diff --git a/contrib/cloud9/cloud9-installation.sh b/contrib/cloud9/cloud9-installation.sh new file mode 100644 index 00000000..165acbdd --- /dev/null +++ b/contrib/cloud9/cloud9-installation.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# Install system dependencies +sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc +# Upgrade to Python 3.9 +cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz +tar zxf Python-3.9.13.tgz +cd Python-3.9.13/ || exit +./configure --enable-optimizations +sudo make altinstall +python3.9 --version +# Install Prowler +cd ~ || exit +python3.9 -m pip install prowler-cloud +prowler -v +# Run Prowler +prowler diff --git a/contrib/cloudshell/README.md b/contrib/cloudshell/README.md deleted file mode 100644 index 48b965d1..00000000 --- a/contrib/cloudshell/README.md +++ /dev/null @@ -1,57 +0,0 @@ -# ShortCut script: run Prowler and ScoutSuite in Customer's environment using AWS CloudShell - -### Use Case: - -Customers look to use multiple auditing tools in order to provide quick assessments about their AWS environments. These tools allow for reports to be generated for review by the customer and appropriate teams, which in turns helps them begin security remediation efforts. - -Prowler and ScoutSuite are two publicly available security auditing tools that provide comprehensive reports for customers using AWS. - -ShortCut is a mechanism for customers to use to run both Prowler and ScoutSuite within an AWS account, using AWS CloudShell. When customers use ShortCut, this allows for customers to quickly perform an audit on their environment, without having to provision IAM Access Keys or EC2 instances. - -### Prerequisites: - -Note: The current version of this script is ran in a single account. - -In order to use CloudShell, the customer will need the following permissions within their AWS Account: -``` -cloudshell:* -``` - -In addition, the following IAM Policies are needed in order to run ScoutSuite & Prowler: -``` -arn:aws:iam::aws:policy/SecurityAudit -arn:aws:iam::aws:policy/job-function/ViewOnlyAccess -``` - -### Instructions -1. Log into the AWS Console -2. Go to AWS CloudShell. There's a screenshot of the AWS CloudShell icon below, or if you're logged into AWS already, you can click this link: console.aws.amazon.com/cloudshell - -![Alt text](screenshots/cloudshell_icon.png) - -3. Once the session begins, upload the shortcut.sh file into the AWS CloudShell session by selecting Actions -> Upload File. - -![Alt text](screenshots/action_upload_icon.png) - -4. Once the file is uploaded, run the following command within your AWS CloudShell session: -``` -bash shortcut.sh -``` -5. The results for Prowler and ScoutSuite will be located in the following directory: -``` -/home/cloudshell-user/-results -``` -6. You can check the status of each screen session by typing the following commands: -``` -# Prowler: -screen -r prowler -# ScoutSuite -screen -r scoutsuite -``` -7. To download the results from AWS CloudShell, select Actions -> Download File. - -![Alt text](screenshots/action_download_icon.png) - -8. In the Download File prompt, use the file path and file name to download the results. - -![Alt text](screenshots/download_prompt.png) diff --git a/contrib/cloudshell/cloudshell-installation.sh b/contrib/cloudshell/cloudshell-installation.sh new file mode 100644 index 00000000..165acbdd --- /dev/null +++ b/contrib/cloudshell/cloudshell-installation.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# Install system dependencies +sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc +# Upgrade to Python 3.9 +cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz +tar zxf Python-3.9.13.tgz +cd Python-3.9.13/ || exit +./configure --enable-optimizations +sudo make altinstall +python3.9 --version +# Install Prowler +cd ~ || exit +python3.9 -m pip install prowler-cloud +prowler -v +# Run Prowler +prowler diff --git a/contrib/cloudshell/screenshots/action_download_icon.png b/contrib/cloudshell/screenshots/action_download_icon.png deleted file mode 100644 index f8bed6ed..00000000 Binary files a/contrib/cloudshell/screenshots/action_download_icon.png and /dev/null differ diff --git a/contrib/cloudshell/screenshots/action_upload_icon.png b/contrib/cloudshell/screenshots/action_upload_icon.png deleted file mode 100644 index 8784053a..00000000 Binary files a/contrib/cloudshell/screenshots/action_upload_icon.png and /dev/null differ diff --git a/contrib/cloudshell/screenshots/cloudshell_icon.png b/contrib/cloudshell/screenshots/cloudshell_icon.png deleted file mode 100644 index 4c520ac4..00000000 Binary files a/contrib/cloudshell/screenshots/cloudshell_icon.png and /dev/null differ diff --git a/contrib/cloudshell/screenshots/download_prompt.png b/contrib/cloudshell/screenshots/download_prompt.png deleted file mode 100644 index fd5eac35..00000000 Binary files a/contrib/cloudshell/screenshots/download_prompt.png and /dev/null differ diff --git a/contrib/cloudshell/shortcut.sh b/contrib/cloudshell/shortcut.sh deleted file mode 100644 index c404ea68..00000000 --- a/contrib/cloudshell/shortcut.