mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
Merge branch '2.5-new-checks' into custom-checks
This commit is contained in:
Toni de la Fuente
@@ -15,13 +15,8 @@ GROUP_ID[11]='secrets'
|
||||
GROUP_NUMBER[11]='11.0'
|
||||
GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [secrets]'
|
||||
GROUP_RUN_BY_DEFAULT[11]='N' # but it runs when execute_all is called (default)
|
||||
GROUP_CHECKS[11]='extra741,extra742,extra759,extra760,extra768,extra775'
|
||||
GROUP_CHECKS[11]='extra741,extra742,extra759,extra760,extra768,extra775,extra7141'
|
||||
|
||||
# requires https://github.com/Yelp/detect-secrets
|
||||
# `pip install detect-secrets`
|
||||
|
||||
# Initially:
|
||||
# - EC2 UserData
|
||||
# - CloudFormation Outputs
|
||||
# - Lambda variables
|
||||
# - Lambda code
|
||||
|
||||
@@ -15,7 +15,7 @@ GROUP_ID[15]='pci'
|
||||
GROUP_NUMBER[15]='15.0'
|
||||
GROUP_TITLE[15]='PCI-DSS v3.2.1 Readiness - ONLY AS REFERENCE - [pci] **********'
|
||||
GROUP_RUN_BY_DEFAULT[15]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check112,check113,check114,check116,check21,check23,check25,check26,check27,check28,check29,check314,check36,check38,check43,extra713,extra717,extra718,extra72,extra729,extra735,extra738,extra740,extra744,extra748,extra75,extra750,extra751,extra753,extra754,extra755,extra756,extra773,extra78,extra780,extra781,extra782,extra783,extra784,extra785,extra787,extra788,extra798'
|
||||
GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check112,check113,check114,check116,check21,check23,check25,check26,check27,check28,check29,check314,check36,check38,check43,extra711,extra713,extra717,extra718,extra72,extra729,extra735,extra738,extra740,extra744,extra748,extra75,extra750,extra751,extra753,extra754,extra755,extra773,extra78,extra780,extra781,extra782,extra783,extra784,extra785,extra787,extra788,extra798'
|
||||
|
||||
# Resources:
|
||||
# https://github.com/toniblyx/prowler/issues/296
|
||||
@@ -39,7 +39,7 @@ GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check1
|
||||
# Ensure the default security group restricts all traffic check43
|
||||
# Remove unused security groups extra75
|
||||
# RDS should not have Public interface open to a public scope extra78
|
||||
# Check for Publicly Accessible Redshift Clusters extra756
|
||||
# Check for Publicly Accessible Redshift Clusters extra711
|
||||
# Ensure Lambda Functions are not publicly accessible extra798
|
||||
|
||||
# 3.2 Requirement 2: Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters
|
||||
|
||||
@@ -15,37 +15,36 @@ GROUP_ID[17]='internet-exposed'
|
||||
GROUP_NUMBER[17]='17.0'
|
||||
GROUP_TITLE[17]='Find resources exposed to the internet - [internet-exposed] ***'
|
||||
GROUP_RUN_BY_DEFAULT[17]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[17]='check41,check42,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102'
|
||||
GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137,extra7138'
|
||||
|
||||
# 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored) [group4, cislevel1, cislevel2]
|
||||
# 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored) [group4, cislevel1, cislevel2]
|
||||
# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark) [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
|
||||
# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark) [extras, gdpr, hipaa, rds]
|
||||
# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark) [extras, gdpr, hipaa, secrets, apigateway, rds]
|
||||
# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark) [extras, gdpr, secrets]
|
||||
# 7.7 [extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark) [group1, extras, secrets, elasticsearch]
|
||||
# 7.8 [extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark) [extras, rds, elasticsearch, trustboundaries]
|
||||
# 7.9 [extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark) [extras, trustboundaries]
|
||||
# 7.10 [extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
|
||||
# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user [extras, gdpr, hipaa, rds]
|
||||
# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used [extras, gdpr, hipaa, secrets, apigateway, rds]
|
||||
# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public [extras, gdpr, secrets]
|
||||
# 7.7 [extra77] Ensure there are no ECR repositories set as Public [group1, extras, secrets, elasticsearch]
|
||||
# 7.8 [extra78] Ensure there are no Public Accessible RDS instances [extras, rds, elasticsearch, trustboundaries]
|
||||
# 7.9 [extra79] Check for internet facing Elastic Load Balancers [extras, trustboundaries]
|
||||
# 7.10 [extra710] Check for internet facing EC2 Instances [extras]
|
||||
# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters [extras]
|
||||
# 7.16 [extra716] Check if Amazon Elasticsearch Service (ES) domains are set as Public or if it has open policy access [extras, elasticsearch]
|
||||
# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public (Not Scored) (Not part of CIS benchmark) [extras, rds]
|
||||
# 7.27 [extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark) [extras, gdpr]
|
