mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
begin transition to function-based output - starting with OK responses for check1*
This commit is contained in:
Ben Allen
98
prowler
98
prowler
@@ -316,6 +316,10 @@ infoReferenceShort(){
|
||||
echo -e " $NOTICE http://bit.ly/2g3PEf7$NORMAL"
|
||||
}
|
||||
|
||||
text_ok(){
|
||||
echo " $OK OK! $NORMAL $@"
|
||||
}
|
||||
|
||||
check11(){
|
||||
TITLE11="$BLUE 1.1$NORMAL Avoid the use of the root account (Scored). Last time root account was used
|
||||
(password last used, access_key_1_last_used, access_key_2_last_used): "
|
||||
@@ -337,7 +341,7 @@ check12(){
|
||||
echo -e " List of users with Password enabled but MFA disabled:"
|
||||
echo -e " $BAD WARNING! $COMMAND12 $NORMAL"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL No users found with Password enabled and MFA disabled"
|
||||
text_ok " No users found with Password enabled and MFA disabled"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -401,7 +405,7 @@ check15(){
|
||||
COMMAND15=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireUppercaseCharacters') # must be true
|
||||
echo -e "\n$TITLE15 "
|
||||
if [[ $COMMAND15 == "true" ]];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy requires upper case"
|
||||
else
|
||||
echo -e " $BAD WARNING! $NORMAL"
|
||||
fi
|
||||
@@ -412,7 +416,7 @@ check16(){
|
||||
COMMAND16=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireLowercaseCharacters') # must be true
|
||||
echo -e "\n$TITLE16 "
|
||||
if [[ $COMMAND16 == "true" ]];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy requires lower case"
|
||||
else
|
||||
echo -e " $BAD WARNING! $NORMAL"
|
||||
fi
|
||||
@@ -423,7 +427,7 @@ check17(){
|
||||
COMMAND17=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireSymbols') # must be true
|
||||
echo -e "\n$TITLE17 "
|
||||
if [[ $COMMAND17 == "true" ]];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy requires symbol"
|
||||
else
|
||||
echo -e " $BAD WARNING! $NORMAL"
|
||||
fi
|
||||
@@ -434,7 +438,7 @@ check18(){
|
||||
COMMAND18=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireNumbers') # must be true
|
||||
echo -e "\n$TITLE18 "
|
||||
if [[ $COMMAND18 == "true" ]];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy requires number"
|
||||
else
|
||||
echo -e " $BAD WARNING! $NORMAL"
|
||||
fi
|
||||
@@ -445,7 +449,7 @@ check19(){
|
||||
COMMAND19=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.MinimumPasswordLength')
|
||||
echo -e "\n$TITLE19 "
|
||||
if [[ $COMMAND19 -gt "13" ]];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy requires more than 13 characters"
|
||||
else
|
||||
echo -e " $BAD WARNING! $NORMAL"
|
||||
fi
|
||||
@@ -457,7 +461,7 @@ check110(){
|
||||
echo -e "\n$TITLE110 "
|
||||
if [[ $COMMAND110 ]];then
|
||||
if [[ $COMMAND110 -gt "23" ]];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy limits reuse"
|
||||
else
|
||||
echo -e " $BAD WARNING! It is not set or it is set lower than 24 $NORMAL"
|
||||
fi
|
||||
@@ -472,7 +476,7 @@ check111(){
|
||||
echo -e "\n$TITLE111 "
|
||||
if [[ $COMMAND111 ]];then
|
||||
if [ $COMMAND111 == "90" ];then
|
||||
echo -e " $OK OK! $NORMAL"
|
||||
text_ok "Password Policy includes expiration"
|
||||
fi
|
||||
else
|
||||
echo -e " $BAD WARNING! Passowrd expiration not set or set greater than 90 days $NORMAL"
|
||||
@@ -486,12 +490,12 @@ check112(){
|
||||
ROOTKEY2=$(cat $TEMP_REPORT_FILE |grep root_account|awk -F',' '{ print $14 }')
|
||||
echo -e "\n$TITLE112 "
|
||||
if [ $ROOTKEY1 == "false" ];then
|
||||
echo -e " $OK OK! $NORMAL No access key 1 found for root "
|
||||