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# ShortCut - Run Prowler and ScoutSuite in Customer's environment using AWS CloudShell -# DozerCat - Team DragonCat - AWS - -# Package Prerequisites -sudo yum update -y -sudo yum install python3 -y -sudo yum install screen -y -sudo yum install zip -y - -# Variable and Environment Prerequisites -account=$(aws sts get-caller-identity | jq --raw-output '.Account') -mkdir ${account}-results - -# Prowler -cd ~ -git clone https://github.com/prowler-cloud/prowler -pip3 install detect-secrets --user -cd prowler -screen -dmS prowler sh -c "./prowler -M csv,html;cd ~;zip -r ${account}-results/prowler-${account}.zip /home/cloudshell-user/prowler/output" - -# ScoutSuite -cd ~ -git clone https://github.com/nccgroup/ScoutSuite -cd ScoutSuite -sudo yum install python-pip -y -sudo pip install virtualenv -virtualenv -p python3 venv -source venv/bin/activate -pip install -r requirements.txt -sleep 2 -screen -dmS scoutsuite sh -c "python scout.py aws;cd ~;zip -r ${account}-results/scoutsuite-${account}.zip /home/cloudshell-user/ScoutSuite/scoutsuite-report" - -# Check on screen sessions -screen -ls diff --git a/contrib/codebuild/codebuild-prowler-audit-account-cfn.yaml b/contrib/codebuild/codebuild-prowlerv2-audit-account-cfn.yaml similarity index 97% rename from contrib/codebuild/codebuild-prowler-audit-account-cfn.yaml rename to contrib/codebuild/codebuild-prowlerv2-audit-account-cfn.yaml index b8a00a40..30961205 100644 --- a/contrib/codebuild/codebuild-prowler-audit-account-cfn.yaml +++ b/contrib/codebuild/codebuild-prowlerv2-audit-account-cfn.yaml @@ -1,6 +1,6 @@ --- AWSTemplateFormatVersion: 2010-09-09 -Description: Creates a CodeBuild project to audit an AWS account with Prowler and stores the html report in a S3 bucket. This will run onece at the beginning and on a schedule afterwards. Partial contribution from https://github.com/stevecjones +Description: Creates a CodeBuild project to audit an AWS account with Prowler Version 2 and stores the html report in a S3 bucket. This will run onece at the beginning and on a schedule afterwards. Partial contribution from https://github.com/stevecjones Parameters: ServiceName: Description: 'Specifies the service name used within component naming' @@ -17,7 +17,7 @@ Parameters: Description: 'Options to pass to Prowler command, make sure at least -M junit-xml is used for CodeBuild reports. Use -r for the region to send API queries, -f to filter only one region, -M output formats, -c for comma separated checks, for all checks do not use -c or -g, for more options see -h. For a complete assessment use "-M text,junit-xml,html,csv,json", for SecurityHub integration use "-r region -f region -M text,junit-xml,html,csv,json,json-asff -S -q"' Type: String # Prowler command below runs a set of checks, configure it base on your needs, no options will run all regions all checks. - # option -M junit-xml is requirede in order to get the report in CodeBuild. + # option -M junit-xml is required in order to get the report in CodeBuild. Default: -r eu-west-1 -f eu-west-1 -M text,junit-xml,html,csv,json -c check11,check12,check13,check14 ProwlerScheduler: @@ -284,6 +284,7 @@ Resources: Artifacts: Type: NO_ARTIFACTS ConcurrentBuildLimit: 1 + SourceVersion: prowler-2 Source: GitCloneDepth: 1 Location: https://github.com/prowler-cloud/prowler diff --git a/contrib/html/generate-html-from-csv.sh b/contrib/html/generate-html-from-csv.sh deleted file mode 100755 index 0d240dcd..00000000 --- a/contrib/html/generate-html-from-csv.sh +++ /dev/null @@ -1,230 +0,0 @@ -#!