ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change references from toniblyx to prowler-cloud (#1003)

Browse Source 
Co-authored-by: Toni de la Fuente <toni@blyx.com>
This commit is contained in:
Pepe Fagoaga
2022-01-27 12:17:38 +01:00
committed by GitHub
parent 2b2814723f
commit 90565099bd
17 changed files with 40 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@@ -5,7 +5,7 @@
# Prowler - AWS Security Tool # Prowler - AWS Security Tool
[![Discord Shield](https://discordapp.com/api/guilds/807208614288818196/widget.png?style=shield)](https://discord.gg/UjSMCVnxSB) [![Discord Shield](https://discordapp.com/api/guilds/807208614288818196/widget.png?style=shield)](https://discord.gg/UjSMCVnxSB)
[![Docker Pulls](https://img.shields.io/docker/pulls/toniblyx/prowler)](https://hub.docker.com/r/toniblyx/prowler) [![Docker Pulls](https://img.shields.io/docker/pulls/prowler-cloud/prowler)](https://hub.docker.com/r/prowler-cloud/prowler)
[![aws-ecr](https://user-images.githubusercontent.com/3985464/141164269-8cfeef0f-6b62-4c99-8fe9-4537986a1613.png)](https://gallery.ecr.aws/o4g1s5r6/prowler) [![aws-ecr](https://user-images.githubusercontent.com/3985464/141164269-8cfeef0f-6b62-4c99-8fe9-4537986a1613.png)](https://gallery.ecr.aws/o4g1s5r6/prowler)
@@ -92,7 +92,7 @@ Prowler has been written in bash using AWS-CLI underneath and it works in Linux,
sudo ./aws/install sudo ./aws/install
sudo yum install -y python3 jq git sudo yum install -y python3 jq git
sudo pip3 install detect-secrets==1.0.3 sudo pip3 install detect-secrets==1.0.3
git clone https://github.com/toniblyx/prowler git clone https://github.com/prowler-cloud/prowler
``` ```
- For Ubuntu Linux (`apt` based Linux distributions and AWS CLI v2): - For Ubuntu Linux (`apt` based Linux distributions and AWS CLI v2):
``` ```
@@ -102,7 +102,7 @@ Prowler has been written in bash using AWS-CLI underneath and it works in Linux,
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip unzip awscliv2.zip
sudo ./aws/install sudo ./aws/install
git clone https://github.com/toniblyx/prowler git clone https://github.com/prowler-cloud/prowler
``` ```
> NOTE: detect-secrets Yelp version is no longer supported, the one from IBM is mantained now. Use the one mentioned below or the specific Yelp version 1.0.3 to make sure it works as expected (`pip install detect-secrets==1.0.3`): > NOTE: detect-secrets Yelp version is no longer supported, the one from IBM is mantained now. Use the one mentioned below or the specific Yelp version 1.0.3 to make sure it works as expected (`pip install detect-secrets==1.0.3`):
@@ -140,7 +140,7 @@ Prowler has been written in bash using AWS-CLI underneath and it works in Linux,
arn:aws:iam::aws:policy/job-function/ViewOnlyAccess arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
``` ```
> Additional permissions needed: to make sure Prowler can scan all services included in the group *Extras*, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/toniblyx/prowler/blob/master/iam/prowler-additions-policy.json) to the role you are using. If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/toniblyx/prowler/blob/master/iam/prowler-security-hub.json). > Additional permissions needed: to make sure Prowler can scan all services included in the group *Extras*, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/iam/prowler-additions-policy.json) to the role you are using. If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/iam/prowler-security-hub.json).
## Usage ## Usage
@@ -155,12 +155,12 @@ Prowler has been written in bash using AWS-CLI underneath and it works in Linux,
If you want to avoid installing dependencies run it using Docker: If you want to avoid installing dependencies run it using Docker:
```sh ```sh
docker run -ti --rm --name prowler --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN toniblyx/prowler:latest docker run -ti --rm --name prowler --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN prowler-cloud/prowler:latest
``` ```
In case you want to get reports created by Prowler use docker volume option like in the example below: In case you want to get reports created by Prowler use docker volume option like in the example below:
```sh ```sh
docker run -ti --rm -v /your/local/output:/prowler/output --name prowler --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN toniblyx/prowler:latest -g hipaa -M csv,json,html docker run -ti --rm -v /your/local/output:/prowler/output --name prowler --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN prowler-cloud/prowler:latest -g hipaa -M csv,json,html
``` ```
1. For custom AWS-CLI profile and region, use the following: (it will use your custom profile and run checks over all regions when needed): 1. For custom AWS-CLI profile and region, use the following: (it will use your custom profile and run checks over all regions when needed):
@@ -178,7 +178,7 @@ Prowler has been written in bash using AWS-CLI underneath and it works in Linux,
With Docker: With Docker:
```sh ```sh
docker run -ti --rm --name prowler --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN toniblyx/prowler:latest "-c check310" docker run -ti --rm --name prowler --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN prowler-cloud/prowler:latest "-c check310"
``` ```
or multiple checks separated by comma: or multiple checks separated by comma:
@@ -288,7 +288,7 @@ Prowler has two parameters related to regions: `-r` that is used query AWS servi
When generating multiple formats and running using Docker, to retrieve the reports, bind a local directory to the container, e.g.: When generating multiple formats and running using Docker, to retrieve the reports, bind a local directory to the container, e.g.:
```sh ```sh
docker run -ti --rm --name prowler --volume "$(pwd)":/prowler/output --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN toniblyx/prowler:latest -M csv,json docker run -ti --rm --name prowler --volume "$(pwd)":/prowler/output --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_SESSION_TOKEN prowler-cloud/prowler:latest -M csv,json
