ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle IAM credential report containing 'no_information' for a user's last console login date

Browse Source 
A user who has never logged into the console, or not logged in since Oct 2014 will present as 'no_information' in the
'password_last_used' column of the credential report. Handle this scenario and output a failed message if it has been
more than MAX_DAYS days since the user was created, or an info message if it is less than MAX_DAYS

Fixes #501
This commit is contained in:
Marc Jay
2020-04-11 20:07:03 +01:00
parent 8f83da985a
commit 8d9c7e8ab0
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
checks/check_extra774
View File

@@ -24,11 +24,23 @@ extra774(){
user=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep "^$i " |awk '{ print $1 }')
last_login_date=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep "^$i " |awk '{ print $2 }')
days_not_in_use=$(how_many_days_from_today ${last_login_date%T*})
if [ "$days_not_in_use" -lt "$MAX_DAYS" ];then
textFail "User $user has not used console login for more then ${MAX_DAYS#-} days"
# If the user has never logged into the console, their last login date is 'no_information'. See:
# https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html#id_credentials_understanding_the_report_format
if [[ "${last_login_date}" == "no_information" ]]; then
user_created_date=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$3 }' |grep "^$i " |awk '{ print $2 }')
days_since_user_created=$(how_many_days_from_today ${user_created_date%T*})
if [ "$days_since_user_created" -lt "$MAX_DAYS" ];then
textFail "User $user has never used console login since they were created ${days_since_user_created} days ago"
else
textInfo "User $user has not used console login since they were created ${days_since_user_created} days ago"
fi
else
days_not_in_use=$(how_many_days_from_today ${last_login_date%T*})
if [ "$days_not_in_use" -lt "$MAX_DAYS" ];then
textFail "User $user has not used console login for more than ${MAX_DAYS#-} days"
else
textPass "User $user has used console login in the past ${MAX_DAYS#-} days"
fi
fi
done
}