text_ok "No access key 1 found for root"
|
||||
else
|
||||
echo -e " $BAD WARNING! Found access key 1 for root $NORMAL"
|
||||
fi
|
||||
if [ $ROOTKEY2 == "false" ];then
|
||||
echo -e " $OK OK! $NORMAL No access key 2 found for root "
|
||||
text_ok "No access key 2 found for root"
|
||||
else
|
||||
echo -e " $BAD WARNING! Found access key 2 for root $NORMAL"
|
||||
fi
|
||||
@@ -502,7 +506,7 @@ check113(){
|
||||
COMMAND113=$($AWSCLI iam get-account-summary --profile $PROFILE --region $REGION |grep AccountMFAEnabled | awk -F': ' '{ print $2 }'|sed 's/,//')
|
||||
echo -e "\n$TITLE113"
|
||||
if [ $COMMAND113 == "1" ]; then
|
||||
echo " $OK OK! $NORMAL Virtual MFA is enabled. "
|
||||
text_ok "Virtual MFA is enabled for root"
|
||||
else
|
||||
echo " $BAD WARNING! MFA is not ENABLED for root account $NORMAL"
|
||||
fi
|
||||
@@ -515,9 +519,9 @@ check114(){
|
||||
if [ $COMMAND113 == "1" ]; then
|
||||
COMMAND114=$($AWSCLI iam list-virtual-mfa-devices --profile $PROFILE --region $REGION --query 'VirtualMFADevices' --output text|grep :root |wc -l)
|
||||
if [ $COMMAND114 == "1" ]; then
|
||||
echo " $OK OK! $NORMAL Virtual MFA is enabled. "
|
||||
text_ok "Virtual MFA is enabled for root"
|
||||
else
|
||||
echo " $OK OK! $NORMAL Hardware MFA is enabled. "
|
||||
text_ok "Hardware MFA is enabled for root "
|
||||
fi
|
||||
else
|
||||
echo " $BAD WARNING! MFA is not ENABLED for root account $NORMAL"
|
||||
@@ -547,7 +551,7 @@ check116(){
|
||||
fi
|
||||
done
|
||||
if [[ $C116_NUM_USERS -eq 0 ]]; then
|
||||
echo -e " $OK OK! $NORMAL No policies attached to users."
|
||||
text_ok "No policies attached to users."
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -619,7 +623,7 @@ check122(){
|
||||
for policyarn in $SUPPORTPOLICYARN;do
|
||||
POLICYTOSHOW=$($AWSCLI iam list-entities-for-policy --policy-arn $SUPPORTPOLICYARN --profile $PROFILE --region $REGION --output text)
|
||||
if [[ $POLICYTOSHOW ]];then
|
||||
echo -e " $OK OK! $NORMAL $POLICYTOSHOW"
|
||||
text_ok "Support Policy attached to $POLICYTOSHOW"
|
||||
echo -e " $NOTICE Make sure your team can create a Support case with AWS $NORMAL"
|
||||
else
|
||||
echo -e " $BAD WARNING! Support Policy not applied to any Group, User or Role $NORMAL"
|
||||
@@ -641,7 +645,7 @@ check123(){
|
||||
echo -e " $NOTICE List of users with Access Key 1 never used:$NORMAL"
|
||||
echo -e " $NOTICE $LIST_USERS_KEY1_ACTIVE $NORMAL have never used Access Key 1"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL No users found with Access Key 1 never used"
|
||||
text_ok "No users found with Access Key 1 never used"
|
||||
fi
|
||||
# List of USERS with KEY2 last_used_date as N/A
|
||||
LIST_USERS_KEY2_NA=$(for user in $LIST_USERS; do grep $user $TEMP_REPORT_FILE|awk -F, '{ print $1,$16 }'|grep N/A |awk '{ print $1 }' ; done)
|
||||
@@ -650,7 +654,7 @@ check123(){
|
||||
echo -e " $NOTICE List of users with Access Key 2 never used:$NORMAL"
|
||||
echo -e " $NOTICE $LIST_USERS_KEY2_ACTIVE $NORMAL have never used Access Key 2"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL No users found with Access Key 2 never used"
|
||||
text_ok "No users found with Access Key 2 never used"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -673,10 +677,10 @@ check124(){
|
||||
echo " $NOTICE Policy $policy allows \"*:*\" $NORMAL"
|
||||
done
|
||||
else
|
||||
echo " $OK OK! $NORMAL No custom policy found that allow full \"*:*\" administrative privileges"
|
||||
text_ok "No custom policy found that allow full \"*:*\" administrative privileges"
|
||||
fi
|
||||
else
|
||||
echo " $OK OK! $NORMAL No custom policies found"
|
||||