||||
# 7.31 [extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark) [extras, gdpr]
|
||||
# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark) [extras, gdpr]
|
||||
# 7.45 [extra745] Check if API Gateway endpoint is public or private (Not Scored) (Not part of CIS benchmark) [extras, apigateway]
|
||||
# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# redundant 7.56 [extra756] Check if Redshift cluster is Public Accessible (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public [extras, rds]
|
||||
# 7.27 [extra727] Check if SQS queues have policy set as Public [extras, gdpr]
|
||||
# 7.31 [extra731] Check if SNS topics have policy set as Public [extras, gdpr]
|
||||
# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS [extras, gdpr]
|
||||
# 7.45 [extra745] Check if API Gateway endpoint is public or private [extras, apigateway]
|
||||
# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port [extras]
|
||||
# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 [extras]
|
||||
# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 [extras]
|
||||
# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 [extras]
|
||||
# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 [extras]
|
||||
# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 [extras]
|
||||
# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 [extras]
|
||||
# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211 [extras]
|
||||
# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached [extras]
|
||||
# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) [extras]
|
||||
# 7.79 [extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports [extras, elasticsearch]
|
||||
# 7.87 [extra787] Check connection and authentication for Internet exposed Elasticsearch/Kibana ports [extras, elasticsearch]
|
||||
# 7.88 [extra788] Check connection and authentication for Internet exposed Amazon Elasticsearch Service (ES) domains [extras, elasticsearch]
|
||||
# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access [extras]
|
||||
|
||||
@@ -15,7 +15,7 @@ GROUP_ID[18]='iso27001'
|
||||
GROUP_NUMBER[18]='18.0'
|
||||
GROUP_TITLE[18]='ISO 27001:2013 Readiness - ONLY AS REFERENCE - [iso27001] *****'
|
||||
GROUP_RUN_BY_DEFAULT[18]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,check116,check119,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,check44,extra71,extra710,extra7100,extra711,extra7113,extra7123,extra7125,extra7126,extra7128,extra7129,extra713,extra714,extra7130,extra718,extra719,extra72,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra731,extra73,extra731,extra735,extra739,extra74,extra741,extra747,extra748,extra75,extra756,extra757,extra758,extra759,extra76,extra760,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra77,extra771,extra772,extra774,extra776,extra777,extra778,extra78,extra789,extra79,extra790,extra792,extra793,extra794,extra795,extra796,extra798'
|
||||
GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,check116,check119,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,check44,extra71,extra710,extra7100,extra711,extra7113,extra7123,extra7125,extra7126,extra7128,extra7129,extra713,extra714,extra7130,extra718,extra719,extra72,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra731,extra73,extra731,extra735,extra739,extra74,extra741,extra747,extra748,extra75,extra757,extra758,extra759,extra76,extra760,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra77,extra771,extra772,extra774,extra776,extra777,extra778,extra78,extra789,extra79,extra790,extra792,extra793,extra794,extra795,extra796,extra798'
|
||||
|
||||
# # Category Objective ID Objective Name Prowler check ID Check Summary
|
||||
# 1 A.9 Access Control A.9.2 User Access Management check122 Ensure IAM policies that allow full "*:*" administrative privileges are not created.
|
||||
@@ -66,13 +66,13 @@ GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,
|
||||
# 46 A.9 Access Control A.9.4 System and Application Access Control check14 Ensure access keys are rotated every 90 days or less
|
||||
# 47 A.9 Access Control A.9.4 System and Application Access Control check13 Ensure credentials unused for 90 days or greater are disabled
|
||||
# 48 A.9 Access Control A.9.4 System and Application Access Control check112 Ensure no root account access key exists
|
||||
# 55 A.9 Access Control A.9.4 System and Application Access Control extra711 Check if Redshift cluster is Public Accessible
|
||||
# 49 A.9 Access Control A.9.4 System and Application Access Control extra7113 Check if RDS instances have deletion protection enabled
|
||||
# 50 A.9 Access Control A.9.4 System and Application Access Control extra72 Ensure there are no EBS Snapshots set as Public
|
||||
# 51 A.9 Access Control A.9.4 System and Application Access Control extra723 Check if RDS Snapshots and Cluster Snapshots are public
|
||||
# 52 A.9 Access Control A.9.4 System and Application Access Control extra727 Check if SQS queues have policy set as Public
|
||||