``` ```
1. To perform an assessment based on CIS Profile Definitions you can use cislevel1 or cislevel2 with `-g` flag, more information about this [here, page 8](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf): 1. To perform an assessment based on CIS Profile Definitions you can use cislevel1 or cislevel2 with `-g` flag, more information about this [here, page 8](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf):
@@ -439,7 +439,7 @@ To use Prowler and Security Hub integration in China regions there is an additio
Either to run Prowler once or based on a schedule this template makes it pretty straight forward. This template will create a CodeBuild environment and run Prowler directly leaving all reports in a bucket and creating a report also inside CodeBuild basedon the JUnit output from Prowler. Scheduling can be cron based like `cron(0 22 * * ? *)` or rate based like `rate(5 hours)` since CloudWatch Event rules (or Eventbridge) is used here. Either to run Prowler once or based on a schedule this template makes it pretty straight forward. This template will create a CodeBuild environment and run Prowler directly leaving all reports in a bucket and creating a report also inside CodeBuild basedon the JUnit output from Prowler. Scheduling can be cron based like `cron(0 22 * * ? *)` or rate based like `rate(5 hours)` since CloudWatch Event rules (or Eventbridge) is used here.
The Cloud Formation template that helps you doing that is [here](https://github.com/toniblyx/prowler/blob/master/util/codebuild/codebuild-prowler-audit-account-cfn.yaml). The Cloud Formation template that helps you doing that is [here](https://github.com/prowler-cloud/prowler/blob/master/util/codebuild/codebuild-prowler-audit-account-cfn.yaml).
> This is a simple solution to monitor one account. For multiples accounts see [Multi Account and Continuous Monitoring](util/org-multi-account/README.md). > This is a simple solution to monitor one account. For multiples accounts see [Multi Account and Continuous Monitoring](util/org-multi-account/README.md).
@@ -583,7 +583,7 @@ The `forensics-ready` group of checks uses existing and extra checks. To get a f
## GDPR Checks ## GDPR Checks
With this group of checks, Prowler shows result of checks related to GDPR, more information [here](https://github.com/toniblyx/prowler/issues/189). The list of checks can be seen in the group file at: With this group of checks, Prowler shows result of checks related to GDPR, more information [here](https://github.com/prowler-cloud/prowler/issues/189). The list of checks can be seen in the group file at:
[groups/group9_gdpr](groups/group9_gdpr) [groups/group9_gdpr](groups/group9_gdpr)
@@ -609,7 +609,7 @@ The `ftr` group of checks uses existing and extra checks. To get a AWS FTR repor
With this group of checks, Prowler shows results of controls related to the "Security Rule" of the Health Insurance Portability and Accountability Act aka [HIPAA](https://www.hhs.gov/hipaa/for-professionals/security/index.html) as defined in [45 CFR Subpart C - Security Standards for the Protection of Electronic Protected Health Information](https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C) within [PART 160 - GENERAL ADMINISTRATIVE REQUIREMENTS](https://www.law.cornell.edu/cfr/text/45/part-160) and [Subpart A](https://www.law.cornell.edu/cfr/text/45/part-164/subpart-A) and [Subpart C](https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C) of PART 164 - SECURITY AND PRIVACY With this group of checks, Prowler shows results of controls related to the "Security Rule" of the Health Insurance Portability and Accountability Act aka [HIPAA](https://www.hhs.gov/hipaa/for-professionals/security/index.html) as defined in [45 CFR Subpart C - Security Standards for the Protection of Electronic Protected Health Information](https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C) within [PART 160 - GENERAL ADMINISTRATIVE REQUIREMENTS](https://www.law.cornell.edu/cfr/text/45/part-160) and [Subpart A](https://www.law.cornell.edu/cfr/text/45/part-164/subpart-A) and [Subpart C](https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C) of PART 164 - SECURITY AND PRIVACY
More information on the original PR is [here](https://github.com/toniblyx/prowler/issues/227). More information on the original PR is [here](https://github.com/prowler-cloud/prowler/issues/227).
### Note on Business Associate Addendum's (BAA) ### Note on Business Associate Addendum's (BAA)
@@ -661,7 +661,7 @@ Current coverage of Amazon Web Service (AWS) taken from [here](https://docs.aws.
| Networking and Content Delivery | Amazon VPC | VPC endpoints connections ([extra786](checks/check_extra786)) | | Networking and Content Delivery | Amazon VPC | VPC endpoints connections ([extra786](checks/check_extra786)) |
| | | VPC endpoints whitelisted principals ([extra787](checks/check_extra787)) | | | | VPC endpoints whitelisted principals ([extra787](checks/check_extra787)) |
All ideas or recommendations to extend this group are very welcome [here](https://github.com/toniblyx/prowler/issues/new/choose). All ideas or recommendations to extend this group are very welcome [here](https://github.com/prowler-cloud/prowler/issues/new/choose).
### Detailed Explanation of the Concept ### Detailed Explanation of the Concept
@@ -711,4 +711,4 @@ Prowler is licensed as Apache License 2.0 as specified in each file. You may obt
**I'm not related anyhow with CIS organization, I just write and maintain Prowler to help companies over the world to make their cloud infrastructure more secure.** **I'm not related anyhow with CIS organization, I just write and maintain Prowler to help companies over the world to make their cloud infrastructure more secure.**
If you want to contact me visit <https://blyx.com/contact> or follow me on Twitter <https://twitter.com/toniblyx> my DMs are open. If you want to contact me visit <https://blyx.com/contact> or follow me on Twitter <https://twitter.com/prowler-cloud> my DMs are open.