/usr/bin/env bash - -# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. - - -## This script helps to generate a single html report from a single or multiple csv -# output reports. -# I use it when I want to visualize multiple accounts reports in a single view. -# Report information and Assessment Summary will be empty due to the variables -# that are not set here. - -## First: Remove the CSV header from each output report. - -## Second: If you want to aggretate all csv files in you can do like this: -# find . -type f -name '*.csv' -exec cat {} + > prowler-output-unified-csv.file -# use .file instead of .csv unless you want to get into an infinite loop ;) - -## Third: Usage ./generate-html-from-csv.sh aggregated-reports-csv.file - - -OUTPUT_FILE_NAME="report-unified-csv" -EXTENSION_HTML="html" -INPUT=$1 -IFS=',' # used inside the while loop for csv delimiter -HTML_LOGO_URL="https://github.com/prowler-cloud/prowler/" -HTML_LOGO_IMG="https://raw.githubusercontent.com/prowler-cloud/prowler/master/util/html/prowler-logo-new.png" - - -[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; } - -addHtmlHeader() { - if [[ $PROFILE == "" ]];then - PROFILE="ENV" - fi - if [[ -z $HTML_REPORT_INIT ]]; then - cat < - - - - - - - - - - - - Prowler - AWS Security Assesments - - - -
-
-
-
-
- Report Information -
-
    -
  • -
    -
    - Version: $PROWLER_VERSION -
    -
    -
    • -
  • - Parameters used: $PROWLER_PARAMETERS -
    • -
  • - Date: $TIMESTAMP -
    • -
  • - prowler-logo -
    • -
-
-
-
-
-
- Assesment Summary -
-
    -
  • - AWS Account: $ACCOUNT_NUM -
    • -
  • - AWS-CLI Profile: $PROFILE -
    • -
  • - API Region: $REGION -
    • -
  • - User Id: $USER_ID -
    • -
  • - Caller Identity ARN: $CALLER_ARN -
    • -
-
- * Sortable columns are CheckID (default) and Result -
-
-
-
- - - - - - - - - - - - - - - - -EOF - -fi -} - -addHtmlFooter() { - cat < -
StatusResultSeverityAccountIDRegionComplianceServiceCheckIDCheck TitleCheck Output
-
-
-
- - - - - - - - - - - - - - - -EOF - -unset HTML_REPORT_INIT -} - -addHtmlHeader > ${OUTPUT_FILE_NAME}.$EXTENSION_HTML -while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL TITLE_TEXT NOTES ASFF_COMPLIANCE_TYPE CHECK_SEVERITY CHECK_SERVICENAME;do - if [[ $RESULT == "INFO" ]]; then - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo 'INFO' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SEVERITY'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ACCOUNT_NUM'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$REPREGION'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ASFF_COMPLIANCE_TYPE'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SERVICENAME'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_ID'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_TEXT'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$NOTES'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - fi - if [[ $RESULT == "PASS" ]]; then - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo 'PASS' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SEVERITY'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ACCOUNT_NUM'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$REPREGION'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ASFF_COMPLIANCE_TYPE'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SERVICENAME'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_ID'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_TEXT'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$NOTES'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - fi - if [[ $RESULT == "FAIL" ]]; then - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ' ' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo 'FAIL' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SEVERITY'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ACCOUNT_NUM'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$REPREGION'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ASFF_COMPLIANCE_TYPE'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SERVICENAME'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_ID'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_TEXT'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$NOTES'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - fi - if [[ $RESULT == "WARNING" ]]; then - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo 'WARN' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SEVERITY'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ACCOUNT_NUM'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$REPREGION'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$ASFF_COMPLIANCE_TYPE'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$CHECK_SERVICENAME'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_ID'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$TITLE_TEXT'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo ''$NOTES'' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - echo '' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML - fi -done < $INPUT -addHtmlFooter >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML diff --git