text_ok "No custom policies found"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -690,7 +694,7 @@ check21(){
|
||||
if [[ $MULTIREGION_TRAIL_STATUS == 'False' ]];then
|
||||
echo -e " $BAD WARNING! $trail trail in $REGION is not enabled in multi region mode$NORMAL"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL $trail trail in $REGION is enabled for all regions"
|
||||
text_ok " $trail trail in $REGION is enabled for all regions"
|
||||
fi
|
||||
done
|
||||
else
|
||||
@@ -708,7 +712,7 @@ check22(){
|
||||
if [[ $LOGFILEVALIDATION_TRAIL_STATUS == 'False' ]];then
|
||||
echo -e " $BAD WARNING! $trail trail in $REGION has not log file validation enabled$NORMAL"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL $trail trail in $REGION has log file validation enabled"
|
||||
text_ok " $trail trail in $REGION has log file validation enabled"
|
||||
fi
|
||||
done
|
||||
else
|
||||
@@ -726,7 +730,7 @@ check23(){
|
||||
if [[ $CLOUDTRAILBUCKET_HASALLPERMISIONS ]];then
|
||||
echo -e " $BAD WARNING! check your $bucket CloudTrail bucket ACL and Policy!$NORMAL"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL Bucket $bucket is set correctly"
|
||||
text_ok " Bucket $bucket is set correctly"
|
||||
fi
|
||||
done
|
||||
else
|
||||
@@ -751,7 +755,7 @@ check24(){
|
||||
if [ $HOWOLDER -gt "1" ];then
|
||||
echo -e " $BAD WARNING! $trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)$NORMAL"
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL $trail trail has been logging during the last 24h (it is in $TRAIL_REGION)"
|
||||
text_ok " $trail trail has been logging during the last 24h (it is in $TRAIL_REGION)"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
@@ -766,7 +770,7 @@ check25(){
|
||||
for regx in $REGIONS; do
|
||||
CHECK_AWSCONFIG_STATUS=$($AWSCLI configservice get-status --profile $PROFILE --region $regx | grep "recorder: ON")
|
||||
if [[ $CHECK_AWSCONFIG_STATUS ]];then
|
||||
echo -e " $OK OK! $NORMAL Region $regx has AWS Config recorder: ON "
|
||||
text_ok " Region $regx has AWS Config recorder: ON "
|
||||
else
|
||||
echo -e " $BAD WARNING! Region $regx has AWS Config disabled or not configured$NORMAL"
|
||||
fi
|
||||
@@ -781,7 +785,7 @@ check26(){
|
||||
for bucket in $CLOUDTRAILBUCKET;do
|
||||
CLOUDTRAILBUCKET_LOGENABLED=$($AWSCLI s3api get-bucket-logging --bucket $bucket --profile $PROFILE --region $REGION --query 'LoggingEnabled.TargetBucket' --output text|grep -v None)
|
||||
if [[ $CLOUDTRAILBUCKET_LOGENABLED ]];then
|
||||
echo -e " $OK OK! $NORMAL It is enabled in $bucket"
|
||||
text_ok " It is enabled in $bucket"
|
||||
else
|
||||
echo -e " $BAD WARNING! access logging is not enabled in $bucket CloudTrail S3 bucket!$NORMAL"
|
||||
fi
|
||||
@@ -799,7 +803,7 @@ check27(){
|
||||
for trail in $CLOUDTRAILNAME;do
|
||||
CLOUDTRAILENC_ENABLED=$($AWSCLI cloudtrail describe-trails --profile $PROFILE --region $REGION --trail $trail --query 'trailList[*].KmsKeyId' --output text)
|
||||
if [[ $CLOUDTRAILENC_ENABLED ]];then
|
||||
echo -e " $OK OK! $NORMAL KMS key found for $trail"
|
||||
text_ok " KMS key found for $trail"
|
||||
else
|
||||
echo -e " $BAD WARNING! encryption is not enabled in your CloudTrail trail $trail, KMS key not found!$NORMAL"
|
||||
fi
|
||||
@@ -819,12 +823,12 @@ check28(){
|
||||
for key in $CHECK_KMS_KEYLIST_NO_DEFAULT; do
|
||||
CHECK_KMS_KEY_TYPE=$($AWSCLI kms describe-key --key-id $key --profile $PROFILE --region $regx --query 'KeyMetadata.Origin' | sed 's/["]//g')
|
||||
if [[ $CHECK_KMS_KEY_TYPE == "EXTERNAL" ]];then
|
||||
echo -e " $OK OK! $NORMAL Key $key in Region $regx Customer Uploaded Key Material."
