diff --git a/prowler b/prowler index 4a217361..af3d7187 100755 --- a/prowler +++ b/prowler @@ -316,6 +316,10 @@ infoReferenceShort(){ echo -e " $NOTICE http://bit.ly/2g3PEf7$NORMAL" } +text_ok(){ + echo " $OK OK! $NORMAL $@" +} + check11(){ TITLE11="$BLUE 1.1$NORMAL Avoid the use of the root account (Scored). Last time root account was used (password last used, access_key_1_last_used, access_key_2_last_used): " @@ -337,7 +341,7 @@ check12(){ echo -e " List of users with Password enabled but MFA disabled:" echo -e " $BAD WARNING! $COMMAND12 $NORMAL" else - echo -e " $OK OK! $NORMAL No users found with Password enabled and MFA disabled" + text_ok " No users found with Password enabled and MFA disabled" fi } @@ -401,7 +405,7 @@ check15(){ COMMAND15=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireUppercaseCharacters') # must be true echo -e "\n$TITLE15 " if [[ $COMMAND15 == "true" ]];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy requires upper case" else echo -e " $BAD WARNING! $NORMAL" fi @@ -412,7 +416,7 @@ check16(){ COMMAND16=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireLowercaseCharacters') # must be true echo -e "\n$TITLE16 " if [[ $COMMAND16 == "true" ]];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy requires lower case" else echo -e " $BAD WARNING! $NORMAL" fi @@ -423,7 +427,7 @@ check17(){ COMMAND17=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireSymbols') # must be true echo -e "\n$TITLE17 " if [[ $COMMAND17 == "true" ]];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy requires symbol" else echo -e " $BAD WARNING! $NORMAL" fi @@ -434,7 +438,7 @@ check18(){ COMMAND18=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.RequireNumbers') # must be true echo -e "\n$TITLE18 " if [[ $COMMAND18 == "true" ]];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy requires number" else echo -e " $BAD WARNING! $NORMAL" fi @@ -445,7 +449,7 @@ check19(){ COMMAND19=$($AWSCLI iam get-account-password-policy --profile $PROFILE --region $REGION --query 'PasswordPolicy.MinimumPasswordLength') echo -e "\n$TITLE19 " if [[ $COMMAND19 -gt "13" ]];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy requires more than 13 characters" else echo -e " $BAD WARNING! $NORMAL" fi @@ -457,7 +461,7 @@ check110(){ echo -e "\n$TITLE110 " if [[ $COMMAND110 ]];then if [[ $COMMAND110 -gt "23" ]];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy limits reuse" else echo -e " $BAD WARNING! It is not set or it is set lower than 24 $NORMAL" fi @@ -472,7 +476,7 @@ check111(){ echo -e "\n$TITLE111 " if [[ $COMMAND111 ]];then if [ $COMMAND111 == "90" ];then - echo -e " $OK OK! $NORMAL" + text_ok "Password Policy includes expiration" fi else echo -e " $BAD WARNING! Passowrd expiration not set or set greater than 90 days $NORMAL" @@ -486,12 +490,12 @@ check112(){ ROOTKEY2=$(cat $TEMP_REPORT_FILE |grep root_account|awk -F',' '{ print $14 }') echo -e "\n$TITLE112 " if [ $ROOTKEY1 == "false" ];then - echo -e " $OK OK! $NORMAL No access key 1 found for root " + text_ok "No access key 1 found for root" else echo -e " $BAD WARNING! Found access key 1 for root $NORMAL" fi if [ $ROOTKEY2 == "false" ];then - echo -e " $OK OK! $NORMAL No access key 2 found for root " + text_ok "No access key 2 found for root" else echo -e " $BAD WARNING! Found access key 2 for root $NORMAL" fi @@ -502,7 +506,7 @@ check113(){ COMMAND113=$($AWSCLI iam get-account-summary --profile $PROFILE --region $REGION |grep AccountMFAEnabled | awk -F': ' '{ print $2 }'|sed 's/,//') echo -e "\n$TITLE113" if [ $COMMAND113 == "1" ]; then - echo " $OK OK! $NORMAL Virtual MFA is enabled. " + text_ok "Virtual MFA is enabled for root" else echo " $BAD WARNING! MFA is not ENABLED for root account $NORMAL" fi @@ -515,9 +519,9 @@ check114(){ if [ $COMMAND113 == "1" ]; then COMMAND114=$($AWSCLI iam list-virtual-mfa-devices --profile $PROFILE --region $REGION --query 'VirtualMFADevices' --output text|grep :root |wc -l) if [ $COMMAND114 == "1" ]; then - echo " $OK OK! $NORMAL Virtual MFA is enabled. " + text_ok "Virtual MFA is enabled for root" else - echo " $OK OK! $NORMAL Hardware MFA is enabled. " + text_ok "Hardware