bootstrap 5 Simple Admin Dashboard</title>
|
||||
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha1/css/bootstrap.min.css" integrity="sha384-r4NyP46KrjDleawBgD5tp8Y7UzmLA05oM1iAEQ17CSuDqnUK2+k9luXQOfXJCJ4I" crossorigin="anonymous">
|
||||
<link rel="stylesheet" href="https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.css">
|
||||
<style>
|
||||
.sidebar {
|
||||
position: fixed;
|
||||
top: 0;
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
z-index: 100;
|
||||
padding: 90px 0 0;
|
||||
box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1);
|
||||
z-index: 99;
|
||||
}
|
||||
|
||||
@media (max-width: 767.98px) {
|
||||
.sidebar {
|
||||
top: 11.5rem;
|
||||
padding: 0;
|
||||
}
|
||||
}
|
||||
|
||||
.navbar {
|
||||
box-shadow: inset 0 -1px 0 rgba(0, 0, 0, .1);
|
||||
}
|
||||
|
||||
@media (min-width: 767.98px) {
|
||||
.navbar {
|
||||
top: 0;
|
||||
position: sticky;
|
||||
z-index: 999;
|
||||
}
|
||||
}
|
||||
|
||||
.sidebar .nav-link {
|
||||
color: #333;
|
||||
}
|
||||
|
||||
.sidebar .nav-link.active {
|
||||
color: #0d6efd;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<nav class="navbar navbar-light bg-light p-3">
|
||||
<div class="d-flex col-12 col-md-3 col-lg-2 mb-2 mb-lg-0 flex-wrap flex-md-nowrap justify-content-between">
|
||||
<a class="navbar-brand" href="#">
|
||||
Simple Dashboard
|
||||
</a>
|
||||
<button class="navbar-toggler d-md-none collapsed mb-3" type="button" data-toggle="collapse" data-target="#sidebar" aria-controls="sidebar" aria-expanded="false" aria-label="Toggle navigation">
|
||||
<span class="navbar-toggler-icon"></span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="col-12 col-md-4 col-lg-2">
|
||||
<input class="form-control form-control-dark" type="text" placeholder="Search" aria-label="Search">
|
||||
</div>
|
||||
<div class="col-12 col-md-5 col-lg-8 d-flex align-items-center justify-content-md-end mt-3 mt-md-0">
|
||||
<div class="mr-3 mt-1">
|
||||
<a class="github-button" href="https://github.com/themesberg/simple-bootstrap-5-dashboard" data-color-scheme="no-preference: dark; light: light; dark: light;" data-icon="octicon-star" data-size="large" data-show-count="true" aria-label="Star /themesberg/simple-bootstrap-5-dashboard">Star</a>
|
||||
</div>
|
||||
<div class="dropdown">
|
||||
<button class="btn btn-secondary dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-expanded="false">
|
||||
Hello, John Doe
|
||||
</button>
|
||||
<ul class="dropdown-menu" aria-labelledby="dropdownMenuButton">
|
||||
<li><a class="dropdown-item" href="#">Settings</a></li>
|
||||
<li><a class="dropdown-item" href="#">Messages</a></li>
|
||||
<li><a class="dropdown-item" href="#">Sign out</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
<div class="container-fluid">
|
||||
<div class="row">
|
||||
<nav id="sidebar" class="col-md-3 col-lg-2 d-md-block bg-light sidebar collapse">
|
||||
<div class="position-sticky">
|
||||
<ul class="nav flex-column">
|
||||
<li class="nav-item">
|
||||
<a class="nav-link active" aria-current="page" href="#">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-home"><path d="M3 9l9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z"></path><polyline points="9 22 9 12 15 12 15 22"></polyline></svg>
|
||||
<span class="ml-2">Dashboard</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="#">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline></svg>
|
||||
<span class="ml-2">Orders</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="#">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-shopping-cart"><circle cx="9" cy="21" r="1"></circle><circle cx="20" cy="21" r="1"></circle><path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"></path></svg>
|
||||
<span class="ml-2">Products</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="#">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-users"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"></path><circle cx="9" cy="7" r="4"></circle><path d="M23 21v-2a4 4 0 0 0-3-3.87"></path><path d="M16 3.13a4 4 0 0 1 0 7.75"></path></svg>
|
||||
