ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #298 from toniblyx/devel

Browse Source 
Devel
This commit is contained in:
Toni de la Fuente
2019-03-04 22:45:58 -05:00
committed by GitHub
parent 18e9e7f0e1 bc1271788c
commit 6f678a1093
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@@ -228,7 +228,25 @@ If you are using an STS token for AWS-CLI and your session is expired you probab
A client error (ExpiredToken) occurred when calling the GenerateCredentialReport operation: The security token included in the request is expired
```
To fix it, please renew your token by authenticating again to the AWS API.
To fix it, please renew your token by authenticating again to the AWS API, see next section below if you use MFA.
### Run Prowler with MFA protected credentials
To run Prowler using a profile that requires MFA you just need to get the session token before hand. Just make sure you use this command:
```
aws --profile <YOUR_AWS_PROFILE> sts get-session-token --duration 129600 --serial-number <ARN_OF_MFA> --token-code <MFA_TOKEN_CODE> --output text
```
Once you get your token you can export it as environment variable:
```
export AWS_PROFILE=YOUR_AWS_PROFILE
export AWS_SESSION_TOKEN=YOUR_NEW_TOKEN
AWS_SECRET_ACCESS_KEY=YOUR_SECRET
export AWS_ACCESS_KEY_ID=YOUR_KEY
```
or set manually up your `~/.aws/credentials` file properly.
There are some helpfull tools to save time in this process like [aws-mfa-script](https://github.com/asagage/aws-mfa-script) or [aws-cli-mfa](https://github.com/sweharris/aws-cli-mfa).
### Custom IAM Policy

5
checks/check_extra741
View File

@@ -17,7 +17,7 @@ CHECK_TYPE_extra741="EXTRA"
CHECK_ALTERNATE_check741="extra741"
extra741(){
textInfo "Looking for keys in EC2 User Data all regions... (max 100 instances per region, use -m to increase it) "
textInfo "Looking for keys in EC2 User Data in instances across all regions... (max 100 instances per region, use -m to increase it) "
for regx in $REGIONS; do
LIST_OF_EC2_INSTANCES=$($AWSCLI ec2 describe-instances $PROFILE_OPT --region $regx --query Reservations[*].Instances[*].InstanceId --output text --max-items $MAXITEMS | grep -v None)
if [[ $LIST_OF_EC2_INSTANCES ]];then
@@ -26,7 +26,8 @@ extra741(){
USERDATA=$($AWSCLI ec2 describe-instance-attribute --attribute userData --query UserData.Value $PROFILE_OPT --region $regx --instance-id $instance --output text | decode_report > $USERDATA_FILE)
if [ -s $USERDATA_FILE ];then
FILE_FORMAT_ASCII=$(file -b $USERDATA_FILE|grep ASCII)
FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE|wc -l|tr -d '\ ')
#FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE | grep -i -e key -e secret -e token -e pass - |wc -l|tr -d '\ ')
FINDINGS=$(grep -i -e key -e secret -e token -e pass $USERDATA_FILE |wc -l|tr -d '\ ')
if [[ $FILE_FORMAT_ASCII ]]; then
if [[ $FINDINGS -eq 0 ]]; then
textPass "$regx: Nothing found in $instance" "$regx"