|
||||
text_ok " Key $key in Region $regx Customer Uploaded Key Material."
|
||||
else
|
||||
CHECK_KMS_KEY_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key --profile $PROFILE --region $regx --output text)
|
||||
#CHECK_KMS_DEFAULT_KEY=$($AWSCLI kms describe-key --key-id $key --profile $PROFILE --region $regx --query 'KeyMetadata.Description' | sed -n '/Default master key that protects my ACM private keys when no other key is defined /p'|| echo "False")
|
||||
if [[ $CHECK_KMS_KEY_ROTATION == "True" ]];then
|
||||
echo -e " $OK OK! $NORMAL Key $key in Region $regx is set correctly"
|
||||
text_ok " Key $key in Region $regx is set correctly"
|
||||
elif [[ $CHECK_KMS_KEY_ROTATION == "False" && $CHECK_KMS_DEFAULT_KEY ]];then
|
||||
echo -e " $NOTICE Region $regx key $key is an AWS default master key and cannot be deleted nor modified.$NORMAL"
|
||||
else
|
||||
@@ -846,7 +850,7 @@ check31(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep AccessDenied)
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for Access Denied enabled"
|
||||
text_ok " CloudWatch group found, and metric filters for Access Denied enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -862,7 +866,7 @@ check32(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'userIdentity.sessionContext.attributes.mfaAuthenticated.*true')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for sign-in Console without MFA enabled"
|
||||
text_ok " CloudWatch group found, and metric filters for sign-in Console without MFA enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -878,7 +882,7 @@ check33(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION |grep -E 'userIdentity.*Root.*AwsServiceEvent')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for usage of root account enabled"
|
||||
text_ok " CloudWatch group found, and metric filters for usage of root account enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -894,7 +898,7 @@ check34(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'DeleteGroupPolicy.*DeleteRolePolicy.*DeleteUserPolicy.*PutGroupPolicy.*PutRolePolicy.*PutUserPolicy.*CreatePolicy.*DeletePolicy.*CreatePolicyVersion.*DeletePolicyVersion.*AttachRolePolicy.*DetachRolePolicy.*AttachUserPolicy.*DetachUserPolicy.*AttachGroupPolicy.*DetachGroupPolicy')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for IAM policy changes enabled"
|
||||
text_ok " CloudWatch group found, and metric filters for IAM policy changes enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -910,7 +914,7 @@ check35(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateTrail.*UpdateTrail.*DeleteTrail.*StartLogging.*StopLogging')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for CloudTrail configuration changes enabled"
|
||||
text_ok " CloudWatch group found, and metric filters for CloudTrail configuration changes enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -926,7 +930,7 @@ check36(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'ConsoleLogin.*Failed')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for usage of root account enabled"
|
||||
text_ok " CloudWatch group found, and metric filters for usage of root account enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -942,7 +946,7 @@ check37(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'kms.amazonaws.com.*DisableKey.*ScheduleKeyDeletion')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -958,7 +962,7 @@ check38(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 's3.amazonaws.com.*PutBucketAcl.*PutBucketPolicy.*PutBucketCors.*PutBucketLifecycle.*PutBucketReplication.*DeleteBucketPolicy.*DeleteBucketCors.*DeleteBucketLifecycle.*DeleteBucketReplication')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -974,7 +978,7 @@ check39(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'config.amazonaws.com.