<span class="ml-2">Customers</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="#">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-bar-chart-2"><line x1="18" y1="20" x2="18" y2="10"></line><line x1="12" y1="20" x2="12" y2="4"></line><line x1="6" y1="20" x2="6" y2="14"></line></svg>
|
||||
<span class="ml-2">Reports</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="#">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-layers"><polygon points="12 2 2 7 12 12 22 7 12 2"></polygon><polyline points="2 17 12 22 22 17"></polyline><polyline points="2 12 12 17 22 12"></polyline></svg>
|
||||
<span class="ml-2">Integrations</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="btn btn-sm btn-secondary ml-3 mt-2" href="https://themesberg.com/blog/bootstrap/simple-bootstrap-5-dashboard-tutorial">
|
||||
<svg width="1em" height="1em" viewBox="0 0 16 16" class="bi bi-book" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
|
||||
<path fill-rule="evenodd" d="M1 2.828v9.923c.918-.35 2.107-.692 3.287-.81 1.094-.111 2.278-.039 3.213.492V2.687c-.654-.689-1.782-.886-3.112-.752-1.234.124-2.503.523-3.388.893zm7.5-.141v9.746c.935-.53 2.12-.603 3.213-.493 1.18.12 2.37.461 3.287.811V2.828c-.885-.37-2.154-.769-3.388-.893-1.33-.134-2.458.063-3.112.752zM8 1.783C7.015.936 5.587.81 4.287.94c-1.514.153-3.042.672-3.994 1.105A.5.5 0 0 0 0 2.5v11a.5.5 0 0 0 .707.455c.882-.4 2.303-.881 3.68-1.02 1.409-.142 2.59.087 3.223.877a.5.5 0 0 0 .78 0c.633-.79 1.814-1.019 3.222-.877 1.378.139 2.8.62 3.681 1.02A.5.5 0 0 0 16 13.5v-11a.5.5 0 0 0-.293-.455c-.952-.433-2.48-.952-3.994-1.105C10.413.809 8.985.936 8 1.783z"/>
|
||||
</svg>
|
||||
<span class="ml-2">Read tutorial</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="btn btn-sm btn-warning ml-3 mt-2" href="https://themesberg.com/product/admin-dashboard/volt-bootstrap-5-dashboard">
|
||||
⚡︎ Volt Dashboard
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="btn btn-sm btn-primary ml-3 mt-2" href="https://themesberg.com">
|
||||
By Themesberg ❤️
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</nav>
|
||||
<main class="col-md-9 ml-sm-auto col-lg-10 px-md-4 py-4">
|
||||
<nav aria-label="breadcrumb">
|
||||
<ol class="breadcrumb">
|
||||
<li class="breadcrumb-item"><a href="#">Home</a></li>
|
||||
<li class="breadcrumb-item active" aria-current="page">Overview</li>
|
||||
</ol>
|
||||
</nav>
|
||||
<h1 class="h2">Dashboard</h1>
|
||||
<p>This is the homepage of a simple admin interface which is part of a tutorial written on Themesberg</p>
|
||||
<div class="row my-4">
|
||||
<div class="col-12 col-md-6 col-lg-3 mb-4 mb-lg-0">
|
||||
<div class="card">
|
||||
<h5 class="card-header">Customers</h5>
|
||||
<div class="card-body">
|
||||
<h5 class="card-title">345k</h5>
|
||||
<p class="card-text">Feb 1 - Apr 1, United States</p>
|
||||
<p class="card-text text-success">18.2% increase since last month</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
|
||||
<div class="card">
|
||||
<h5 class="card-header">Revenue</h5>
|
||||
<div class="card-body">
|
||||
<h5 class="card-title">$2.4k</h5>
|
||||
<p class="card-text">Feb 1 - Apr 1, United States</p>
|
||||
<p class="card-text text-success">4.6% increase since last month</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
|
||||
<div class="card">
|
||||
<h5 class="card-header">Purchases</h5>
|
||||
<div class="card-body">
|
||||
<h5 class="card-title">43</h5>
|
||||
<p class="card-text">Feb 1 - Apr 1, United States</p>
|
||||
<p class="card-text text-danger">2.6% decrease since last month</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-12 col-md-6 mb-4 mb-lg-0 col-lg-3">
|
||||
<div class="card">
|
||||
<h5 class="card-header">Traffic</h5>
|
||||
<div class="card-body">
|
||||
<h5 class="card-title">64k</h5>
|
||||
<p class="card-text">Feb 1 - Apr 1, United States</p>
|
||||
<p class="card-text text-success">2.5% increase since last month</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-12 col-xl-8 mb-4 mb-lg-0">
|
||||
<div class="card">
|
||||
<h5 class="card-header">Latest transactions</h5>
|
||||
<div class="card-body">
|
||||
