From 65c417a357b3ac74121cc423154320e8cd642b7e Mon Sep 17 00:00:00 2001 From: Subramani Ramanathan Date: Wed, 21 Feb 2018 02:48:20 +0530 Subject: [PATCH] Improving check41 and check42 Improved check41 and check42 to ensure no inbound rule exists that has:- # port no 22 and source of 0.0.0.0/0 # port no in the range (i.e 0-1024) and source of 0.0.0.0/0 # port value of all and source of 0.0.0.0/0 --- prowler | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prowler b/prowler index d49581d6..ed335e57 100755 --- a/prowler +++ b/prowler @@ -1576,7 +1576,7 @@ check41(){ # "Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)" textTitle "$ID41" "$TITLE41" "SCORED" "LEVEL1" for regx in $REGIONS; do - SG_LIST=$($AWSCLI ec2 describe-security-groups --filters "Name=ip-permission.to-port,Values=22" --query 'SecurityGroups[?length(IpPermissions[?ToPort==`22` && contains(IpRanges[].CidrIp, `0.0.0.0/0`)]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text) + SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`22` && ToPort>=`22`)) && contains(IpRanges[].CidrIp, `0.0.0.0/0`)]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text) if [[ $SG_LIST ]];then for SG in $SG_LIST;do textWarn "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx" @@ -1591,7 +1591,7 @@ check42(){ # "Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)" textTitle "$ID42" "$TITLE42" "SCORED" "LEVEL1" for regx in $REGIONS; do - SG_LIST=$($AWSCLI ec2 describe-security-groups --filters "Name=ip-permission.to-port,Values=3389" --query 'SecurityGroups[?length(IpPermissions[?ToPort==`3389` && contains(IpRanges[].CidrIp, `0.0.0.0/0`)]) > `0`].{GroupName: GroupName}' $PROFILE_OPT --region $regx --output text) + SG_LIST=$($AWSCLI ec2 describe-security-groups --query 'SecurityGroups[?length(IpPermissions[?((FromPort==null && ToPort==null) || (FromPort<=`3389` && ToPort>=`3389`)) && contains(IpRanges[].CidrIp, `0.0.0.0/0`)]) > `0`].{GroupId:GroupId}' $PROFILE_OPT --region $regx --output text) if [[ $SG_LIST ]];then for SG in $SG_LIST;do textWarn "Found Security Group: $SG open to 0.0.0.0/0 in Region $regx" "$regx"