ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Output consolidation

Browse Source
This commit is contained in:
Toni de la Fuente
2021-07-07 16:15:53 +02:00
parent 5670e4a972
commit 85cb2085b9
9 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
checks/check_extra7114
View File

@@ -36,7 +36,7 @@ extra7114(){
if [[ "$ENDPOINT_SC_ENCRYPTION" == "DISABLED" ]]; then if [[ "$ENDPOINT_SC_ENCRYPTION" == "DISABLED" ]]; then
textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have S3 encryption enabled!" "$regx" "$ENDPOINT_NAME" textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have S3 encryption enabled!" "$regx" "$ENDPOINT_NAME"
else else
textPass "$regx: Glue development endpoint $ENDPOINT_NAME has S3 encryption enabled" "$regx" textPass "$regx: Glue development endpoint $ENDPOINT_NAME has S3 encryption enabled" "$regx" "$ENDPOINT_NAME"
fi fi
else else
textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME" textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"

4
checks/check_extra7118
View File

@@ -40,10 +40,10 @@ extra7118(){
textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME" textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME"
fi fi
else else
textPass "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION for S3 encryption enabled" "$regx" textPass "$regx: Glue job $JOB_NAME does have $S3_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME"
fi fi
elif [[ ! -z "$JOB_ENCRYPTION" ]]; then elif [[ ! -z "$JOB_ENCRYPTION" ]]; then
textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx" textPass "$regx: Glue job $JOB_NAME does have $JOB_ENCRYPTION for S3 encryption enabled" "$regx" "$JOB_NAME"
else else
textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME" textFail "$regx: Glue job $JOB_NAME does not have S3 encryption enabled" "$regx" "$JOB_NAME"
fi fi

2
checks/check_extra7119
View File

@@ -36,7 +36,7 @@ extra7119(){
if [[ $ENDPOINT_SC_ENCRYPTION == "DISABLED" ]]; then if [[ $ENDPOINT_SC_ENCRYPTION == "DISABLED" ]]; then
textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have CloudWatch logs encryption enabled!" "$regx" "$ENDPOINT_NAME" textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have CloudWatch logs encryption enabled!" "$regx" "$ENDPOINT_NAME"
else else
textPass "$regx: Glue development endpoint $ENDPOINT_NAME has CloudWatch logs encryption enabled" "$regx" textPass "$regx: Glue development endpoint $ENDPOINT_NAME has CloudWatch logs encryption enabled" "$regx" "$ENDPOINT_NAME"
fi fi
else else
textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME" textFail "$regx: Glue development endpoint $ENDPOINT_NAME does not have security configuration" "$regx" "$ENDPOINT_NAME"

2
checks/check_extra7122
View File

@@ -35,7 +35,7 @@ extra7122(){
if [[ "$JOB_BOOKMARK_ENCRYPTION" == "DISABLED" ]]; then if [[ "$JOB_BOOKMARK_ENCRYPTION" == "DISABLED" ]]; then
textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME" textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME"
else else
textPass "$regx: Glue job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION for Job bookmark encryption enabled" "$regx" textPass "$regx: Glue job $JOB_NAME does have $JOB_BOOKMARK_ENCRYPTION for Job bookmark encryption enabled" "$regx" "$JOB_NAME"
fi fi
else else
textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME" textFail "$regx: Glue job $JOB_NAME does not have Job bookmark encryption enabled" "$regx" "$JOB_NAME"

2
checks/check_extra7123
View File

@@ -30,7 +30,7 @@ extra7123(){
if [[ $LIST_OF_USERS_WITH_2ACCESS_KEYS ]]; then if [[ $LIST_OF_USERS_WITH_2ACCESS_KEYS ]]; then
# textFail "Users with access key 1 older than 90 days:" # textFail "Users with access key 1 older than 90 days:"
for user in $LIST_OF_USERS_WITH_2ACCESS_KEYS; do for user in $LIST_OF_USERS_WITH_2ACCESS_KEYS; do
textFail "User $user has 2 active access keys" "us-east-1" "$user" textFail "User $user has 2 active access keys" "$REGION" "$user"
done done
else else
textPass "No users with 2 active access keys" textPass "No users with 2 active access keys"

