From 60bfb31a19cd1b1b901b87fa919b0a487be805bb Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni.delafuente@alfresco.com>
Date: Fri, 20 Apr 2018 17:28:01 -0400
Subject: [PATCH] new check extra729 and test group gdpr

---
 checks/check_extra727 |  2 ++
 checks/check_extra729 | 36 ++++++++++++++++++++++++++++++++++++
 groups/group7_extras  |  2 +-
 groups/group9_gdpr    |  5 +++--
 4 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 checks/check_extra729

diff --git a/checks/check_extra727 b/checks/check_extra727
index 2f752d66..e0802e30 100644
--- a/checks/check_extra727
+++ b/checks/check_extra727
@@ -29,6 +29,8 @@ extra727(){
           textInfo "$regx: SQS queue $queue seems correct" "$regx"
         fi
       done
+    else
+      textInfo "$regx: No SQS queues found" "$regx"
     fi
   done
 }
diff --git a/checks/check_extra729 b/checks/check_extra729
new file mode 100644
index 00000000..3b502ff6
--- /dev/null
+++ b/checks/check_extra729
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+CHECK_ID_extra729="7.29"
+CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra729="NOT_SCORED"
+CHECK_ALTERNATE_check729="extra729"
+
+extra729(){
+  # "Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
+  textInfo "Looking for EBS Volumes in all regions...  "
+  for regx in $REGIONS; do
+    LIST_OF_EBS_NON_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`false`].VolumeId' --output text)
+    if [[ $LIST_OF_EBS_NON_ENC_VOLUMES ]];then
+      for volume in $LIST_OF_EBS_NON_ENC_VOLUMES; do
+        textFail "$regx: $volume is not encrypted!" "$regx"
+      done
+    fi
+    LIST_OF_EBS_ENC_VOLUMES=$($AWSCLI ec2 describe-volumes $PROFILE_OPT --region $regx --query 'Volumes[?Encrypted==`true`].VolumeId' --output text)
+    if [[ $LIST_OF_EBS_ENC_VOLUMES ]];then
+      for volume in $LIST_OF_EBS_ENC_VOLUMES; do
+        textPass "$regx: $volume is encrypted" "$regx"
+      done
+    fi
+  done
+}
diff --git a/groups/group7_extras b/groups/group7_extras
index b404b5ba..d2e6027b 100644
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,4 +15,4 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - [extras] **********************************************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728'
diff --git a/groups/group9_gdpr b/groups/group9_gdpr
index 6fe0f0a3..81f3fb03 100644
--- a/groups/group9_gdpr
+++ b/groups/group9_gdpr
@@ -15,10 +15,11 @@ GROUP_ID[9]='gdpr'
 GROUP_NUMBER[9]='8.0'
 GROUP_TITLE[9]='GDPR Readiness - [gdpr] ****************************************'
 GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called
-GROUP_CHECKS[9]=''
+GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729'
+
+# WORK IN PROGRESS!! see https://github.com/toniblyx/prowler/issues/189
 
 # Resources:
 # https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf
-# https://github.com/toniblyx/prowler/issues/189
 # https://www.slideshare.net/AmazonWebServices/sid303-navigating-gdpr-compliance-on-aws
 # https://aws.amazon.com/compliance/gdpr-center/