# 53 A.9 Access Control A.9.4 System and Application Access Control extra73 Ensure there are no S3 buckets open to Everyone or Any AWS user
|
||||
# 54 A.9 Access Control A.9.4 System and Application Access Control extra731 Check if SNS topics have policy set as Public
|
||||
# 55 A.9 Access Control A.9.4 System and Application Access Control extra756 Check if Redshift cluster is Public Accessible
|
||||
# 56 A.9 Access Control A.9.4 System and Application Access Control extra76 Ensure there are no EC2 AMIs set as Public
|
||||
# 57 A.9 Access Control A.9.4 System and Application Access Control extra77 Ensure there are no ECR repositories set as Public
|
||||
# 58 A.9 Access Control A.9.4 System and Application Access Control extra771 Check if S3 buckets have policies which allow WRITE access
|
||||
|
||||
@@ -13,11 +13,11 @@
|
||||
|
||||
GROUP_ID[21]='soc2'
|
||||
GROUP_NUMBER[21]='21.0'
|
||||
GROUP_TITLE[21]='SOC2 Readiness - ONLY AS REFERENCE - [soc2] ***'
|
||||
GROUP_TITLE[21]='SOC2 Readiness - ONLY AS REFERENCE - [soc2] *******************'
|
||||
GROUP_RUN_BY_DEFAULT[21]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[21]='check110,check111,check113,check12,check122,check13,check15,check16,check17,check18,check19,check21,check31,check310,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,extra711,extra72,extra723,extra729,extra731,extra734,extra735,extra739,extra76,extra78,extra792'
|
||||
|
||||
# References:
|
||||
# 1. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf
|
||||
# 2. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/mappingsrelevanttothesocsuiteofservices.html
|
||||
# 3. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/mapping-final-2017-tsc-to-extant-2016-tspc.xlsx
|
||||
# 3. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/mapping-final-2017-tsc-to-extant-2016-tspc.xlsx
|
||||
|
||||
@@ -15,7 +15,7 @@ GROUP_ID[23]='ens'
|
||||
GROUP_NUMBER[23]='23.0'
|
||||
GROUP_TITLE[23]='ENS Esquema Nacional de Seguridad security checks - [ens] *****'
|
||||
GROUP_RUN_BY_DEFAULT[23]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120,check116,extra7124,check12,extra7125,check14,check13,check21,check25,extra7127,check35,check24,check31,check36,check32,check33,check34,check22,extra71,check23,check23,check27,check37,extra736,extra737,extra713,check21,check29,extra793,extra792,extra764,extra738,check43,extra74,extra710,extra75,check41,check42,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra7128,extra729,extra761,extra740,extra735,extra734,extra728,extra781,extra773,extra744,extra7126,extra7129'
|
||||
GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120,check116,extra7124,check12,extra7125,check14,check13,check21,check25,extra7127,check35,check24,check31,check36,check32,check33,check34,check22,extra71,check23,check23,check27,check37,extra736,check28,extra713,check21,check29,extra793,extra792,extra764,extra738,check43,extra74,extra710,extra75,check41,check42,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra7128,extra729,extra761,extra740,extra735,extra734,extra728,extra781,extra773,extra744,extra7126,extra7129'
|
||||
|
||||
# ENS Control ID for AWS;Prowler checks that apply
|
||||
# ens-op.acc.1.aws.iam.1;extra733
|
||||
@@ -49,7 +49,7 @@ GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120
|
||||
# ens-op.exp.10.aws.trail.5;check27
|
||||
# ens-op.exp.11.aws.kms.1;check37
|
||||
# ens-op.exp.11.aws.kms.2;extra736*
|
||||
# ens-op.exp.11.aws.kms.3;extra737
|
||||
# ens-op.exp.11.aws.kms.3;check28
|
||||
# ens-op.mon.1.aws.duty.1;extra713
|
||||
# ens-op.mon.1.aws.trail.1;check21
|
||||
# ens-op.mon.1.aws.flow.1;check29
|
||||
@@ -80,4 +80,4 @@ GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120
|
||||
# ens-mp.info.3.aws.au.1;extra781
|
||||
# ens-mp.s.2.aws.waf.1;extra773
|
||||
# ens-mp.s.2.aws.waf.2;extra744
|
||||
# ens-mp.s.2.aws.waf.3;extra7129
|
||||
# ens-mp.s.2.aws.waf.3;extra7129
|
||||
|
||||
@@ -12,4 +12,4 @@ GROUP_ID[4]='group4'
|
||||
GROUP_NUMBER[4]='4.0'
|
||||
GROUP_TITLE[4]='Networking - CIS only - [group4] *******************************'
|
||||
GROUP_RUN_BY_DEFAULT[4]='Y' # run it when execute_all is called
|
||||
GROUP_CHECKS[4]='check41,check42,check43,check44'
|
||||
GROUP_CHECKS[4]='check41,check42,check43,check44,check45,check46'
|
||||
|
||||
@@ -15,11 +15,11 @@ GROUP_ID[7]='extras'
|
||||
GROUP_NUMBER[7]='7.0'
|
||||
GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
|
||||
GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
|
||||
GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7142,extra7143,extra7144,extra7145,extra7146'
|
||||
GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146'
|
||||
|
||||
# Extras 759 and 760 (lambda variables and code secrets finder are not included)
|
||||
# to run detect-secrets use `./prowler -g secrets`
|
||||
|
||||
# Extras 789 and 790 VPC trust boundaries are not included by default in Extras
|
||||
# to run trust-boundaries use `./prowler -g trustboundaries`
|
||||
# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks
|
||||
# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks
|
||||
Reference in New Issue
Block a user