MFA is enabled for root " fi else echo " $BAD WARNING! MFA is not ENABLED for root account $NORMAL" @@ -547,7 +551,7 @@ check116(){ fi done if [[ $C116_NUM_USERS -eq 0 ]]; then - echo -e " $OK OK! $NORMAL No policies attached to users." + text_ok "No policies attached to users." fi } @@ -619,7 +623,7 @@ check122(){ for policyarn in $SUPPORTPOLICYARN;do POLICYTOSHOW=$($AWSCLI iam list-entities-for-policy --policy-arn $SUPPORTPOLICYARN --profile $PROFILE --region $REGION --output text) if [[ $POLICYTOSHOW ]];then - echo -e " $OK OK! $NORMAL $POLICYTOSHOW" + text_ok "Support Policy attached to $POLICYTOSHOW" echo -e " $NOTICE Make sure your team can create a Support case with AWS $NORMAL" else echo -e " $BAD WARNING! Support Policy not applied to any Group, User or Role $NORMAL" @@ -641,7 +645,7 @@ check123(){ echo -e " $NOTICE List of users with Access Key 1 never used:$NORMAL" echo -e " $NOTICE $LIST_USERS_KEY1_ACTIVE $NORMAL have never used Access Key 1" else - echo -e " $OK OK! $NORMAL No users found with Access Key 1 never used" + text_ok "No users found with Access Key 1 never used" fi # List of USERS with KEY2 last_used_date as N/A LIST_USERS_KEY2_NA=$(for user in $LIST_USERS; do grep $user $TEMP_REPORT_FILE|awk -F, '{ print $1,$16 }'|grep N/A |awk '{ print $1 }' ; done) @@ -650,7 +654,7 @@ check123(){ echo -e " $NOTICE List of users with Access Key 2 never used:$NORMAL" echo -e " $NOTICE $LIST_USERS_KEY2_ACTIVE $NORMAL have never used Access Key 2" else - echo -e " $OK OK! $NORMAL No users found with Access Key 2 never used" + text_ok "No users found with Access Key 2 never used" fi } @@ -673,10 +677,10 @@ check124(){ echo " $NOTICE Policy $policy allows \"*:*\" $NORMAL" done else - echo " $OK OK! $NORMAL No custom policy found that allow full \"*:*\" administrative privileges" + text_ok "No custom policy found that allow full \"*:*\" administrative privileges" fi else - echo " $OK OK! $NORMAL No custom policies found" + text_ok "No custom policies found" fi } @@ -690,7 +694,7 @@ check21(){ if [[ $MULTIREGION_TRAIL_STATUS == 'False' ]];then echo -e " $BAD WARNING! $trail trail in $REGION is not enabled in multi region mode$NORMAL" else - echo -e " $OK OK! $NORMAL $trail trail in $REGION is enabled for all regions" + text_ok " $trail trail in $REGION is enabled for all regions" fi done else @@ -708,7 +712,7 @@ check22(){ if [[ $LOGFILEVALIDATION_TRAIL_STATUS == 'False' ]];then echo -e " $BAD WARNING! $trail trail in $REGION has not log file validation enabled$NORMAL" else - echo -e " $OK OK! $NORMAL $trail trail in $REGION has log file validation enabled" + text_ok " $trail trail in $REGION has log file validation enabled" fi done else @@ -726,7 +730,7 @@ check23(){ if [[ $CLOUDTRAILBUCKET_HASALLPERMISIONS ]];then echo -e " $BAD WARNING! check your $bucket CloudTrail bucket ACL and Policy!$NORMAL" else - echo -e " $OK OK! $NORMAL Bucket $bucket is set correctly" + text_ok " Bucket $bucket is set correctly" fi done else @@ -751,7 +755,7 @@ check24(){ if [ $HOWOLDER -gt "1" ];then echo -e " $BAD WARNING! $trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)$NORMAL" else - echo -e " $OK OK! $NORMAL $trail trail has been logging during the last 24h (it is in $TRAIL_REGION)" + text_ok " $trail trail has been logging during the last 24h (it is in $TRAIL_REGION)" fi fi done @@ -766,7 +770,7 @@ check25(){ for regx in $REGIONS; do CHECK_AWSCONFIG_STATUS=$($AWSCLI configservice get-status --profile $PROFILE --region $regx | grep "recorder: ON") if [[ $CHECK_AWSCONFIG_STATUS ]];then - echo -e " $OK OK! $NORMAL Region $regx has AWS Config recorder: ON " + text_ok " Region $regx has AWS Config recorder: ON " else echo -e " $BAD WARNING! Region $regx has AWS Config disabled or not configured$NORMAL" fi @@ -781,7 +785,7 @@ check26(){ for bucket in $CLOUDTRAILBUCKET;do CLOUDTRAILBUCKET_LOGENABLED=$($AWSCLI s3api get-bucket-logging --bucket $bucket --profile $PROFILE --region $REGION --query 'LoggingEnabled.TargetBucket' --output text|grep -v None) if [[ $CLOUDTRAILBUCKET_LOGENABLED ]];then - echo -e " $OK OK! $NORMAL It is enabled in $bucket" + text_ok " It is enabled in $bucket" else echo -e " $BAD WARNING! access logging is not enabled in $bucket CloudTrail S3 bucket!