From 3936a7b17ad961e258fff82df14b1565ae883a81 Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Mon, 5 Jul 2021 20:11:35 +0200 Subject: [PATCH] Changed how color codes are shown in text mode --- include/colors | 7 +- util/dashboard/index.html | 307 +++++++++++++++ ...or-continuous-monitoring-template.yaml-WIP | 369 ++++++++++++++++++ .../create-data-source-cli-input.json | 217 ++++++++++ .../quicksight/create-template-cli-input.json | 18 + ...rowler-quicksight-datasource-manifest.json | 12 + 6 files changed, 928 insertions(+), 2 deletions(-) create mode 100644 util/dashboard/index.html create mode 100644 util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP create mode 100644 util/quicksight/create-data-source-cli-input.json create mode 100644 util/quicksight/create-template-cli-input.json create mode 100644 util/quicksight/prowler-quicksight-datasource-manifest.json diff --git a/include/colors b/include/colors index dd8a8d20..d1f2afcb 100644 --- a/include/colors +++ b/include/colors @@ -67,7 +67,10 @@ fi printColorsCode(){ if [[ $MONOCHROME -eq 0 ]]; then - echo -e "\n$NORMAL Colors code for results: " - echo -e "$NOTICE INFO (Information)$NORMAL,$OK PASS (Recommended value)$NORMAL, $WARNING WARNING (Ignored by whitelist)$NORMAL, $BAD FAIL (Fix required)$NORMAL, $PURPLE Not Scored $NORMAL" + echo -e "\n$NORMAL Color code for results: " + echo -e " - $NOTICE INFO (Information)$NORMAL" + echo -e " - $OK PASS (Recommended value)$NORMAL" + echo -e " - $WARNING WARNING (Ignored by whitelist)$NORMAL" + echo -e " - $BAD FAIL (Fix required)$NORMAL" fi } diff --git a/util/dashboard/index.html b/util/dashboard/index.html new file mode 100644 index 00000000..afa55c3c --- /dev/null +++ b/util/dashboard/index.html @@ -0,0 +1,307 @@ + + + + + + Bootstrap 5 Simple Admin Dashboard + + + + + + +
+
+ +
+ +

Dashboard

+

This is the homepage of a simple admin interface which is part of a tutorial written on Themesberg

