From 64328218fccc8d8f7d0d693e7d48835dab8caace Mon Sep 17 00:00:00 2001 From: Nacho Rivera Date: Mon, 10 Apr 2023 09:58:28 +0200 Subject: [PATCH] feat(banner): azure credential banner (#2179) --- prowler/lib/outputs/summary_table.py | 5 ++++- prowler/providers/azure/azure_provider.py | 3 +-- .../providers/azure/lib/audit_info/models.py | 2 +- .../azure/services/defender/defender_service.py | 16 ++++++++-------- .../providers/azure/services/iam/iam_service.py | 16 ++++++++-------- .../azure/services/storage/storage_service.py | 16 ++++++++-------- prowler/providers/common/audit_info.py | 17 +++++++++++++++++ prowler/providers/common/outputs.py | 5 ++++- 8 files changed, 51 insertions(+), 29 deletions(-) diff --git a/prowler/lib/outputs/summary_table.py b/prowler/lib/outputs/summary_table.py index 2e0bc6fa..0c6d0f8c 100644 --- a/prowler/lib/outputs/summary_table.py +++ b/prowler/lib/outputs/summary_table.py @@ -20,7 +20,10 @@ def display_summary_table( entity_type = "Account" audited_entities = audit_info.audited_account elif provider == "azure": - if audit_info.identity.domain: + if ( + audit_info.identity.domain + != "Unknown tenant domain (missing AAD permissions)" + ): entity_type = "Tenant Domain" audited_entities = audit_info.identity.domain else: diff --git a/prowler/providers/azure/azure_provider.py b/prowler/providers/azure/azure_provider.py index a64cd1a7..d65a00e0 100644 --- a/prowler/providers/azure/azure_provider.py +++ b/prowler/providers/azure/azure_provider.py @@ -115,7 +115,7 @@ class Azure_Provider: # Same here, if user can access AAD, some fields are retrieved if not, default value, for az cli # should work but it doesn't, pending issue else: - identity.identity_id = "Unknown user id (NO AAD permissions)" + identity.identity_id = "Unknown user id (Missing AAD permissions)" identity.identity_type = "User" try: logger.info( @@ -147,7 +147,6 @@ class Azure_Provider: if not subscription_ids: logger.info("Scanning all the Azure subscriptions...") for subscription in subscriptions_client.subscriptions.list(): - identity.subscriptions.update( {subscription.display_name: subscription.subscription_id} ) diff --git a/prowler/providers/azure/lib/audit_info/models.py b/prowler/providers/azure/lib/audit_info/models.py index a0ed8bc9..7ea45250 100644 --- a/prowler/providers/azure/lib/audit_info/models.py +++ b/prowler/providers/azure/lib/audit_info/models.py @@ -9,7 +9,7 @@ class Azure_Identity_Info(BaseModel): identity_id: str = "" identity_type: str = "" tenant_ids: list[str] = [] - domain: str = "" + domain: str = "Unknown tenant domain (missing AAD permissions)" subscriptions: dict = {} diff --git a/prowler/providers/azure/services/defender/defender_service.py b/prowler/providers/azure/services/defender/defender_service.py index 285ced45..01887bea 100644 --- a/prowler/providers/azure/services/defender/defender_service.py +++ b/prowler/providers/azure/services/defender/defender_service.py @@ -38,8 +38,8 @@ class Defender: def __get_pricings__(self): logger.info("Defender - Getting pricings...") pricings = {} - try: - for subscription, client in self.clients.items(): + for subscription, client in self.clients.items(): + try: pricings_list = client.pricings.list() pricings.update({subscription: {}}) for pricing in pricings_list.value: @@ -52,12 +52,12 @@ class Defender: ) } ) - except Exception as error: - logger.error( - f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" - ) - else: - return pricings + except Exception as error: + logger.error(f"Subscription name: {subscription}") + logger.error( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + return pricings class Defender_Pricing(BaseModel): diff --git a/prowler/providers/azure/services/iam/iam_service.py b/prowler/providers/azure/services/iam/iam_service.py index 1ea23fb5..3a3b13c6 100644 --- a/prowler/providers/azure/services/iam/iam_service.py +++ b/prowler/providers/azure/services/iam/iam_service.py @@ -39,8 +39,8 @@ class IAM: def __get_roles__(self): logger.info("IAM - Getting roles...") roles = {} - try: - for subscription, client in