mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
Glue review 1
This commit is contained in:
Toni de la Fuente
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra7115="7.115"
|
||||
CHECK_TITLE_extra7115="[extra7115] Check if Glue database connection must have SSL connection enabled. (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra7115="[extra7115] Check if Glue database connection has SSL connection enabled."
|
||||
CHECK_SCORED_extra7115="NOT_SCORED"
|
||||
CHECK_TYPE_extra7115="EXTRA"
|
||||
CHECK_SEVERITY_extra7115="Medium"
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra7116="7.116"
|
||||
CHECK_TITLE_extra7116="[extra7116] Check if Glue data-catalog settings must have metadata encryption enabled. (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra7116="[extra7116] Check if Glue data-catalog settings have metadata encryption enabled."
|
||||
CHECK_SCORED_extra7116="NOT_SCORED"
|
||||
CHECK_TYPE_extra7116="EXTRA"
|
||||
CHECK_SEVERITY_extra7116="Medium"
|
||||
@@ -22,9 +22,9 @@ extra7116(){
|
||||
for regx in $REGIONS; do
|
||||
METADATA_ENCRYPTED=$($AWSCLI glue get-data-catalog-encryption-settings $PROFILE_OPT --region $regx --output text --query "DataCatalogEncryptionSettings.EncryptionAtRest.CatalogEncryptionMode")
|
||||
if [[ "$METADATA_ENCRYPTED" == "DISABLED" ]]; then
|
||||
textFail "$regx: Glue Catalog is not encrypted" "$regx"
|
||||
textFail "$regx: Glue data-catalog settings have metadata encryption disabled" "$regx"
|
||||
else
|
||||
textInfo "$regx: Glue catalog is encrypted with $METADATA_ENCRYPTED" "$regx"
|
||||
textInfo "$regx: Glue data-catalog settings have metadata encryption enabled" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra7117="7.117"
|
||||
CHECK_TITLE_extra7117="[extra7117] Check if Glue data-catalog settings must have Encrypt connection password enabled. (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra7117="[extra7117] Check if Glue data-catalog settings have Encrypt connection password enabled."
|
||||
CHECK_SCORED_extra7117="NOT_SCORED"
|
||||
CHECK_TYPE_extra7117="EXTRA"
|
||||
CHECK_SEVERITY_extra7117="Medium"
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra7118="7.117"
|
||||
CHECK_TITLE_extra7118="[extra7118] Check if Glue Security configurations used by ETL Jobs have S3 encryption enabled. (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra7118="[extra7118] Check if Glue security configurations used by ETL Jobs have S3 encryption enabled."
|
||||
CHECK_SCORED_extra7118="NOT_SCORED"
|
||||
CHECK_TYPE_extra7118="EXTRA"
|
||||
CHECK_SEVERITY_extra7118="Medium"
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra7120="7.117"
|
||||
CHECK_TITLE_extra7120="[extra7120] Check if Glue security configurations used by ETL Jobs have CloudWatch logs encryption enabled. (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra7120="[extra7120] Check if Glue security configurations used by ETL Jobs have CloudWatch logs encryption enabled."
|
||||
CHECK_SCORED_extra7120="NOT_SCORED"
|
||||
CHECK_TYPE_extra7120="EXTRA"
|
||||
CHECK_SEVERITY_extra7120="Medium"
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra7122="7.117"
|
||||
CHECK_TITLE_extra7122="[extra7122] Check if Glue security configurations used by ETL Jobs have Job bookmark encryption enabled. (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra7122="[extra7122] Check if Glue security configurations used by ETL Jobs have Job bookmark encryption enabled."
|
||||
CHECK_SCORED_extra7122="NOT_SCORED"
|
||||
CHECK_TYPE_extra7122="EXTRA"
|
||||
CHECK_SEVERITY_extra7122="Medium"
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Prowler - the handy cloud security tool (copyright 2222) by Toni de la Fuente
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy
|
||||
# of the License at http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software distributed
|
||||
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
|
||||
GROUP_ID[23]='glue'
|
||||
GROUP_NUMBER[23]='23.0'
|
||||
GROUP_TITLE[23]='Amazon Glue related security checks - [glue] ********'
|
||||
GROUP_RUN_BY_DEFAULT[23]='N' # run it when execute_all is called
|
||||
GROUP_CHECKS[23]='extra7115,extra7116,extra7117,extra7118,extra7120,extra7122'
|
||||
|
||||
Reference in New Issue
Block a user