<div class="table-responsive">
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th scope="col">Order</th>
|
||||
<th scope="col">Product</th>
|
||||
<th scope="col">Customer</th>
|
||||
<th scope="col">Total</th>
|
||||
<th scope="col">Date</th>
|
||||
<th scope="col"></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th scope="row">17371705</th>
|
||||
<td>Volt Premium Bootstrap 5 Dashboard</td>
|
||||
<td>johndoe@gmail.com</td>
|
||||
<td>€61.11</td>
|
||||
<td>Aug 31 2020</td>
|
||||
<td><a href="#" class="btn btn-sm btn-primary">View</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">17370540</th>
|
||||
<td>Pixel Pro Premium Bootstrap UI Kit</td>
|
||||
<td>jacob.monroe@company.com</td>
|
||||
<td>$153.11</td>
|
||||
<td>Aug 28 2020</td>
|
||||
<td><a href="#" class="btn btn-sm btn-primary">View</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">17371705</th>
|
||||
<td>Volt Premium Bootstrap 5 Dashboard</td>
|
||||
<td>johndoe@gmail.com</td>
|
||||
<td>€61.11</td>
|
||||
<td>Aug 31 2020</td>
|
||||
<td><a href="#" class="btn btn-sm btn-primary">View</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">17370540</th>
|
||||
<td>Pixel Pro Premium Bootstrap UI Kit</td>
|
||||
<td>jacob.monroe@company.com</td>
|
||||
<td>$153.11</td>
|
||||
<td>Aug 28 2020</td>
|
||||
<td><a href="#" class="btn btn-sm btn-primary">View</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">17371705</th>
|
||||
<td>Volt Premium Bootstrap 5 Dashboard</td>
|
||||
<td>johndoe@gmail.com</td>
|
||||
<td>€61.11</td>
|
||||
<td>Aug 31 2020</td>
|
||||
<td><a href="#" class="btn btn-sm btn-primary">View</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row">17370540</th>
|
||||
<td>Pixel Pro Premium Bootstrap UI Kit</td>
|
||||
<td>jacob.monroe@company.com</td>
|
||||
<td>$153.11</td>
|
||||
<td>Aug 28 2020</td>
|
||||
<td><a href="#" class="btn btn-sm btn-primary">View</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<a href="#" class="btn btn-block btn-light">View all</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-12 col-xl-4">
|
||||
<div class="card">
|
||||
<h5 class="card-header">Traffic last 6 months</h5>
|
||||
<div class="card-body">
|
||||
<div id="traffic-chart"></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<footer class="pt-5 d-flex justify-content-between">
|
||||
<span>Copyright © 2019-2020 <a href="https://themesberg.com">Themesberg</a></span>
|
||||
<ul class="nav m-0">
|
||||
<li class="nav-item">
|
||||
<a class="nav-link text-secondary" aria-current="page" href="#">Privacy Policy</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link text-secondary" href="#">Terms and conditions</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link text-secondary" href="#">Contact</a>
|
||||
</li>
|
||||
</ul>
|
||||
</footer>
|
||||
</main>
|
||||
</div>
|
||||
</div>
|
||||
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
|
||||
<script src="https://stackpath.bootstrapcdn.com/bootstrap/5.0.0-alpha1/js/bootstrap.min.js" integrity="sha384-oesi62hOLfzrys4LxRF63OJCXdXDipiYWBnvTl9Y9/TRlw5xlKIEHpNyvvDShgf/" crossorigin="anonymous"></script>
|
||||
<script src="https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.js"></script>
|
||||
<!-- Github buttons -->
|
||||
<script async defer src="https://buttons.github.io/buttons.js"></script>
|
||||
<script>
|
||||
new Chartist.Line('#traffic-chart', {
|
||||
labels: ['January', 'Februrary', 'March', 'April', 'May', 'June'],
|
||||
series: [
|
||||
[23000, 25000, 19000, 34000, 56000, 64000]
|
||||
]
|
||||
}, {
|
||||
low: 0,
|
||||
showArea: true
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,369 @@
|
||||
---
|
||||
Description: Stack for AWS resources to run Prowler scan
|
||||
AWSTemplateFormatVersion: "2010-09-09"
|
||||
|
||||
Parameters:
|
||||
ServiceName:
|
||||
Description: 'Specifies the service name used within component naming'
|
||||
Type: String
|
||||
Default: 'prowler'
|
||||
|
||||
LogsRetentionInDays:
|
||||
Description: 'Specifies the number of days you want to retain CloudWatch log events in the specified log group.'