self.clients.items(): + for subscription, client in self.clients.items(): + try: roles.update({subscription: []}) for role in client.role_definitions.list( scope=f"/subscriptions/{self.subscriptions[subscription]}", @@ -55,12 +55,12 @@ class IAM: permissions=role.permissions, ) ) - except Exception as error: - logger.error( - f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" - ) - else: - return roles + except Exception as error: + logger.error(f"Subscription name: {subscription}") + logger.error( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + return roles @dataclass diff --git a/prowler/providers/azure/services/storage/storage_service.py b/prowler/providers/azure/services/storage/storage_service.py index 2c9d6cc0..4b4c7bc5 100644 --- a/prowler/providers/azure/services/storage/storage_service.py +++ b/prowler/providers/azure/services/storage/storage_service.py @@ -39,8 +39,8 @@ class Storage: def __get_storage_accounts__(self): logger.info("Storage - Getting storage accounts...") storage_accounts = {} - try: - for subscription, client in self.clients.items(): + for subscription, client in self.clients.items(): + try: storage_accounts.update({subscription: []}) storage_accounts_list = client.storage_accounts.list() for storage_account in storage_accounts_list: @@ -56,12 +56,12 @@ class Storage: minimum_tls_version=storage_account.minimum_tls_version, ) ) - except Exception as error: - logger.error( - f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" - ) - else: - return storage_accounts + except Exception as error: + logger.error(f"Subscription name: {subscription}") + logger.error( + f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" + ) + return storage_accounts @dataclass diff --git a/prowler/providers/common/audit_info.py b/prowler/providers/common/audit_info.py index b0b86548..10e6d124 100644 --- a/prowler/providers/common/audit_info.py +++ b/prowler/providers/common/audit_info.py @@ -83,6 +83,20 @@ Caller Identity ARN: {Fore.YELLOW}[{audit_info.audited_identity_arn}]{Style.RESE This report is being generated using credentials below: GCP Account: {Fore.YELLOW}[{profile}]{Style.RESET_ALL} GCP Project ID: {Fore.YELLOW}[{audit_info.project_id}]{Style.RESET_ALL} +""" + print(report) + + def print_azure_credentials(self, audit_info: Azure_Audit_Info): + printed_subscriptions = [] + for key, value in audit_info.identity.subscriptions.items(): + intermediate = key + " : " + value + printed_subscriptions.append(intermediate) + report = f""" +This report is being generated using the identity below: + +Azure Tenant IDs: {Fore.YELLOW}[{" ".join(audit_info.identity.tenant_ids)}]{Style.RESET_ALL} Azure Tenant Domain: {Fore.YELLOW}[{audit_info.identity.domain}]{Style.RESET_ALL} +Azure Subscriptions: {Fore.YELLOW}{printed_subscriptions}{Style.RESET_ALL} +Azure Identity type: {Fore.YELLOW}[{audit_info.identity.identity_type}]{Style.RESET_ALL} Azure Identity ID: {Fore.YELLOW}[{audit_info.identity.identity_id}]{Style.RESET_ALL} """ print(report) @@ -340,6 +354,9 @@ GCP Account: {Fore.YELLOW}[{profile}]{Style.RESET_ALL} GCP Project ID: {Fore.YE azure_audit_info.credentials = azure_provider.get_credentials() azure_audit_info.identity = azure_provider.get_identity() + if not arguments.get("only_logs"): + self.print_azure_credentials(azure_audit_info) + return azure_audit_info def set_gcp_audit_info(self, arguments) -> GCP_Audit_Info: diff --git a/prowler/providers/common/outputs.py b/prowler/providers/common/outputs.py index 81a6d024..8ac12834 100644 --- a/prowler/providers/common/outputs.py +++ b/prowler/providers/common/outputs.py @@ -65,7 +65,10 @@ class Azure_Output_Options(Provider_Output_Options): not hasattr(arguments, "output_filename") or arguments.output_filename is None ): - if audit_info.identity.domain: + if ( + audit_info.identity.domain + != "Unknown tenant domain (missing AAD permissions)" + ): self.output_filename = f"prowler-output-{audit_info.identity.domain}-{output_file_timestamp}" else: self.output_filename = f"prowler-output-{'-'.join(audit_info.identity.tenant_ids)}-{output_file_timestamp}"