*StopConfigurationRecorder.*DeleteDeliveryChannel.*PutDeliveryChannel.*PutConfigurationRecorder')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -990,7 +994,7 @@ check310(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'AuthorizeSecurityGroupIngress.*AuthorizeSecurityGroupEgress.*RevokeSecurityGroupIngress.*RevokeSecurityGroupEgress.*CreateSecurityGroup.*DeleteSecurityGroup')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -1006,7 +1010,7 @@ check311(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateNetworkAcl.*CreateNetworkAclEntry.*DeleteNetworkAcl.*DeleteNetworkAclEntry.*ReplaceNetworkAclEntry.*ReplaceNetworkAclAssociation')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -1022,7 +1026,7 @@ check312(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateCustomerGateway.*DeleteCustomerGateway.*AttachInternetGateway.*CreateInternetGateway.*DeleteInternetGateway.*DetachInternetGateway')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -1038,7 +1042,7 @@ check313(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateRoute.*CreateRouteTable.*ReplaceRoute.*ReplaceRouteTableAssociation.*DeleteRouteTable.*DeleteRoute.*DisassociateRouteTable')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -1054,7 +1058,7 @@ check314(){
|
||||
if [[ $CLOUDWATCH_GROUP ]];then
|
||||
METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateVpc.*DeleteVpc.*ModifyVpcAttribute.*AcceptVpcPeeringConnection.*CreateVpcPeeringConnection.*DeleteVpcPeeringConnection.*RejectVpcPeeringConnection.*AttachClassicLinkVpc.*DetachClassicLinkVpc.*DisableVpcClassicLink.*EnableVpcClassicLink')
|
||||
if [[ $METRICFILTER_SET ]];then
|
||||
echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled"
|
||||
text_ok " CloudWatch group found, and metric filters enabled"
|
||||
else
|
||||
echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL"
|
||||
fi
|
||||
@@ -1096,7 +1100,7 @@ check41(){
|
||||
echo -e " $BAD WARNING! Found Security Group: $SG open to 0.0.0.0/0 in Region $regx $NORMAL "
|
||||
done
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0 "
|
||||
text_ok " No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0 "
|
||||
fi
|
||||
done
|
||||
}
|
||||
@@ -1111,7 +1115,7 @@ check42(){
|
||||
echo -e " $BAD WARNING! Found Security Group: $SG open to 0.0.0.0/0 in Region $regx $NORMAL "
|
||||
done
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0 "
|
||||
text_ok " No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0 "
|
||||
fi
|
||||
done
|
||||
}
|
||||
@@ -1123,7 +1127,7 @@ check43(){
|
||||
CHECK_FL=$($AWSCLI ec2 describe-flow-logs --profile $PROFILE --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].LogGroupName' --output text)
|
||||
if [[ $CHECK_FL ]];then
|
||||
for FL in $CHECK_FL;do
|
||||
echo -e " $OK OK! $NORMAL VPCFlowLog is enabled for LogGroupName: $FL in Region $regx "
|
||||
text_ok " VPCFlowLog is enabled for LogGroupName: $FL in Region $regx "
|
||||
done
|
||||
else
|
||||
echo -e " $BAD WARNING! No VPCFlowLog has been found in Region $regx $NORMAL "
|
||||
@@ -1139,7 +1143,7 @@ check44(){
|
||||
if [[ $CHECK_SGDEFAULT ]];then
|
||||
echo -e " $BAD WARNING! Default Security Groups found that allow 0.0.0.0 IN or OUT traffic in Region $regx $NORMAL "
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL No Default Security Groups open to 0.0.0.0 found in Region $regx "
|
||||
text_ok " No Default Security Groups open to 0.0.0.0 found in Region $regx "
|
||||
fi
|
||||
done
|
||||
}
|
||||
@@ -1160,7 +1164,7 @@ check45(){
|
||||
# done
|
||||
#echo $VPCS_WITH_PEERING
|
||||
else
|
||||
echo -e " $OK OK! $NORMAL $regx: No VPC peering found "
|
||||
text_ok " $regx: No VPC peering found "
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user