$NORMAL" fi @@ -799,7 +803,7 @@ check27(){ for trail in $CLOUDTRAILNAME;do CLOUDTRAILENC_ENABLED=$($AWSCLI cloudtrail describe-trails --profile $PROFILE --region $REGION --trail $trail --query 'trailList[*].KmsKeyId' --output text) if [[ $CLOUDTRAILENC_ENABLED ]];then - echo -e " $OK OK! $NORMAL KMS key found for $trail" + text_ok " KMS key found for $trail" else echo -e " $BAD WARNING! encryption is not enabled in your CloudTrail trail $trail, KMS key not found!$NORMAL" fi @@ -819,12 +823,12 @@ check28(){ for key in $CHECK_KMS_KEYLIST_NO_DEFAULT; do CHECK_KMS_KEY_TYPE=$($AWSCLI kms describe-key --key-id $key --profile $PROFILE --region $regx --query 'KeyMetadata.Origin' | sed 's/["]//g') if [[ $CHECK_KMS_KEY_TYPE == "EXTERNAL" ]];then - echo -e " $OK OK! $NORMAL Key $key in Region $regx Customer Uploaded Key Material." + text_ok " Key $key in Region $regx Customer Uploaded Key Material." else CHECK_KMS_KEY_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key --profile $PROFILE --region $regx --output text) #CHECK_KMS_DEFAULT_KEY=$($AWSCLI kms describe-key --key-id $key --profile $PROFILE --region $regx --query 'KeyMetadata.Description' | sed -n '/Default master key that protects my ACM private keys when no other key is defined /p'|| echo "False") if [[ $CHECK_KMS_KEY_ROTATION == "True" ]];then - echo -e " $OK OK! $NORMAL Key $key in Region $regx is set correctly" + text_ok " Key $key in Region $regx is set correctly" elif [[ $CHECK_KMS_KEY_ROTATION == "False" && $CHECK_KMS_DEFAULT_KEY ]];then echo -e " $NOTICE Region $regx key $key is an AWS default master key and cannot be deleted nor modified.$NORMAL" else @@ -846,7 +850,7 @@ check31(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep AccessDenied) if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for Access Denied enabled" + text_ok " CloudWatch group found, and metric filters for Access Denied enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -862,7 +866,7 @@ check32(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'userIdentity.sessionContext.attributes.mfaAuthenticated.*true') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for sign-in Console without MFA enabled" + text_ok " CloudWatch group found, and metric filters for sign-in Console without MFA enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -878,7 +882,7 @@ check33(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION |grep -E 'userIdentity.*Root.*AwsServiceEvent') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for usage of root account enabled" + text_ok " CloudWatch group found, and metric filters for usage of root account enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -894,7 +898,7 @@ check34(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'DeleteGroupPolicy.*DeleteRolePolicy.*DeleteUserPolicy.*PutGroupPolicy.*PutRolePolicy.*PutUserPolicy.*CreatePolicy.*DeletePolicy.*CreatePolicyVersion.*DeletePolicyVersion.*AttachRolePolicy.*DetachRolePolicy.*AttachUserPolicy.*DetachUserPolicy.*AttachGroupPolicy.*DetachGroupPolicy') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for IAM policy changes enabled" + text_ok " CloudWatch group found, and metric filters for IAM policy changes enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -910,7 +914,7 @@ check35(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateTrail.*UpdateTrail.*DeleteTrail.*StartLogging.*StopLogging') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for CloudTrail configuration changes enabled" + text_ok " CloudWatch group found, and metric filters for CloudTrail configuration changes enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -926,7 +930,7 @@ check36(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'ConsoleLogin.*Failed') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters for usage of root account enabled" + text_ok " CloudWatch group found, and metric filters for usage of root account enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -942,7 +946,7 @@ check37(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'kms.amazonaws.com.*DisableKey.