4
checks/check_extra7125
View File

@@ -34,9 +34,9 @@ extra7125(){
if [[ $MFA_TYPE == "mfa" || $MFA_TYPE == "sms-mfa" ]]; then if [[ $MFA_TYPE == "mfa" || $MFA_TYPE == "sms-mfa" ]]; then
textInfo "User $user has virtual MFA enabled" textInfo "User $user has virtual MFA enabled"
elif [[ $MFA_TYPE == "" ]]; then elif [[ $MFA_TYPE == "" ]]; then
textFail "User $user has not hardware MFA enabled" "us-east-1" "$user" textFail "User $user has not hardware MFA enabled" "$REGION" "$user"
else else
textPass "User $user has hardware MFA enabled" "us-east-1" "$user" textPass "User $user has hardware MFA enabled" "$REGION" "$user"
fi fi
done done
else else

4
checks/check_extra7126
View File

@@ -33,9 +33,9 @@ extra7126(){
if [[ $CHECK_STATUS == "PendingDeletion" ]]; then if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
textInfo "$regx: KMS key $key is pending deletion" "$regx" textInfo "$regx: KMS key $key is pending deletion" "$regx"
elif [[ $CHECK_STATUS == "Disabled" ]]; then elif [[ $CHECK_STATUS == "Disabled" ]]; then
textInfo "$regx: KMS key $key is disabled" "$regx" textInfo "$regx: KMS key $key is disabled" "$regx" "$key"
else else
textPass "$regx: KMS key $key is not disabled or pending deletion" "$regx" textPass "$regx: KMS key $key is not disabled or pending deletion" "$regx" "$key"
fi fi
done done
else else

4
checks/check_extra7128
View File

@@ -31,9 +31,9 @@ extra7128(){
for table in $DDB_TABLES_LIST; do for table in $DDB_TABLES_LIST; do
DDB_TABLE_WITH_KMS=$($AWSCLI dynamodb describe-table --table-name $table $PROFILE_OPT --region $regx --query Table.SSEDescription.SSEType --output text) DDB_TABLE_WITH_KMS=$($AWSCLI dynamodb describe-table --table-name $table $PROFILE_OPT --region $regx --query Table.SSEDescription.SSEType --output text)
if [[ $DDB_TABLE_WITH_KMS == "KMS" ]]; then if [[ $DDB_TABLE_WITH_KMS == "KMS" ]]; then
textPass "$regx: DynamoDB table $table does have KMS encryption enabled" "$regx" textPass "$regx: DynamoDB table $table does have KMS encryption enabled" "$regx" "$table"
else else
textInfo "$regx: DynamoDB table $table does have DEFAULT encryption enabled" "$regx" textInfo "$regx: DynamoDB table $table does have DEFAULT encryption enabled" "$regx" "$table"
fi fi
done done
else else

4
checks/check_extra7129
View File

@@ -50,12 +50,12 @@ extra7129(){
if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then if [[ ${#WAF_PROTECTED_ALBS[@]} -gt 0 ]]; then
for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do for wafaclarn in "${WAF_PROTECTED_ALBS[@]}"; do
WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn | awk -F'/' '{ print $3 }') WAFV2_WEBACL_ARN_SHORT=$(echo $wafaclarn | awk -F'/' '{ print $3 }')
textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx" textPass "$regx: Application Load Balancer $alb is protected by WAFv2 ACL $WAFV2_WEBACL_ARN_SHORT" "$regx" "$alb"
done done
fi fi
if [[ ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then if [[ ${#WAFv1_PROTECTED_ALBS[@]} -gt 0 ]]; then
for wafv1aclid in "${WAFv1_PROTECTED_ALBS[@]}"; do for wafv1aclid in "${WAFv1_PROTECTED_ALBS[@]}"; do
textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx" textPass "$regx: Application Load Balancer $alb is protected by WAFv1 ACL $wafv1aclid" "$regx" "$alb"
done done
fi fi
else else