|
||||
Type: Number
|
||||
Default: 3
|
||||
AllowedValues: [1, 3, 5, 7, 14, 30, 60]
|
||||
|
||||
ProwlerOptions:
|
||||
Description: 'Options to pass to Prowler command. For all options see ./prowler -h'
|
||||
Type: String
|
||||
Default: '-r eu-west-1 -f eu-west-1 -M text,junit-xml,html -c check11,check12,check13,check14'
|
||||
|
||||
ProwlerSchedule:
|
||||
Description: The time when Prowler will run in cron format. Default is daily at 22:00h/10PM
|
||||
Type: String
|
||||
Default: '0 22 * * *'
|
||||
|
||||
ProwlerInstanceType:
|
||||
Description: Enter Instance Type
|
||||
Type: String
|
||||
Default: t2.micro
|
||||
|
||||
Ec2ImageId:
|
||||
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
|
||||
Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters.
|
||||
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
|
||||
|
||||
Ec2InstanceKeyName:
|
||||
Description: The name of key pair
|
||||
Type: AWS::EC2::KeyPair::KeyName
|
||||
|
||||
SecurityGroupIds:
|
||||
Description: Security group IDs
|
||||
Type: CommaDelimitedList
|
||||
|
||||
SubnetIds:
|
||||
Description: VPC subnet IDs
|
||||
Type: CommaDelimitedList
|
||||
|
||||
Resources:
|
||||
|
||||
ReportBucket:
|
||||
Type: AWS::S3::Bucket
|
||||
Properties:
|
||||
BucketName: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
|
||||
AccessControl: Private
|
||||
BucketEncryption:
|
||||
ServerSideEncryptionConfiguration:
|
||||
- ServerSideEncryptionByDefault:
|
||||
SSEAlgorithm: AES256
|
||||
PublicAccessBlockConfiguration:
|
||||
BlockPublicAcls: true
|
||||
BlockPublicPolicy: true
|
||||
IgnorePublicAcls: true
|
||||
RestrictPublicBuckets: true
|
||||
VersioningConfiguration:
|
||||
Status: Enabled
|
||||
# LoggingConfiguration:
|
||||
# DestinationBucketName: !Sub "my-access-log-bucket-${AWS::Region}-${AWS::AccountId}"
|
||||
# LogFilePrefix: !Sub "${ProwlerReportBucket}/"
|
||||
LifecycleConfiguration:
|
||||
Rules:
|
||||
- Id: AutoDelete
|
||||
Status: Enabled
|
||||
NoncurrentVersionExpirationInDays: 30
|
||||
ExpirationInDays: 365
|
||||
Transition:
|
||||
TransitionInDays: 30
|
||||
StorageClass: STANDARD_IA
|
||||
|
||||
ReportBucketPolicy:
|
||||
Type: "AWS::S3::BucketPolicy"
|
||||
Properties:
|
||||
Bucket: !Ref ReportBucket
|
||||
PolicyDocument:
|
||||
Statement:
|
||||
- Sid: DenyDelete
|
||||
Effect: Deny
|
||||
Principal: "*"
|
||||
Action: s3:Delete*
|
||||
Resource:
|
||||
- !Sub "${ReportBucket.Arn}/*"
|
||||
- Sid: S3ForceSSL
|
||||
Effect: Deny
|
||||
Principal: '*'
|
||||
Action: '*'
|
||||
Resource:
|
||||
- !Join ['', ['arn:aws:s3:::', !Ref 'ReportBucket', '/*']]
|
||||
Condition:
|
||||
Bool:
|
||||
aws:SecureTransport: 'false'
|
||||
- Sid: ForceUploadEcryption
|
||||
Effect: Deny
|
||||
Principal: '*'
|
||||
Action: 's3:PutObject'
|
||||
Condition:
|
||||
'Null':
|
||||
s3:x-amz-server-side-encryption: 'true'
|
||||
Resource:
|
||||
- !Sub "${ReportBucket.Arn}"
|
||||
- !Sub "${ReportBucket.Arn}/*"
|
||||
|
||||
InstanceProfile:
|
||||
Type: AWS::IAM::InstanceProfile
|
||||
Properties:
|
||||
Path: "/"
|
||||
Roles:
|
||||
- !Ref InstanceRole
|
||||
|
||||
InstanceRole:
|
||||
Type: AWS::IAM::Role
|
||||
Properties:
|
||||
Path: "/"
|
||||
RoleName: !Sub "${ServiceName}-prowler-role"
|
||||
MaxSessionDuration: 10800
|
||||
AssumeRolePolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Principal:
