ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/toniblyx/prowler into master

Browse Source
This commit is contained in:
Toni de la Fuente
2020-09-24 14:55:20 +02:00
parent c14799915c 9165d3a8ba
commit 60c741a202
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/os_detector
View File

@@ -121,7 +121,7 @@ bsd_get_iso8601_hundred_days_ago() {
}
bsd_get_iso8601_one_minute_ago() {
"$DATE_CMD" -v-1m -u +"%Y-%m-%dT%H:%M:%SZ"
"$DATE_CMD" -v-1M -u +"%Y-%m-%dT%H:%M:%SZ"
}
gnu_test_tcp_connectivity() {

18
include/securityhub_integration
View File

@@ -41,15 +41,19 @@ resolveSecurityHubPreviousFails(){
PREVIOUS_DATE=$(get_iso8601_hundred_days_ago)
FILTER="{\"UpdatedAt\":[{\"Start\":\"$PREVIOUS_DATE\",\"End\":\"$OLD_TIMESTAMP\"}],\"GeneratorId\":[{\"Value\": \"prowler-$check\",\"Comparison\":\"PREFIX\"}],\"ComplianceStatus\":[{\"Value\": \"FAILED\",\"Comparison\":\"EQUALS\"}]}"
FILTER="{\"UpdatedAt\":[{\"Start\":\"$PREVIOUS_DATE\",\"End\":\"$OLD_TIMESTAMP\"}],\"GeneratorId\":[{\"Value\": \"prowler-$check\",\"Comparison\":\"PREFIX\"}],\"ComplianceStatus\":[{\"Value\": \"FAILED\",\"Comparison\":\"EQUALS\"}],\"RecordState\":[{\"Value\": \"ACTIVE\",\"Comparison\":\"EQUALS\"}]}"
SECURITY_HUB_PREVIOUS_FINDINGS=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT get-findings --filters "${FILTER}" | jq -c --arg updated_at $NEW_TIMESTAMP '[ .Findings[] | .RecordState = "ARCHIVED" | .UpdatedAt = $updated_at ]')
if [[ $SECURITY_HUB_PREVIOUS_FINDINGS != "[]" ]]; then
BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT batch-import-findings --findings "${SECURITY_HUB_PREVIOUS_FINDINGS}")
# Check for success if imported
if [[ -z "${BATCH_IMPORT_RESULT}" ]] || ! jq -e '.SuccessCount == 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then
echo -e "\n$RED ERROR!$NORMAL Failed to send check output to AWS Security Hub\n"
fi
FINDINGS_COUNT=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq '. | length')
for i in `seq 0 100 $FINDINGS_COUNT`;
do
# Import in batches of 100
BATCH_FINDINGS=$(echo $SECURITY_HUB_PREVIOUS_FINDINGS | jq '.['"$i:$i+100"']')
BATCH_IMPORT_RESULT=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT batch-import-findings --findings "${BATCH_FINDINGS}")
if [[ -z "${BATCH_IMPORT_RESULT}" ]] || jq -e '.FailedCount >= 1' <<< "${BATCH_IMPORT_RESULT}" > /dev/null 2>&1; then
echo -e "\n$RED ERROR!$NORMAL Failed to send check output to AWS Security Hub\n"
fi
done
fi
done

10
prowler
View File

@@ -352,6 +352,10 @@ execute_check() {
if is_junit_output_enabled; then
finalise_junit_check_output "$1"
fi
if [[ "$SEND_TO_SECURITY_HUB" -eq 1 ]]; then
resolveSecurityHubPreviousFails "$1"
fi
else
# Check to see if this is a real check
local check_id_var=CHECK_ID_$1
@@ -370,14 +374,14 @@ execute_check() {
# Execute the check
IGNORES="${ignores}" CHECK_NAME="$1" $1
if is_junit_output_enabled; then
finalise_junit_check_output "$1"
fi
if [[ "$SEND_TO_SECURITY_HUB" -eq 1 ]]; then
resolveSecurityHubPreviousFails "$1"
fi
if is_junit_output_enabled; then
finalise_junit_check_output "$1"
fi
else
textFail "ERROR! Use a valid check name (i.e. check41 or extra71)";
exit $EXITCODE