+
+
+
+
Customers
+
+
345k
+

Feb 1 - Apr 1, United States

+

18.2% increase since last month

+
+
+
+
+
+
Revenue
+
+
$2.4k
+

Feb 1 - Apr 1, United States

+

4.6% increase since last month

+
+
+
+
+
+
Purchases
+
+
43
+

Feb 1 - Apr 1, United States

+

2.6% decrease since last month

+
+
+
+
+
+
Traffic
+
+
64k
+

Feb 1 - Apr 1, United States

+

2.5% increase since last month

+
+
+
+
+
+
+
+
Latest transactions
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OrderProductCustomerTotalDate
17371705Volt Premium Bootstrap 5 Dashboardjohndoe@gmail.com€61.11Aug 31 2020View
17370540Pixel Pro Premium Bootstrap UI Kitjacob.monroe@company.com$153.11Aug 28 2020View
17371705Volt Premium Bootstrap 5 Dashboardjohndoe@gmail.com€61.11Aug 31 2020View
17370540Pixel Pro Premium Bootstrap UI Kitjacob.monroe@company.com$153.11Aug 28 2020View
17371705Volt Premium Bootstrap 5 Dashboardjohndoe@gmail.com€61.11Aug 31 2020View
17370540Pixel Pro Premium Bootstrap UI Kitjacob.monroe@company.com$153.11Aug 28 2020View
+
+ View all +
+
+
+
+
+
Traffic last 6 months
+
+
+
+
+
+
+ +
+
+
+ + + + + + + + \ No newline at end of file diff --git a/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP b/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP new file mode 100644 index 00000000..b80526c9 --- /dev/null +++ b/util/ec2-automation/one-time-or-continuous-monitoring-template.yaml-WIP @@ -0,0 +1,369 @@ +--- +Description: Stack for AWS resources to run Prowler scan +AWSTemplateFormatVersion: "2010-09-09" + +Parameters: + ServiceName: + Description: 'Specifies the service name used within component naming' + Type: String + Default: 'prowler' + + LogsRetentionInDays: + Description: 'Specifies the number of days you want to retain CloudWatch log events in the specified log group.' + Type: Number + Default: 3 + AllowedValues: [1, 3, 5, 7, 14, 30, 60] + + ProwlerOptions: + Description: 'Options to pass to Prowler command. For all options see ./prowler -h' + Type: String + Default: '-r eu-west-1 -f eu-west-1 -M text,junit-xml,html -c check11,check12,check13,check14' + + ProwlerSchedule: + Description: The time when Prowler will run in cron format. Default is daily at 22:00h/10PM + Type: String + Default: '0 22 * * *' + + ProwlerInstanceType: + Description: Enter Instance Type + Type: String + Default: t2.micro + + Ec2ImageId: + Type: AWS::SSM::Parameter::Value + Description: Latest AMI ID for Amazon Linux 2 (via AWS Publis SSM Parameters. See https://tinyurl.com/aws-public-ssm-parameters. + Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs + + Ec2InstanceKeyName: + Description: The name of key pair + Type: AWS::EC2::KeyPair::KeyName + + SecurityGroupIds: + Description: Security group IDs + Type: CommaDelimitedList + + SubnetIds: + Description: VPC subnet IDs + Type: CommaDelimitedList + +Resources: + + ReportBucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}' + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + VersioningConfiguration: + Status: Enabled + # LoggingConfiguration: + # DestinationBucketName: !Sub "my-access-log-bucket-${AWS::Region}-${AWS::AccountId}" + # LogFilePrefix: !Sub "${ProwlerReportBucket}/" + LifecycleConfiguration: + Rules: + - Id: AutoDelete + Status: Enabled + NoncurrentVersionExpirationInDays: 30 + ExpirationInDays: 365 + Transition: + TransitionInDays: 30 + StorageClass: STANDARD_IA + + ReportBucketPolicy: + Type: "AWS::S3::BucketPolicy" + Properties: + Bucket: !Ref ReportBucket + PolicyDocument: + Statement: + - Sid: DenyDelete + Effect: Deny + Principal: "*" + Action: s3:Delete* + Resource: + - !Sub "${ReportBucket.Arn}/*" + - Sid: S3ForceSSL + Effect: Deny + Principal: '*' + Action: '*' + Resource: + - !Join ['', ['arn:aws:s3:::', !Ref 'ReportBucket', '/*']] + Condition: + Bool: + aws:SecureTransport: 'false' + - Sid: ForceUploadEcryption + Effect: Deny + Principal: '*' + Action: 's3:PutObject' + Condition: + 'Null': + s3:x-amz-server-side-encryption: 'true' + Resource: + - !Sub "${ReportBucket.Arn}" + - !Sub "${ReportBucket.Arn}/*" + + InstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Path: "/" + Roles: + - !Ref InstanceRole + + InstanceRole: + Type: AWS::IAM::Role + Properties: + Path: "/" + RoleName: !Sub "${ServiceName}-prowler-role" + MaxSessionDuration: 10800 + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: + - ec2.amazonaws.com + Action: + - sts:AssumeRole + ManagedPolicyArns: + - "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess" + - "arn:aws:iam::aws:policy/SecurityAudit" + - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore' + Policies: + - PolicyName: ProwlerAdditionsPolicy + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: AllowMoreReadForProwler + Action: + - "access-analyzer:List*" + - "apigateway:Get*" + - "apigatewayv2:Get*" + - "aws-marketplace:ViewSubscriptions" + - "dax:ListTables" + - "ds:ListAuthorizedApplications" + - "ds:DescribeRoles" + - "ec2:GetEbsEncryptionByDefault" + - "ecr:Describe*" + - "lambda:GetAccountSettings" + - "lambda:GetFunction" + - "lambda:GetFunctionConfiguration" + - "lambda:GetLayerVersionPolicy" + - "lambda:GetPolicy" + - "opsworks-cm:Describe*" + - "opsworks:Describe*" + - "secretsmanager:ListSecretVersionIds" + - "sns:List*" + - "sqs:ListQueueTags" + - "states:ListActivities" + - "support:Describe*" + - "tag:GetTagKeys" + Effect: "Allow" + Resource: "*" + - PolicyName: LogGroup + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:CreateLogGroup + - logs:PutLogEvents + Resource: !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${ProwlerLogGroup}:*' + - PolicyName: CloudWatchMetrics + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - cloudwatch:PutMetricData + Resource: "*" + - PolicyName: ProwlerMaintenancePolicy + PolicyDocument: + Version: "2012-10-17" + Statement: + # - Sid: AllowAssumeProwlerRole + # Effect: Allow + # Action: + # - "sts:AssumeRole" + # Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/application/prod-prowler-role" + - Sid: AllowScaleDownAutoScalingGroup + Effect: Allow + Action: + - "autoscaling:DescribeAutoScalingGroups" + - "autoscaling:DescribeAutoScalingInstances" + - "autoscaling:SetDesiredCapacity" + Resource: "*" + - Sid: AllowDescribeRegions + Effect: Allow + Action: + - "ec2:DescribeRegions" + Resource: "*" + - Sid: SSMSessionManager + Effect: Allow + Action: + - ec2messages:* + - ssmmessages:* + - ssm:* + Resource: "*" + # - Sid: SlackNotification + # Effect: Allow + # Action: + # - events:PutEvents + # Resource: !Sub "arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default" + - Sid: AllowUploadReport + Effect: Allow + Action: + - "s3:PutObject" + Resource: + - !Sub "${ReportBucket.Arn}/*" + + ProwlerLogGroup: + Type: 'AWS::Logs::LogGroup' + Properties: + LogGroupName: !Sub "${ServiceName}-${AWS::StackName}" + RetentionInDays: !Ref LogsRetentionInDays + + Ec2InstanceLaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Metadata: + AWS::CloudFormation::Init: + config: + files: + /opt/prowler.sh: + content: !Sub | + #!/usr/bin/env bash + set -e + + # export AWS_DEFAULT_REGION=${AWS::Region} + # export AWS_PARTITION=aws + + # declare -A ACCOUNTS + # ACCOUNTS[ssvc]='798980982229' + # ACCOUNTS[prod]='579842252590' + # ACCOUNTS[uat]='990839841794' + + # TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token") + # INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id") + # ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text) + # ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text) + + # PROWLER_REPORT="${!ENVIRONMENT}_prowler_report_$(date +%d%m%Y).csv" + # REPORT_S3_LOCATION="${ReportBucket}" + + # cd /opt/prowler + # /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv + # aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/ + + # /opt/prowler/prowler -A "${!ACCOUNTS[$ENVIRONMENT]}" \ + # -R "application/${!ENVIRONMENT}-prowler-role" \ + # -T 10800 \ + # -m 500 \ + # -r ${AWS::Region} \ + # -E extra79,extra710,extra712,extra757,extra758,extra770,extra774 \ + # -b -q -M csv | tee -a $PROWLER_REPORT + + # Upload to S3 + # aws s3 cp $PROWLER_REPORT $REPORT_S3_LOCATION --sse + + # Send Slack notification + # message="Prowler scan for \`${!ENVIRONMENT}\` completed. Please