|
||||
Service:
|
||||
- ec2.amazonaws.com
|
||||
Action:
|
||||
- sts:AssumeRole
|
||||
ManagedPolicyArns:
|
||||
- "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
|
||||
- "arn:aws:iam::aws:policy/SecurityAudit"
|
||||
- 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
|
||||
Policies:
|
||||
- PolicyName: ProwlerAdditionsPolicy
|
||||
PolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
- Sid: AllowMoreReadForProwler
|
||||
Action:
|
||||
- "access-analyzer:List*"
|
||||
- "apigateway:Get*"
|
||||
- "apigatewayv2:Get*"
|
||||
- "aws-marketplace:ViewSubscriptions"
|
||||
- "dax:ListTables"
|
||||
- "ds:ListAuthorizedApplications"
|
||||
- "ds:DescribeRoles"
|
||||
- "ec2:GetEbsEncryptionByDefault"
|
||||
- "ecr:Describe*"
|
||||
- "lambda:GetAccountSettings"
|
||||
- "lambda:GetFunction"
|
||||
- "lambda:GetFunctionConfiguration"
|
||||
- "lambda:GetLayerVersionPolicy"
|
||||
- "lambda:GetPolicy"
|
||||
- "opsworks-cm:Describe*"
|
||||
- "opsworks:Describe*"
|
||||
- "secretsmanager:ListSecretVersionIds"
|
||||
- "sns:List*"
|
||||
- "sqs:ListQueueTags"
|
||||
- "states:ListActivities"
|
||||
- "support:Describe*"
|
||||
- "tag:GetTagKeys"
|
||||
Effect: "Allow"
|
||||
Resource: "*"
|
||||
- PolicyName: LogGroup
|
||||
PolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- logs:CreateLogStream
|
||||
- logs:CreateLogGroup
|
||||
- logs:PutLogEvents
|
||||
Resource: !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${ProwlerLogGroup}:*'
|
||||
- PolicyName: CloudWatchMetrics
|
||||
PolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- cloudwatch:PutMetricData
|
||||
Resource: "*"
|
||||
- PolicyName: ProwlerMaintenancePolicy
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
# - Sid: AllowAssumeProwlerRole
|
||||
# Effect: Allow
|
||||
# Action:
|
||||
# - "sts:AssumeRole"
|
||||
# Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/application/prod-prowler-role"
|
||||
- Sid: AllowScaleDownAutoScalingGroup
|
||||
Effect: Allow
|
||||
Action:
|
||||
- "autoscaling:DescribeAutoScalingGroups"
|
||||
- "autoscaling:DescribeAutoScalingInstances"
|
||||
- "autoscaling:SetDesiredCapacity"
|
||||
Resource: "*"
|
||||
- Sid: AllowDescribeRegions
|
||||
Effect: Allow
|
||||
Action:
|
||||
- "ec2:DescribeRegions"
|
||||
Resource: "*"
|
||||
- Sid: SSMSessionManager
|
||||
Effect: Allow
|
||||
Action:
|
||||
- ec2messages:*
|
||||
- ssmmessages:*
|
||||
- ssm:*
|
||||
Resource: "*"
|
||||
# - Sid: SlackNotification
|
||||
# Effect: Allow
|
||||
# Action:
|
||||
# - events:PutEvents
|
||||
# Resource: !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default"
|
||||
- Sid: AllowUploadReport
|
||||
Effect: Allow
|
||||
Action:
|
||||
- "s3:PutObject"
|
||||
Resource:
|
||||
- !Sub "${ReportBucket.Arn}/*"
|
||||
|
||||
ProwlerLogGroup:
|
||||
Type: 'AWS::Logs::LogGroup'
|
||||
Properties:
|
||||
LogGroupName: !Sub "${ServiceName}-${AWS::StackName}"
|
||||
RetentionInDays: !Ref LogsRetentionInDays
|
||||
|
||||
Ec2InstanceLaunchTemplate:
|
||||
Type: AWS::EC2::LaunchTemplate
|
||||
Metadata:
|
||||
AWS::CloudFormation::Init:
|
||||
config:
|
||||
files:
|
||||
/opt/prowler.sh:
|
||||
content: !Sub |
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
# export AWS_DEFAULT_REGION=${AWS::Region}
|
||||
# export AWS_PARTITION=aws
|
||||
|
||||
# declare -A ACCOUNTS
|
