Merge pull request #331 from gabrielsoltz/age_checks

New ec2 age checks
2026-02-10 23:05:05 +00:00 · 2019-06-11 13:21:18 -04:00
parent e8b59b6722 b1e7dc8519
commit 6eb68a1218
4 changed files with 142 additions and 36 deletions
--- a/checks/check_extra757
+++ b/checks/check_extra757
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra757="7.57"
+CHECK_TITLE_extra757="[extra757] Check EC2 Instances older than 6 months (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra757="NOT_SCORED"
+CHECK_TYPE_extra757="EXTRA"
+CHECK_ALTERNATE_check757="extra757"
+
+extra757(){
+  OLDAGE="$(get_date_previous_than_months 6)"
+  textInfo "Looking for EC2 instances in all regions..."
+  for regx in $REGIONS; do
+    textInfo "Looking for EC2 instances in region $regx"
+    EC2_RUNNING="$($AWSCLI ec2 describe-instances --region $regx --query "Reservations[*].Instances[*].[InstanceId]" --output text)"
+    if [[ $EC2_RUNNING ]]; then
+      INSTACES_OLD_THAN_AGE=$($AWSCLI --region $regx ec2 describe-instances --query "Reservations[].Instances[?LaunchTime<='$OLDAGE'][].{id: InstanceId, launched: LaunchTime}" --output text)
+      if [[ $INSTACES_OLD_THAN_AGE ]]; then
+        while IFS= read -r ec2_instace
+        do
+          EC2_ID=$(echo "$ec2_instace" | awk '{print $1}')
+          LAUNCH_DATE=$(echo "$ec2_instace" | awk '{print $2}')
+          textFail "$regx: EC2 Instance $EC2_ID running before than $OLDAGE"
+        done <<< "$INSTACES_OLD_THAN_AGE"
+      else
+        textPass "All Instances newer than 6 months"
+      fi
+    else
+      textInfo "No EC2 Instances Found"
+    fi
+  done
+}
--- a/checks/check_extra758
+++ b/checks/check_extra758
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra758="7.58"
+CHECK_TITLE_extra758="[extra758] Check EC2 Instances older than 12 months (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra758="NOT_SCORED"
+CHECK_TYPE_extra758="EXTRA"
+CHECK_ALTERNATE_check758="extra758"
+
+extra758(){
+  OLDAGE="$(get_date_previous_than_months 12)"
+  textInfo "Looking for EC2 instances in all regions..."
+  for regx in $REGIONS; do
+    textInfo "Looking for EC2 instances in region $regx"
+    EC2_RUNNING="$($AWSCLI ec2 describe-instances --region $regx --query "Reservations[*].Instances[*].[InstanceId]" --output text)"
+    if [[ $EC2_RUNNING ]]; then
+      INSTACES_OLD_THAN_AGE=$($AWSCLI --region $regx ec2 describe-instances --query "Reservations[].Instances[?LaunchTime<='$OLDAGE'][].{id: InstanceId, launched: LaunchTime}" --output text)
+      if [[ $INSTACES_OLD_THAN_AGE ]]; then
+        while IFS= read -r ec2_instace
+        do
+          EC2_ID=$(echo "$ec2_instace" | awk '{print $1}')
+          LAUNCH_DATE=$(echo "$ec2_instace" | awk '{print $2}')
+          textFail "$regx: EC2 Instance $EC2_ID running before than $OLDAGE"
+        done <<< "$INSTACES_OLD_THAN_AGE"
+      else
+        textPass "All Instances newer than 12 months"
+      fi
+    else
+      textInfo "No EC2 Instances Found"
+    fi
+  done
+}
--- a/groups/group7_extras
+++ b/groups/group7_extras
@@ -15,4 +15,4 @@ GROUP_ID[7]='extras'
 GROUP_NUMBER[7]='7.0'
 GROUP_TITLE[7]='Extras - [extras] **********************************************'
 GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756'
+GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra756,extra757,extra758'
--- a/include/os_detector
+++ b/include/os_detector
@@ -39,24 +39,33 @@ if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then
      base64 -d
    }
  how_many_days_from_today()
-      {
-        DATE_TO_COMPARE=$1
-        TODAY_IN_DAYS=$(date -d "$(date +%Y-%m-%d)" +%s)
-        DATE_IN_DAYS=$(date -d $DATE_TO_COMPARE +%s)
-        DAYS_TO=$((( $DATE_IN_DAYS - $TODAY_IN_DAYS )/60/60/24))
-        echo $DAYS_TO
-      }
+    {
+      DATE_TO_COMPARE=$1
+      TODAY_IN_DAYS=$(date -d "$(date +%Y-%m-%d)" +%s)
