From 2f166e2ba3b6b32c3a7beccb684de55ad1e1c418 Mon Sep 17 00:00:00 2001 From: Jason Chen Date: Thu, 19 Apr 2018 14:00:28 +0800 Subject: [PATCH 1/2] prowler: Set default region by aws config, fall back to us-east-1 --- prowler | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/prowler b/prowler index ada565ed..c0ccb372 100755 --- a/prowler +++ b/prowler @@ -23,7 +23,7 @@ OPTRED="" OPTNORMAL="" # Set the defaults for these getopts variables -REGION="us-east-1" +REGION="" FILTERREGION="" MAXITEMS=100 MONOCHROME=0 @@ -76,7 +76,7 @@ while getopts ":hlkp:r:c:f:m:M:en" OPTION; do PROFILE=$OPTARG ;; r ) - REGION=$OPTARG + REGION_OPT=$OPTARG ;; c ) CHECKNUMBER=$OPTARG @@ -274,6 +274,16 @@ if [ -z "${AWSCLI}" ]; then exit $EXITCODE fi +# Set default region by aws config, fall back to us-east-1 +REGION_CONFIG=$(aws configure get region) +if [[ $REGION_OPT ]]; then + REGION="$REGION_OPT" +elif [[ $REGION_CONFIG ]]; then + REGION="$REGION_CONFIG" +else + REGION="us-east-1" +fi + TITLE_ID="" TITLE_TEXT="CALLER ERROR - UNSET TITLE" ## Output formatting functions @@ -1697,7 +1707,7 @@ extra73(){ for bucket in $ALL_BUCKETS_LIST; do extra73Thread $bucket & done - wait + wait } extra73Thread(){ From 775d28f9c4f2e231be328ec9d63a0f6aba56ac33 Mon Sep 17 00:00:00 2001 From: Jason Chen Date: Thu, 19 Apr 2018 14:02:54 +0800 Subject: [PATCH 2/2] prowler: fix IAM role detection and curl error Related to https://github.com/toniblyx/prowler/pull/200 If the ec2 instance is not attached to an IAM role, the `curl -s -m 1 http://169.254.169.254/latest/meta-data/iam/security-credentials` will return a 404 page instead of null, INSTANCE_PROFILE will always be true and result to curl error when trying to use default cli profile: curl: option -: is unknown curl: try 'curl --help' or 'curl --manual' for more information --- prowler | 3 +++ 1 file changed, 3 insertions(+) diff --git a/prowler b/prowler index c0ccb372..51b32d8c 100755 --- a/prowler +++ b/prowler @@ -250,6 +250,9 @@ fi # instance profile (metadata server) if runs in an EC2 instance INSTANCE_PROFILE=$(curl -s -m 1 http://169.254.169.254/latest/meta-data/iam/security-credentials/) +if echo "$INSTANCE_PROFILE" | grep -q '404 - Not Found'; then + INSTANCE_PROFILE= +fi if [[ $PROFILE ]]; then PROFILE_OPT="--profile $PROFILE"