||||
# ACCOUNTS[ssvc]='798980982229'
|
||||
# ACCOUNTS[prod]='579842252590'
|
||||
# ACCOUNTS[uat]='990839841794'
|
||||
|
||||
# TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
|
||||
# INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
# ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
|
||||
# ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
|
||||
|
||||
# PROWLER_REPORT="${!ENVIRONMENT}_prowler_report_$(date +%d%m%Y).csv"
|
||||
# REPORT_S3_LOCATION="${ReportBucket}"
|
||||
|
||||
# cd /opt/prowler
|
||||
# /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
|
||||
# aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
|
||||
|
||||
# /opt/prowler/prowler -A "${!ACCOUNTS[$ENVIRONMENT]}" \
|
||||
# -R "application/${!ENVIRONMENT}-prowler-role" \
|
||||
# -T 10800 \
|
||||
# -m 500 \
|
||||
# -r ${AWS::Region} \
|
||||
# -E extra79,extra710,extra712,extra757,extra758,extra770,extra774 \
|
||||
# -b -q -M csv | tee -a $PROWLER_REPORT
|
||||
|
||||
# Upload to S3
|
||||
# aws s3 cp $PROWLER_REPORT $REPORT_S3_LOCATION --sse
|
||||
|
||||
# Send Slack notification
|
||||
# message="Prowler scan for \`${!ENVIRONMENT}\` completed. Please check report from \`${!REPORT_S3_LOCATION}\`."
|
||||
# aws events put-events --entries "[{\"Source\":\"myorg:slack\",\"DetailType\":\"hello\",\"Detail\":\"{\\\"username\\\":\\\"Prowler Scanner\\\",\\\"avatar\\\":\\\":aws:\\\",\\\"channel\\\":\\\"#t-fs-calabash\\\",\\\"text\\\":\\\"${!message}\\\"}\"}]"
|
||||
|
||||
# Scale Down Auto Scaling Group
|
||||
# aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
|
||||
mode: '000755'
|
||||
owner: root
|
||||
group: root
|
||||
Properties:
|
||||
LaunchTemplateData:
|
||||
SecurityGroupIds: !Ref SecurityGroupIds
|
||||
MetadataOptions:
|
||||
HttpEndpoint: enabled
|
||||
HttpTokens: optional
|
||||
TagSpecifications:
|
||||
- ResourceType: instance
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value: !Ref 'AWS::StackName'
|
||||
UserData:
|
||||
Fn::Base64: !Sub |
|
||||
#cloud-config
|
||||
runcmd:
|
||||
- while ! curl --connect-timeout 1 -s http://169.254.169.254/ > /dev/null; do echo "-- waiting for instance network to wake up ..."; done
|
||||
- /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource Ec2InstanceLaunchTemplate --region ${AWS::Region}
|
||||
- yum update -y
|
||||
- yum install -y python3-pip git jq
|
||||
- pip3 install detect-secrets
|
||||
- git clone https://github.com/toniblyx/prowler.git /opt/prowler
|
||||
- export AWS_DEFAULT_REGION=${AWS::Region}
|
||||
- export REPORT_S3_LOCATION=${ReportBucket}
|
||||
- export TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token")
|
||||
- export INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
- export ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text)
|
||||
- export ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text)
|
||||
- cd /opt/prowler
|
||||
- /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv
|
||||
- aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/
|
||||
- aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0
|
||||
- /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource ASGroup --region ${AWS::Region}
|
||||
InstanceInitiatedShutdownBehavior: terminate
|
||||
IamInstanceProfile:
|
||||
Name: !Ref InstanceProfile
|
||||
KeyName: !Ref 'Ec2InstanceKeyName'