+      DATE_IN_DAYS=$(date -d $DATE_TO_COMPARE +%s)
+      DAYS_TO=$((( $DATE_IN_DAYS - $TODAY_IN_DAYS )/60/60/24))
+      echo $DAYS_TO
+    }
+  get_date_previous_than_months()
+    {
+      MONTHS_TO_COMPARE=$1
+      MONTHS_TO_COMPARE_IN_SECONDS=$(( 60 * 60 * 24 * 31 * $MONTHS_TO_COMPARE ))
+      CURRENTSECS=`date +%s`
+      STARTDATEINSECS=$(( $CURRENTSECS - $MONTHS_TO_COMPARE_IN_SECONDS ))
+      DATE_BEFORE_MONTHS_TO_COMPARE=$(date -d @$STARTDATEINSECS '+%Y-%m-%d')
+      echo $DATE_BEFORE_MONTHS_TO_COMPARE
+    }
 elif [[ "$OSTYPE" == "darwin"* ]]; then
  # BSD/OSX commands compatibility
  TEMP_REPORT_FILE=$(mktemp -t prowler.cred_report-XXXXXX)
  how_older_from_today()
-      {
-        DATE_TO_COMPARE=$1
-        TODAY_IN_DAYS=$(date +%s)
-        DATE_FROM_IN_DAYS=$(date -jf %Y-%m-%d $DATE_TO_COMPARE +%s)
-        DAYS_SINCE=$((($TODAY_IN_DAYS - $DATE_FROM_IN_DAYS )/60/60/24))
-        echo $DAYS_SINCE
-      }
+    {
+      DATE_TO_COMPARE=$1
+      TODAY_IN_DAYS=$(date +%s)
+      DATE_FROM_IN_DAYS=$(date -jf %Y-%m-%d $DATE_TO_COMPARE +%s)
+      DAYS_SINCE=$((($TODAY_IN_DAYS - $DATE_FROM_IN_DAYS )/60/60/24))
+      echo $DAYS_SINCE
+    }
  timestamp_to_date()
    {
      # remove fractions of a second
@@ -69,24 +78,30 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then
      base64 -D
    }
  how_many_days_from_today()
-      {
-        DATE_TO_COMPARE=$1
-        TODAY_IN_DAYS=$(date +%s)
-        DATE_IN_DAYS=$(date -jf %Y-%m-%d $DATE_TO_COMPARE +%s)
-        DAYS_TO=$((( $DATE_IN_DAYS - $TODAY_IN_DAYS )/60/60/24))
-        echo $DAYS_TO
-      }
+    {
+      DATE_TO_COMPARE=$1
+      TODAY_IN_DAYS=$(date +%s)
+      DATE_IN_DAYS=$(date -jf %Y-%m-%d $DATE_TO_COMPARE +%s)
+      DAYS_TO=$((( $DATE_IN_DAYS - $TODAY_IN_DAYS )/60/60/24))
+      echo $DAYS_TO
+    }
+  get_date_previous_than_months()
+    {
+      MONTHS_TO_COMPARE=$1
+      DATE_BEFORE_MONTHS_TO_COMPARE=$(date -v -$(echo $MONTHS_TO_COMPARE)m '+%Y-%m-%d')
+      echo $DATE_BEFORE_MONTHS_TO_COMPARE
+    }
 elif [[ "$OSTYPE" == "cygwin" ]]; then
  # POSIX compatibility layer and Linux environment emulation for Windows
  TEMP_REPORT_FILE=$(mktemp -t -p /tmp prowler.cred_report-XXXXXX)
  how_older_from_today()
-      {
-        DATE_TO_COMPARE=$1
-        TODAY_IN_DAYS=$(date -d "$(date +%Y-%m-%d)" +%s)
-        DATE_FROM_IN_DAYS=$(date -d $DATE_TO_COMPARE +%s)
-        DAYS_SINCE=$((($TODAY_IN_DAYS - $DATE_FROM_IN_DAYS )/60/60/24))
-        echo $DAYS_SINCE
-      }
+    {
+      DATE_TO_COMPARE=$1
+      TODAY_IN_DAYS=$(date -d "$(date +%Y-%m-%d)" +%s)
+      DATE_FROM_IN_DAYS=$(date -d $DATE_TO_COMPARE +%s)
+      DAYS_SINCE=$((($TODAY_IN_DAYS - $DATE_FROM_IN_DAYS )/60/60/24))
+      echo $DAYS_SINCE
+    }
  timestamp_to_date()
    {
      # remove fractions of a second
@@ -99,13 +114,22 @@ elif [[ "$OSTYPE" == "cygwin" ]]; then
      base64 -d
    }
  how_many_days_from_today()
-      {
-        DATE_TO_COMPARE=$1
-        TODAY_IN_DAYS=$(date -d "$(date +%Y-%m-%d)" +%s)
-        DATE_IN_DAYS=$(date -d $DATE_TO_COMPARE +%s)
-        DAYS_TO=$((( $TODAY_IN_DAYS - $DATE_IN_DAYS )/60/60/24))
-        echo $DAYS_TO
-      }
+    {
+      DATE_TO_COMPARE=$1
+      TODAY_IN_DAYS=$(date -d "$(date +%Y-%m-%d)" +%s)
+      DATE_IN_DAYS=$(date -d $DATE_TO_COMPARE +%s)
+      DAYS_TO=$((( $TODAY_IN_DAYS - $DATE_IN_DAYS )/60/60/24))
+      echo $DAYS_TO
+    }
+  get_date_previous_than_months()
+    {
+      MONTHS_TO_COMPARE=$1
+      MONTHS_TO_COMPARE_IN_SECONDS=$(( 60 * 60 * 24 * 31 * $MONTHS_TO_COMPARE ))
+      CURRENTSECS=`date +%s`
+      STARTDATEINSECS=$(( $CURRENTSECS - $MONTHS_TO_COMPARE_IN_SECONDS ))
+      DATE_BEFORE_MONTHS_TO_COMPARE=$(date -d @$STARTDATEINSECS '+%Y-%m-%d')
+      echo $DATE_BEFORE_MONTHS_TO_COMPARE
+    }
 else
      echo "Unknown Operating System! Valid \$OSTYPE: linux-gnu, linux-musl, darwin* or cygwin"
      echo "Found: $OSTYPE"