2
iam/create_role_to_assume_cfn.yaml
View File

@@ -37,7 +37,7 @@ Resources:
Principal: Principal:
AWS: !Sub ${AuthorisedARN} AWS: !Sub ${AuthorisedARN}
Action: 'sts:AssumeRole' Action: 'sts:AssumeRole'
## In case MFA is required uncomment lines below and read https://github.com/toniblyx/prowler#run-prowler-with-mfa-protected-credentials ## In case MFA is required uncomment lines below and read https://github.com/prowler-cloud/prowler#run-prowler-with-mfa-protected-credentials
# Condition: # Condition:
# Bool: # Bool:
# 'aws:MultiFactorAuthPresent': true # 'aws:MultiFactorAuthPresent': true

2
include/banner
View File

@@ -28,7 +28,7 @@ infoReferenceLong(){
# Report review note: # Report review note:
echo -e "" echo -e ""
echo -e "For more information on the Prowler, feedback and issue reporting:" echo -e "For more information on the Prowler, feedback and issue reporting:"
echo -e "https://github.com/toniblyx/prowler" echo -e "https://github.com/prowler-cloud/prowler"
echo -e "" echo -e ""
echo -e "For more information on the CIS benchmark:" echo -e "For more information on the CIS benchmark:"
echo -e "https://benchmarks.cisecurity.org/tools2/amazon/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.1.0.pdf" echo -e "https://benchmarks.cisecurity.org/tools2/amazon/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.1.0.pdf"