|
||||
ImageId: !Ref 'Ec2ImageId'
|
||||
InstanceType: !Ref ProwlerInstanceType
|
||||
BlockDeviceMappings:
|
||||
- DeviceName: /dev/xvda
|
||||
Ebs:
|
||||
Encrypted: true
|
||||
KmsKeyId: alias/aws/ebs
|
||||
VolumeType: standard
|
||||
DeleteOnTermination: true
|
||||
VolumeSize: 8
|
||||
InstanceMarketOptions:
|
||||
MarketType: spot
|
||||
SpotOptions:
|
||||
SpotInstanceType: one-time
|
||||
MaxPrice: 0.006
|
||||
|
||||
ProwlerAutoScalingGroup:
|
||||
Type: AWS::AutoScaling::AutoScalingGroup
|
||||
UpdatePolicy:
|
||||
AutoScalingReplacingUpdate:
|
||||
WillReplace: true
|
||||
Properties:
|
||||
VPCZoneIdentifier: !Ref SubnetIds
|
||||
LaunchTemplate:
|
||||
LaunchTemplateId: !Ref 'Ec2InstanceLaunchTemplate'
|
||||
Version: !GetAtt 'Ec2InstanceLaunchTemplate.LatestVersionNumber'
|
||||
MinSize: 1
|
||||
MaxSize: 1
|
||||
HealthCheckGracePeriod: 300
|
||||
HealthCheckType: EC2
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value: !Sub "${AWS::StackName}"
|
||||
PropagateAtLaunch: true
|
||||
|
||||
ProwlerScheduledScaleUp:
|
||||
Type: AWS::AutoScaling::ScheduledAction
|
||||
Properties:
|
||||
AutoScalingGroupName: !Ref ProwlerAutoScalingGroup
|
||||
DesiredCapacity: 1
|
||||
MaxSize: 1
|
||||
MinSize: 0
|
||||
Recurrence: !Ref ProwlerSchedule
|
||||
|
||||
Outputs:
|
||||
ReportBucket:
|
||||
Description: Report Bucket Name
|
||||
Value: !Ref 'ReportBucket'
|
||||
Export:
|
||||
Name: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}'
|
||||
217
util/quicksight/create-data-source-cli-input.json
Normal file
217
util/quicksight/create-data-source-cli-input.json
Normal file
@@ -0,0 +1,217 @@
|
||||
{
|
||||
"AwsAccountId": "",
|
||||
"DataSourceId": "",
|
||||
"Name": "",
|
||||
"Type": "SNOWFLAKE",
|
||||
"DataSourceParameters": {
|
||||
"AmazonElasticsearchParameters": {
|
||||
"Domain": ""
|
||||
},
|
||||
"AthenaParameters": {
|
||||
"WorkGroup": ""
|
||||
},
|
||||
"AuroraParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"AuroraPostgreSqlParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"AwsIotAnalyticsParameters": {
|
||||
"DataSetName": ""
|
||||
},
|
||||
"JiraParameters": {
|
||||
"SiteBaseUrl": ""
|
||||
},
|
||||
"MariaDbParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"MySqlParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"OracleParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"PostgreSqlParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"PrestoParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Catalog": ""
|
||||
},
|
||||
"RdsParameters": {
|
||||
"InstanceId": "",
|
||||
"Database": ""
|
||||
},
|
||||
"RedshiftParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": "",
|
||||
"ClusterId": ""
|
||||
},
|
||||
"S3Parameters": {
|
||||
"ManifestFileLocation": {
|
||||
"Bucket": "",
|
||||
"Key": ""
|
||||
}
|
||||
},
|
||||
"ServiceNowParameters": {
|
||||
"SiteBaseUrl": ""
|
||||
},
|
||||
"SnowflakeParameters": {
|
||||
"Host": "",
|
||||
"Database": "",
|
||||
"Warehouse": ""
|
||||
},
|
||||
"SparkParameters": {
|
||||
"Host": "",
|
||||
"Port": 0
|
||||
},
|
||||
"SqlServerParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"TeradataParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"TwitterParameters": {
|
||||
"Query": "",
|
||||
"MaxRows": 0
|
||||
}
|
||||
},
|
||||
"Credentials": {
|
||||
"CredentialPair": {
