ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/toniblyx/prowler

Browse Source
This commit is contained in:
Toni de la Fuente
2021-01-21 22:40:50 +01:00
parent 478cb4aa54 47aa6998f4
commit 6bb49fd162
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/check43
View File

@@ -23,7 +23,7 @@ check43(){
for regx in $REGIONS; do
CHECK_SGDEFAULT_IDS=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --filters Name=group-name,Values='default' --query 'SecurityGroups[*].GroupId[]' --output text)
for CHECK_SGDEFAULT_ID in $CHECK_SGDEFAULT_IDS; do
CHECK_SGDEFAULT_ID_OPEN=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --group-ids $CHECK_SGDEFAULT_ID --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |egrep '0.0.0.0|\:\:\/0')
CHECK_SGDEFAULT_ID_OPEN=$($AWSCLI ec2 describe-security-groups $PROFILE_OPT --region $regx --group-ids $CHECK_SGDEFAULT_ID --query 'SecurityGroups[*].{IpPermissions:IpPermissions,IpPermissionsEgress:IpPermissionsEgress,GroupId:GroupId}' --output text |egrep ' 0.0.0.0|\:\:\/0')
if [[ $CHECK_SGDEFAULT_ID_OPEN ]];then
textFail "Default Security Groups ($CHECK_SGDEFAULT_ID) found that allow 0.0.0.0 IN or OUT traffic in Region $regx" "$regx"
else

4
checks/check_extra7130
View File

@@ -22,11 +22,11 @@ CHECK_ALTERNATE_check7130="extra7130"
extra7130(){
textInfo "Looking for SNS Topics in all regions... "
for regx in $REGIONS; do
LIST_SNS=$($AWSCLI sns list-topics --region $regx --query 'Topics[*].TopicArn' --output text)
LIST_SNS=$($AWSCLI sns list-topics $PROFILE_OPT --region $regx --query 'Topics[*].TopicArn' --output text)
if [[ $LIST_SNS ]];then
for topic in $LIST_SNS; do
SHORT_TOPIC=$(echo $topic | awk -F ":" '{print $NF}')
SNS_ENCRYPTION=$($AWSCLI sns get-topic-attributes --region $regx --topic-arn $topic --query 'Attributes.KmsMasterKeyId' --output text)
SNS_ENCRYPTION=$($AWSCLI sns get-topic-attributes $PROFILE_OPT --region $regx --topic-arn $topic --query 'Attributes.KmsMasterKeyId' --output text)
if [[ "None" == $SNS_ENCRYPTION ]]; then
textFail "$regx: $SHORT_TOPIC is not encrypted!" "$regx"
else