ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

add option (-k) to keep the credential report after execution.

Browse Source
This commit is contained in:
Ben Allen
2017-07-11 16:24:42 -05:00
parent 866fe11610
commit 68f8e08506
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -98,6 +98,7 @@ USAGE:
-f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1)
-m <maxitems> specify the maximum number of items to return for long-running requests (default: 100)
-M <mode> output mode: text (defalut), mono, csv (separator is "|"; data is on stdout; progress on stderr)
-k keep the credential report
-h this help
```

17
prowler
View File

@@ -37,6 +37,7 @@ MAXITEMS=100
MONOCHROME=0
MODE="text"
SEP=','
KEEPCREDREPORT=0
# Command usage menu
@@ -51,17 +52,21 @@ USAGE:
-f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1)
-m <maxitems> specify the maximum number of items to return for long-running requests (default: 100)
-M <mode> output mode: text (defalut), mono, csv (separator is \"${SEP}\"; data is on stdout; progress on stderr)
-k keep the credential report
-h this help
"
exit
}
while getopts ":hp:r:c:f:m:M:" OPTION; do
while getopts ":hkp:r:c:f:m:M:" OPTION; do
case $OPTION in
h )
usage
exit 1
;;
k )
KEEPCREDREPORT=1
;;
p )
PROFILE=$OPTARG
;;
@@ -384,13 +389,19 @@ genCredReport() {
# Save report to a file, decode it, deletion at finish and after every single check, acb stands for AWS CIS Benchmark
saveReport(){
TEMP_REPORT_FILE=$(mktemp -t prowler-XXXXX.cred_report )
TEMP_REPORT_FILE=$(mktemp -t prowler-${ACCOUNT_NUM}-XXXXX.cred_report )
$AWSCLI iam get-credential-report --query 'Content' --output text --profile $PROFILE --region $REGION | decode_report > $TEMP_REPORT_FILE
if [[ $KEEPCREDREPORT -eq 1 ]]; then
textTitle "0.2" "Saving IAM Credential Report ..."
textNotice "IAM Credential Report saved in $TEMP_REPORT_FILE"
fi
}
# Delete temporary report file
cleanTemp(){
rm -fr $TEMP_REPORT_FILE
if [[ $KEEPCREDREPORT -ne 1 ]]; then
rm -fr $TEMP_REPORT_FILE
fi
}
# Delete the temporary report file if we get interrupted/terminated