check report from \`${!REPORT_S3_LOCATION}\`." + # aws events put-events --entries "[{\"Source\":\"myorg:slack\",\"DetailType\":\"hello\",\"Detail\":\"{\\\"username\\\":\\\"Prowler Scanner\\\",\\\"avatar\\\":\\\":aws:\\\",\\\"channel\\\":\\\"#t-fs-calabash\\\",\\\"text\\\":\\\"${!message}\\\"}\"}]" + + # Scale Down Auto Scaling Group + # aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0 + mode: '000755' + owner: root + group: root + Properties: + LaunchTemplateData: + SecurityGroupIds: !Ref SecurityGroupIds + MetadataOptions: + HttpEndpoint: enabled + HttpTokens: optional + TagSpecifications: + - ResourceType: instance + Tags: + - Key: Name + Value: !Ref 'AWS::StackName' + UserData: + Fn::Base64: !Sub | + #cloud-config + runcmd: + - while ! curl --connect-timeout 1 -s http://169.254.169.254/ > /dev/null; do echo "-- waiting for instance network to wake up ..."; done + - /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource Ec2InstanceLaunchTemplate --region ${AWS::Region} + - yum update -y + - yum install -y python3-pip git jq + - pip3 install detect-secrets + - git clone https://github.com/toniblyx/prowler.git /opt/prowler + - export AWS_DEFAULT_REGION=${AWS::Region} + - export REPORT_S3_LOCATION=${ReportBucket} + - export TOKEN=$(curl -s -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 360" "http://169.254.169.254/latest/api/token") + - export INSTANCE_ID=$(curl -s -H "X-aws-ec2-metadata-token:$TOKEN" "http://169.254.169.254/latest/meta-data/instance-id") + - export ASG_NAME=$(aws autoscaling describe-auto-scaling-instances --instance-ids $INSTANCE_ID --query 'AutoScalingInstances[0].AutoScalingGroupName' --output text) + - export ENVIRONMENT=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $ASG_NAME --query 'AutoScalingGroups[0].Tags[?Key==`ScanTarget`]|[0].Value' --output text) + - cd /opt/prowler + - /opt/prowler/prowler -f eu-west-1 -c check12 -M text,html,csv + - aws s3 cp --sse AES256 /opt/prowler/prowler/output/*.{html,csv} s3://$REPORT_S3_LOCATION/ + - aws autoscaling set-desired-capacity --auto-scaling-group-name $ASG_NAME --desired-capacity 0 + - /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource ASGroup --region ${AWS::Region} + InstanceInitiatedShutdownBehavior: terminate + IamInstanceProfile: + Name: !Ref InstanceProfile + KeyName: !Ref 'Ec2InstanceKeyName' + ImageId: !Ref 'Ec2ImageId' + InstanceType: !Ref ProwlerInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + Encrypted: true + KmsKeyId: alias/aws/ebs + VolumeType: standard + DeleteOnTermination: true + VolumeSize: 8 + InstanceMarketOptions: + MarketType: spot + SpotOptions: + SpotInstanceType: one-time + MaxPrice: 0.006 + + ProwlerAutoScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + UpdatePolicy: + AutoScalingReplacingUpdate: + WillReplace: true + Properties: + VPCZoneIdentifier: !Ref SubnetIds + LaunchTemplate: + LaunchTemplateId: !Ref 'Ec2InstanceLaunchTemplate' + Version: !GetAtt 'Ec2InstanceLaunchTemplate.LatestVersionNumber' + MinSize: 1 + MaxSize: 1 + HealthCheckGracePeriod: 300 + HealthCheckType: EC2 + Tags: + - Key: Name + Value: !Sub "${AWS::StackName}" + PropagateAtLaunch: true + + ProwlerScheduledScaleUp: + Type: AWS::AutoScaling::ScheduledAction + Properties: + AutoScalingGroupName: !Ref ProwlerAutoScalingGroup + DesiredCapacity: 1 + MaxSize: 1 + MinSize: 0 + Recurrence: !Ref ProwlerSchedule + +Outputs: + ReportBucket: + Description: Report Bucket Name + Value: !Ref 'ReportBucket' + Export: + Name: !Sub 'prowler-reports-${AWS::Region}-${AWS::AccountId}' \ No newline at end of file diff --git a/util/quicksight/create-data-source-cli-input.json b/util/quicksight/create-data-source-cli-input.json new file mode 100644 index 00000000..a65da2b7 --- /dev/null +++ b/util/quicksight/create-data-source-cli-input.json @@ -0,0 +1,217 @@ +{ + "AwsAccountId": "", + "DataSourceId": "", + "Name": "", + "Type": "SNOWFLAKE", + "DataSourceParameters": { + "AmazonElasticsearchParameters": { + "Domain": "" + }, + "AthenaParameters": { + "WorkGroup": "" + }, + "AuroraParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "AuroraPostgreSqlParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "AwsIotAnalyticsParameters": { + "DataSetName": "" + }, + "JiraParameters": { + "SiteBaseUrl": "" + }, + "MariaDbParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "MySqlParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "OracleParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "PostgreSqlParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "PrestoParameters": { + "Host": "", + "Port": 0, + "Catalog": "" + }, + "RdsParameters": { + "InstanceId": "", + "Database": "" + }, + "RedshiftParameters": { + "Host": "", + "Port": 0, + "Database": "", + "ClusterId": "" + }, + "S3Parameters": { + "ManifestFileLocation": { + "Bucket": "", + "Key": "" + } + }, + "ServiceNowParameters": { + "SiteBaseUrl": "" + }, + "SnowflakeParameters": { + "Host": "", + "Database": "", + "Warehouse": "" + }, + "SparkParameters": { + "Host": "", + "Port": 0 + }, + "SqlServerParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "TeradataParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "TwitterParameters": { + "Query": "", + "MaxRows": 0 + } + }, + "Credentials": { + "CredentialPair": { + "Username": "", + "Password": "", + "AlternateDataSourceParameters": [ + { + "AmazonElasticsearchParameters": { + "Domain": "" + }, + "AthenaParameters": { + "WorkGroup": "" + }, + "AuroraParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "AuroraPostgreSqlParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "AwsIotAnalyticsParameters": { + "DataSetName": "" + }, + "JiraParameters": { + "SiteBaseUrl": "" + }, + "MariaDbParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "MySqlParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "OracleParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "PostgreSqlParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "PrestoParameters": { + "Host": "", + "Port": 0, + "Catalog": "" + }, + "RdsParameters": { + "InstanceId": "", + "Database": "" + }, + "RedshiftParameters": { + "Host": "", + "Port": 0, + "Database": "", + "ClusterId": "" + }, + "S3Parameters": { + "ManifestFileLocation": { + "Bucket": "", + "Key": "" + } + }, + "ServiceNowParameters": { + "SiteBaseUrl": "" + }, + "SnowflakeParameters": { + "Host": "", + "Database": "", + "Warehouse": "" + }, + "SparkParameters": { + "Host": "", + "Port": 0 + }, + "SqlServerParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "TeradataParameters": { + "Host": "", + "Port": 0, + "Database": "" + }, + "TwitterParameters": { + "Query": "", + "MaxRows": 0 + } + } + ] + }, + "CopySourceArn": "" + }, + "Permissions": [ + { + "Principal": "", + "Actions": [ + "" + ] + } + ], + "VpcConnectionProperties": { + "VpcConnectionArn": "" + }, + "SslProperties": { + "DisableSsl": true + }, + "Tags": [ + { + "Key": "", + "Value": "" + } + ] +} diff --git a/util/quicksight/create-template-cli-input.json b/util/quicksight/create-template-cli-input.json new file mode 100644 index 00000000..ee3d3567 --- /dev/null +++ b/util/quicksight/create-template-cli-input.json @@ -0,0 +1,18 @@ +{ + "AwsAccountId": "951061203682", + "TemplateId": "DemoDashboardTemplate", + "Name": "Demo Dashboard Template", + "SourceEntity": { + "SourceAnalysis": { + "Arn": "arn:aws:quicksight:eu-west-1:951061203682:analysis/ e52808ac-43df-46c2-bde6-d08393effcf", + "DataSetReferences": [ + { + "DataSetPlaceholder": "DS1", + "DataSetArn": " arn:aws:quicksight:eu-west-1:951061203682:dataset/44767579-c881-42e7-bf4c-929af56bdc69" + } + ] + } + }, + "VersionDescription": "1" +} + diff --git a/util/quicksight/prowler-quicksight-datasource-manifest.json b/util/quicksight/prowler-quicksight-datasource-manifest.json new file mode 100644 index 00000000..0bc67c2c --- /dev/null +++ b/util/quicksight/prowler-quicksight-datasource-manifest.json @@ -0,0 +1,12 @@ +{ + "fileLocations": [{ + "URIPrefixes": [ + "https://s3-eu-west-1.amazonaws.com/prowler-ens-reports-eu-west-1-prowler-951061203682/" + ] + }], + "globalUploadSettings": { + "format": "CSV", + "delimiter": ",", + "containsHeader": "true" + } +} \ No newline at end of file