|
||||
"Username": "",
|
||||
"Password": "",
|
||||
"AlternateDataSourceParameters": [
|
||||
{
|
||||
"AmazonElasticsearchParameters": {
|
||||
"Domain": ""
|
||||
},
|
||||
"AthenaParameters": {
|
||||
"WorkGroup": ""
|
||||
},
|
||||
"AuroraParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"AuroraPostgreSqlParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"AwsIotAnalyticsParameters": {
|
||||
"DataSetName": ""
|
||||
},
|
||||
"JiraParameters": {
|
||||
"SiteBaseUrl": ""
|
||||
},
|
||||
"MariaDbParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"MySqlParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"OracleParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"PostgreSqlParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"PrestoParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Catalog": ""
|
||||
},
|
||||
"RdsParameters": {
|
||||
"InstanceId": "",
|
||||
"Database": ""
|
||||
},
|
||||
"RedshiftParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": "",
|
||||
"ClusterId": ""
|
||||
},
|
||||
"S3Parameters": {
|
||||
"ManifestFileLocation": {
|
||||
"Bucket": "",
|
||||
"Key": ""
|
||||
}
|
||||
},
|
||||
"ServiceNowParameters": {
|
||||
"SiteBaseUrl": ""
|
||||
},
|
||||
"SnowflakeParameters": {
|
||||
"Host": "",
|
||||
"Database": "",
|
||||
"Warehouse": ""
|
||||
},
|
||||
"SparkParameters": {
|
||||
"Host": "",
|
||||
"Port": 0
|
||||
},
|
||||
"SqlServerParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"TeradataParameters": {
|
||||
"Host": "",
|
||||
"Port": 0,
|
||||
"Database": ""
|
||||
},
|
||||
"TwitterParameters": {
|
||||
"Query": "",
|
||||
"MaxRows": 0
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"CopySourceArn": ""
|
||||
},
|
||||
"Permissions": [
|
||||
{
|
||||
"Principal": "",
|
||||
"Actions": [
|
||||
""
|
||||
]
|
||||
}
|
||||
],
|
||||
"VpcConnectionProperties": {
|
||||
"VpcConnectionArn": ""
|
||||
},
|
||||
"SslProperties": {
|
||||
"DisableSsl": true
|
||||
},
|
||||
"Tags": [
|
||||
{
|
||||
"Key": "",
|
||||
"Value": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
18
util/quicksight/create-template-cli-input.json
Normal file
18
util/quicksight/create-template-cli-input.json
Normal file
@@ -0,0 +1,18 @@
|
||||
{
|
||||
"AwsAccountId": "951061203682",
|
||||
"TemplateId": "DemoDashboardTemplate",
|
||||
"Name": "Demo Dashboard Template",
|
||||
"SourceEntity": {
|
||||
"SourceAnalysis": {
|
||||
"Arn": "arn:aws:quicksight:eu-west-1:951061203682:analysis/ e52808ac-43df-46c2-bde6-d08393effcf",
|
||||
"DataSetReferences": [
|
||||
{
|
||||
"DataSetPlaceholder": "DS1",
|
||||
"DataSetArn": " arn:aws:quicksight:eu-west-1:951061203682:dataset/44767579-c881-42e7-bf4c-929af56bdc69"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"VersionDescription": "1"
|
||||
}
|
||||
|
||||
12
util/quicksight/prowler-quicksight-datasource-manifest.json
Normal file
12
util/quicksight/prowler-quicksight-datasource-manifest.json
Normal file
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"fileLocations": [{
|
||||
"URIPrefixes": [
|
||||
"https://s3-eu-west-1.amazonaws.com/prowler-ens-reports-eu-west-1-prowler-951061203682/"
|
||||
]
|
||||
}],
|
||||
"globalUploadSettings": {
|
||||
"format": "CSV",
|
||||
"delimiter": ",",
|
||||
"containsHeader": "true"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user