From 7a44b8bcca2462a55f84454f844431e7479731a6 Mon Sep 17 00:00:00 2001 From: soffensive <9149004+soffensive@users.noreply.github.com> Date: Wed, 17 Apr 2019 13:36:00 +0200 Subject: [PATCH 1/3] Iterate over all regions Iterate over all regions --- checks/check21 | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/checks/check21 b/checks/check21 index 67bf20f2..64b82ebc 100644 --- a/checks/check21 +++ b/checks/check21 @@ -16,17 +16,18 @@ CHECK_ALTERNATE_check201="check21" check21(){ # "Ensure CloudTrail is enabled in all regions (Scored)" - LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].Name' --output text) - if [[ $LIST_OF_TRAILS ]];then - for trail in $LIST_OF_TRAILS;do - MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail) - if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then - textFail "$trail trail in $REGION is not enabled in multi region mode" - else - textPass "$trail trail in $REGION is enabled for all regions" - fi - done - else - textFail "No CloudTrail trails found!" - fi + for regx in $REGIONS; do + LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].Name' --output text --no-include-shadow-trails) + if [[ $LIST_OF_TRAILS ]];then + for trail in $LIST_OF_TRAILS;do + MULTIREGION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].IsMultiRegionTrail' --output text --trail-name-list $trail) + if [[ "$MULTIREGION_TRAIL_STATUS" == 'False' ]];then + textFail "$trail trail in $regx is not enabled in multi region mode" + else + textPass "$trail trail in $regx is enabled for all regions" + fi + done + fi + done } + From e0d86c134aabe0c6b49ba966c3891cc7ec6e9117 Mon Sep 17 00:00:00 2001 From: soffensive <9149004+soffensive@users.noreply.github.com> Date: Wed, 17 Apr 2019 13:38:12 +0200 Subject: [PATCH 2/3] Iterate over all regions Iterate over all regions --- checks/check22 | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/checks/check22 b/checks/check22 index ffc28b67..18b13742 100644 --- a/checks/check22 +++ b/checks/check22 @@ -16,17 +16,18 @@ CHECK_ALTERNATE_check202="check22" check22(){ # "Ensure CloudTrail log file validation is enabled (Scored)" - LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].Name' --output text) - if [[ $LIST_OF_TRAILS ]];then - for trail in $LIST_OF_TRAILS;do - LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $REGION --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail) - if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then - textFail "$trail trail in $REGION has not log file validation enabled" - else - textPass "$trail trail in $REGION has log file validation enabled" - fi - done - else - textFail "No CloudTrail trails found!" - fi + + for regx in $REGIONS; do + LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].Name' --output text --no-include-shadow-trails) + if [[ $LIST_OF_TRAILS ]];then + for trail in $LIST_OF_TRAILS;do + LOGFILEVALIDATION_TRAIL_STATUS=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region $regx --query 'trailList[*].LogFileValidationEnabled' --output text --trail-name-list $trail) + if [[ "$LOGFILEVALIDATION_TRAIL_STATUS" == 'False' ]];then + textFail "$trail trail in $regx has not log file validation enabled" + else + textPass "$trail trail in $regx has log file validation enabled" + fi + done + fi + done } From 42220828ce8570e709864796786d10a0d2b1763e Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Tue, 23 Apr 2019 23:20:11 -0400 Subject: [PATCH 3/3] Fixed issue #317 --- checks/check117 | 4 ++-- checks/check118 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/checks/check117 b/checks/check117 index 72b62ba0..69f897c9 100644 --- a/checks/check117 +++ b/checks/check117 @@ -9,8 +9,8 @@ # work. If not, see . CHECK_ID_check117="1.17" -CHECK_TITLE_check117="[check117] Maintain current contact details (Scored)" -CHECK_SCORED_check117="SCORED" +CHECK_TITLE_check117="[check117] Maintain current contact details (Not Scored)" +CHECK_SCORED_check117="NOT_SCORED" CHECK_TYPE_check117="LEVEL1" CHECK_ALTERNATE_check117="check117" diff --git a/checks/check118 b/checks/check118 index f3c20f2a..4217fbf1 100644 --- a/checks/check118 +++ b/checks/check118 @@ -9,8 +9,8 @@ # work. If not, see . CHECK_ID_check118="1.18" -CHECK_TITLE_check118="[check118] Ensure security contact information is registered (Scored)" -CHECK_SCORED_check118="SCORED" +CHECK_TITLE_check118="[check118] Ensure security contact information is registered (Not Scored)" +CHECK_SCORED_check118="NOT_SCORED" CHECK_TYPE_check118="LEVEL1" CHECK_ALTERNATE_check118="check118"