*ScheduleKeyDeletion') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -958,7 +962,7 @@ check38(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 's3.amazonaws.com.*PutBucketAcl.*PutBucketPolicy.*PutBucketCors.*PutBucketLifecycle.*PutBucketReplication.*DeleteBucketPolicy.*DeleteBucketCors.*DeleteBucketLifecycle.*DeleteBucketReplication') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -974,7 +978,7 @@ check39(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'config.amazonaws.com.*StopConfigurationRecorder.*DeleteDeliveryChannel.*PutDeliveryChannel.*PutConfigurationRecorder') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -990,7 +994,7 @@ check310(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'AuthorizeSecurityGroupIngress.*AuthorizeSecurityGroupEgress.*RevokeSecurityGroupIngress.*RevokeSecurityGroupEgress.*CreateSecurityGroup.*DeleteSecurityGroup') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -1006,7 +1010,7 @@ check311(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateNetworkAcl.*CreateNetworkAclEntry.*DeleteNetworkAcl.*DeleteNetworkAclEntry.*ReplaceNetworkAclEntry.*ReplaceNetworkAclAssociation') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -1022,7 +1026,7 @@ check312(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateCustomerGateway.*DeleteCustomerGateway.*AttachInternetGateway.*CreateInternetGateway.*DeleteInternetGateway.*DetachInternetGateway') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -1038,7 +1042,7 @@ check313(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateRoute.*CreateRouteTable.*ReplaceRoute.*ReplaceRouteTableAssociation.*DeleteRouteTable.*DeleteRoute.*DisassociateRouteTable') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -1054,7 +1058,7 @@ check314(){ if [[ $CLOUDWATCH_GROUP ]];then METRICFILTER_SET=$($AWSCLI logs describe-metric-filters --log-group-name $CLOUDWATCH_GROUP --profile $PROFILE --region $REGION --query 'metricFilters' | grep -E 'CreateVpc.*DeleteVpc.*ModifyVpcAttribute.*AcceptVpcPeeringConnection.*CreateVpcPeeringConnection.*DeleteVpcPeeringConnection.*RejectVpcPeeringConnection.*AttachClassicLinkVpc.*DetachClassicLinkVpc.*DisableVpcClassicLink.*EnableVpcClassicLink') if [[ $METRICFILTER_SET ]];then - echo -e " $OK OK! $NORMAL CloudWatch group found, and metric filters enabled" + text_ok " CloudWatch group found, and metric filters enabled" else echo -e " $BAD WARNING! CloudWatch group found, but no metric filters or alarms associated$NORMAL" fi @@ -1096,7 +1100,7 @@ check41(){ echo -e " $BAD WARNING! Found Security Group: $SG open to 0.0.0.0/0 in Region $regx $NORMAL " done else - echo -e " $OK OK! $NORMAL No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0 " + text_ok " No Security Groups found in $regx with port 22 TCP open to 0.0.0.0/0 " fi done } @@ -1111,7 +1115,7 @@ check42(){ echo -e " $BAD WARNING! Found Security Group: $SG open to 0.0.0.0/0 in Region $regx $NORMAL " done else - echo -e " $OK OK! $NORMAL No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0 " + text_ok " No Security Groups found in $regx with port 3389 TCP open to 0.0.0.0/0 " fi done } @@ -1123,7 +1127,7 @@ check43(){ CHECK_FL=$($AWSCLI ec2 describe-flow-logs --profile $PROFILE --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].LogGroupName' --output text) if [[ $CHECK_FL ]];then for FL in $CHECK_FL;do - echo -e " $OK OK! $NORMAL VPCFlowLog is enabled for LogGroupName: $FL in Region $regx " + text_ok " VPCFlowLog is enabled for LogGroupName: $FL in Region $regx " done else echo -e " $BAD WARNING! No VPCFlowLog has been found in Region $regx $NORMAL " @@ -1139,7 +1143,7 @@ check44(){ if [[ $CHECK_SGDEFAULT ]];then echo -e " $BAD WARNING! Default Security Groups found that allow 0.0.0.0 IN or OUT traffic in Region $regx $NORMAL " else - echo -e " $OK OK! $NORMAL No Default Security Groups open to 0.0.0.0 found in Region $regx " + text_ok " No Default Security Groups open to 0.0.0.0 found in Region $regx " fi done } @@ -1160,7 +1164,7 @@ check45(){ # done #echo $VPCS_WITH_PEERING else - echo -e " $OK OK! $NORMAL $regx: No VPC peering found " + text_ok " $regx: No VPC peering found " fi done }