a/contrib/html/prowler-logo-new.png b/contrib/html/prowler-logo-new.png deleted file mode 100644 index 71c9e56f..00000000 Binary files a/contrib/html/prowler-logo-new.png and /dev/null differ diff --git a/contrib/html/prowler-logo.png b/contrib/html/prowler-logo.png deleted file mode 100644 index e59ca281..00000000 Binary files a/contrib/html/prowler-logo.png and /dev/null differ diff --git a/contrib/k8s/cronjob.yml b/contrib/k8s/cronjob.yml index dc923dbb..26bf13a6 100644 --- a/contrib/k8s/cronjob.yml +++ b/contrib/k8s/cronjob.yml @@ -17,8 +17,8 @@ spec: image: toniblyx/prowler:latest imagePullPolicy: Always command: - - "./prowler" - args: [ "-g", "hipaa", "-M", "csv,json,html", "-B", "$(awsS3Bucket)" ] + - "./prowler.py" + args: [ "-B", "$(awsS3Bucket)" ] env: - name: AWS_ACCESS_KEY_ID valueFrom: diff --git a/contrib/org-multi-account/ProwlerEC2.yaml b/contrib/org-multi-account/ProwlerEC2.yaml index 94e56936..574b2f77 100644 --- a/contrib/org-multi-account/ProwlerEC2.yaml +++ b/contrib/org-multi-account/ProwlerEC2.yaml @@ -198,10 +198,18 @@ Resources: commands: 01-install-prowler-prereqs-yum: command: | - yum install python-pip git jq -y - 02-install-prowler-prereqs-pip: + sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc + 02-upgrade-python3.9: command: | - sudo -u ec2-user pip install --user boto3 awscli detect-secrets + cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz + tar zxf Python-3.9.13.tgz + cd Python-3.9.13/ + ./configure --enable-optimizations + sudo make altinstall + 03-install-prowler: + command: | + cd ~ + python3.9 -m pip install prowler-cloud prowler-reports: files: /home/ec2-user/run-prowler-reports.sh: diff --git a/contrib/org-multi-account/src/run-prowler-reports.sh b/contrib/org-multi-account/src/run-prowler-reports.sh index 545a9162..350ceefb 100644 --- a/contrib/org-multi-account/src/run-prowler-reports.sh +++ b/contrib/org-multi-account/src/run-prowler-reports.sh @@ -89,7 +89,7 @@ for accountId in $ACCOUNTS_IN_ORGS; do # Run Prowler echo -e "Assessing AWS Account: $accountId, using Role: $ROLE on $(date)" # remove -g cislevel for a full report and add other formats if needed - ./prowler/prowler -R "$ROLE" -A "$accountId" -g cislevel1 -M html -z + ./prowler/prowler.py --role arn:"$PARTITION":iam::"$accountId":role/"$ROLE" --compliance cis_1.5_aws -M html echo "Report stored locally at: prowler/output/ directory" TOTAL_SEC=$((SECONDS - START_TIME)) echo -e "Completed AWS Account: $accountId, using Role: $ROLE on $(date)" diff --git a/util/allowlist_example.txt b/util/allowlist_example.txt deleted file mode 100644 index 97d9c5ab..00000000 --- a/util/allowlist_example.txt +++ /dev/null @@ -1,29 +0,0 @@ -# Each line is a (checkid:item) tuple - -# Example: Will not consider a myignoredbucket failures as full failure. (Still printed as a warning) -check26:myignoredbucket - -# Note that by default, this searches for the string appearing *anywhere* in the resource name. -# For example: -# extra718:ci-logs # Will block bucket "ci-logs" AND ALSO bucket "ci-logs-replica" -# extra718:logs # Will block EVERY BUCKET containing the string "logs" - -# line starting with # are ignored as comments -# add a line per resource as here: -#: -#: -# checkid2 -#: - -# REGEXES -# This allowlist works with regexes (ERE, the same style of regex as grep -E and bash's =~ use) -# therefore: -# extra718:[[:alnum:]]+-logs # will ignore all buckets containing the terms ci-logs, qa-logs, etc. - -# EXAMPLE: CONTROL TOWER -# When using Control Tower, guardrails prevent access to certain protected resources. The allowlist -# below ensures that warnings instead of errors are reported for the affected resources. -#extra734:aws-controltower-logs-[[:digit:]]+-[[:alpha:]\-]+ -#extra734:aws-controltower-s3-access-logs-[[:digit:]]+-[[:alpha:]\-]+ -#extra764:aws-controltower-logs-[[:digit:]]+-[[:alpha:]\-]+ -#extra764:aws-controltower-s3-access-logs-[[:digit:]]+-[[:alpha:]\-]+ \ No newline at end of file diff --git a/util/cloud9-installation.sh b/util/cloud9-installation.sh deleted file mode 100644 index a45f28cf..00000000 --- a/util/cloud9-installation.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Upgrade AWS CLI to v2 -sudo yum update -y -sudo yum remove -y awscli -cd /opt || exit -sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" -sudo unzip awscliv2.zip -sudo ./aws/install -# shellcheck disable=SC1090 -. ~/.profile # to load the new path for AWS CLI v2 -sudo rm -fr /opt/aws/ -cd ~/environment/ || exit -# Prepare Prowler 3.0 -git clone https://github.com/prowler-cloud/prowler -cd prowler || exit -pipenv install && pipenv shell