From 8c9d843813d41e0cbe27864eb6136bf7b93c1d90 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni@blyx.com>
Date: Fri, 13 Nov 2020 19:02:26 +0100
Subject: [PATCH] Glue review 1

---
 checks/check_extra7115 |  2 +-
 checks/check_extra7116 |  6 +++---
 checks/check_extra7117 |  2 +-
 checks/check_extra7118 |  2 +-
 checks/check_extra7120 |  2 +-
 checks/check_extra7122 |  2 +-
 groups/group23_glue    | 19 -------------------
 7 files changed, 8 insertions(+), 27 deletions(-)
 delete mode 100644 groups/group23_glue

diff --git a/checks/check_extra7115 b/checks/check_extra7115
index a8b5b166..ad597b07 100644
--- a/checks/check_extra7115
+++ b/checks/check_extra7115
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7115="7.115"
-CHECK_TITLE_extra7115="[extra7115] Check if Glue database connection must have SSL connection enabled. (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7115="[extra7115] Check if Glue database connection has SSL connection enabled."
 CHECK_SCORED_extra7115="NOT_SCORED"
 CHECK_TYPE_extra7115="EXTRA"
 CHECK_SEVERITY_extra7115="Medium"
diff --git a/checks/check_extra7116 b/checks/check_extra7116
index d862559c..aa778774 100644
--- a/checks/check_extra7116
+++ b/checks/check_extra7116
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7116="7.116"
-CHECK_TITLE_extra7116="[extra7116] Check if Glue data-catalog settings must have metadata encryption enabled. (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7116="[extra7116] Check if Glue data-catalog settings have metadata encryption enabled."
 CHECK_SCORED_extra7116="NOT_SCORED"
 CHECK_TYPE_extra7116="EXTRA"
 CHECK_SEVERITY_extra7116="Medium"
@@ -22,9 +22,9 @@ extra7116(){
   for regx in $REGIONS; do
     METADATA_ENCRYPTED=$($AWSCLI glue get-data-catalog-encryption-settings $PROFILE_OPT --region $regx --output text --query "DataCatalogEncryptionSettings.EncryptionAtRest.CatalogEncryptionMode")
     if [[ "$METADATA_ENCRYPTED" == "DISABLED" ]]; then
-      textFail "$regx: Glue Catalog is not encrypted" "$regx"
+      textFail "$regx: Glue data-catalog settings have metadata encryption disabled" "$regx"
     else
-      textInfo "$regx: Glue catalog is encrypted with $METADATA_ENCRYPTED" "$regx"
+      textInfo "$regx: Glue data-catalog settings have metadata encryption enabled" "$regx"
     fi
   done
 }
diff --git a/checks/check_extra7117 b/checks/check_extra7117
index 6a019c70..cd8b66b5 100644
--- a/checks/check_extra7117
+++ b/checks/check_extra7117
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7117="7.117"
-CHECK_TITLE_extra7117="[extra7117] Check if Glue data-catalog settings must have Encrypt connection password enabled. (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7117="[extra7117] Check if Glue data-catalog settings have Encrypt connection password enabled."
 CHECK_SCORED_extra7117="NOT_SCORED"
 CHECK_TYPE_extra7117="EXTRA"
 CHECK_SEVERITY_extra7117="Medium"
diff --git a/checks/check_extra7118 b/checks/check_extra7118
index 516b3086..abc02ac7 100644
--- a/checks/check_extra7118
+++ b/checks/check_extra7118
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7118="7.117"
-CHECK_TITLE_extra7118="[extra7118] Check if Glue Security configurations used by ETL Jobs have S3 encryption enabled. (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7118="[extra7118] Check if Glue security configurations used by ETL Jobs have S3 encryption enabled."
 CHECK_SCORED_extra7118="NOT_SCORED"
 CHECK_TYPE_extra7118="EXTRA"
 CHECK_SEVERITY_extra7118="Medium"
diff --git a/checks/check_extra7120 b/checks/check_extra7120
index 751f74f2..32a6053b 100644
--- a/checks/check_extra7120
+++ b/checks/check_extra7120
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7120="7.117"
-CHECK_TITLE_extra7120="[extra7120] Check if Glue security configurations used by ETL Jobs have CloudWatch logs encryption enabled. (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7120="[extra7120] Check if Glue security configurations used by ETL Jobs have CloudWatch logs encryption enabled."
 CHECK_SCORED_extra7120="NOT_SCORED"
 CHECK_TYPE_extra7120="EXTRA"
 CHECK_SEVERITY_extra7120="Medium"
diff --git a/checks/check_extra7122 b/checks/check_extra7122
index 438be869..3ea87a2d 100644
--- a/checks/check_extra7122
+++ b/checks/check_extra7122
@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 CHECK_ID_extra7122="7.117"
-CHECK_TITLE_extra7122="[extra7122] Check if Glue security configurations used by ETL Jobs have Job bookmark encryption enabled. (Not Scored) (Not part of CIS benchmark)"
+CHECK_TITLE_extra7122="[extra7122] Check if Glue security configurations used by ETL Jobs have Job bookmark encryption enabled."
 CHECK_SCORED_extra7122="NOT_SCORED"
 CHECK_TYPE_extra7122="EXTRA"
 CHECK_SEVERITY_extra7122="Medium"
diff --git a/groups/group23_glue b/groups/group23_glue
deleted file mode 100644
index 61bb8718..00000000
--- a/groups/group23_glue
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2222) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[23]='glue'
-GROUP_NUMBER[23]='23.0'
-GROUP_TITLE[23]='Amazon Glue related security checks - [glue] ********'
-GROUP_RUN_BY_DEFAULT[23]='N' # run it when execute_all is called
-GROUP_CHECKS[23]='extra7115,extra7116,extra7117,extra7118,extra7120,extra7122'
-