4
include/outputs
View File

@@ -39,8 +39,8 @@ if [ -z ${OUTPUT_FILE_NAME+x} ]; then
else else
OUTPUT_FILE_NAME="${OUTPUT_DIR}/$OUTPUT_FILE_NAME" OUTPUT_FILE_NAME="${OUTPUT_DIR}/$OUTPUT_FILE_NAME"
fi fi
HTML_LOGO_URL="https://github.com/toniblyx/prowler/" HTML_LOGO_URL="https://github.com/prowler-cloud/prowler/"
HTML_LOGO_IMG="https://github.com/toniblyx/prowler/raw/2.4/util/html/prowler-logo-new.png" HTML_LOGO_IMG="https://github.com/prowler-cloud/prowler/raw/master/util/html/prowler-logo-new.png"
TIMESTAMP=$(get_iso8601_timestamp) TIMESTAMP=$(get_iso8601_timestamp)
PROWLER_PARAMETERS=$@ PROWLER_PARAMETERS=$@

4
include/securityhub_integration
View File

@@ -25,14 +25,14 @@ checkSecurityHubCompatibility(){
SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT describe-hub 2>/dev/null) SECURITY_HUB_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT describe-hub 2>/dev/null)
if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then if [[ -z "${SECURITY_HUB_ENABLED}" ]]; then
if [[ -z "${PROWLER_PRODUCT_SUBSCRIPTION_ENABLED}" ]]; then if [[ -z "${PROWLER_PRODUCT_SUBSCRIPTION_ENABLED}" ]]; then
echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $regx. Enable it running '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-security-hub'. More info: https://github.com/toniblyx/prowler/#security-hub-integration\n" echo -e "\n$RED ERROR!$NORMAL Security Hub is not enabled in $regx. Enable it running '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-security-hub'. More info: https://github.com/prowler-cloud/prowler/#security-hub-integration\n"
EXITCODE=1 EXITCODE=1
exit $EXITCODE exit $EXITCODE
fi fi
else else
PROWLER_PRODUCT_SUBSCRIPTION_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT list-enabled-products-for-import --output text | grep "prowler/prowler" ) PROWLER_PRODUCT_SUBSCRIPTION_ENABLED=$($AWSCLI securityhub --region "$regx" $PROFILE_OPT list-enabled-products-for-import --output text | grep "prowler/prowler" )
if [[ -z "${PROWLER_PRODUCT_SUBSCRIPTION_ENABLED}" ]]; then if [[ -z "${PROWLER_PRODUCT_SUBSCRIPTION_ENABLED}" ]]; then
echo -e "\n$RED ERROR!$NORMAL Security Hub is enabled in $regx but Prowler integration does not accept findings. Enable it running '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-import-findings-for-product --product-arn arn:aws:securityhub:$regx::product/prowler/prowler'. More info: https://github.com/toniblyx/prowler/#security-hub-integration\n" echo -e "\n$RED ERROR!$NORMAL Security Hub is enabled in $regx but Prowler integration does not accept findings. Enable it running '$AWSCLI securityhub --region $regx $PROFILE_OPT enable-import-findings-for-product --product-arn arn:aws:securityhub:$regx::product/prowler/prowler'. More info: https://github.com/prowler-cloud/prowler/#security-hub-integration\n"
EXITCODE=1 EXITCODE=1
exit $EXITCODE exit $EXITCODE
fi fi

4
prowler
View File

@@ -8,7 +8,7 @@
# https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf # https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf
# Contact the author at https://blyx.com/contact # Contact the author at https://blyx.com/contact
# and open issues or ask questions at https://github.com/toniblyx/prowler # and open issues or ask questions at https://github.com/prowler-cloud/prowler
# Code is licensed as Apache License 2.0 as specified in # Code is licensed as Apache License 2.0 as specified in
# each file. You may obtain a copy of the License at # each file. You may obtain a copy of the License at
@@ -344,7 +344,7 @@ get_regions() {
REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1) REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' --output text $PROFILE_OPT --region $REGION_FOR_STS --region-names $FILTERREGION 2>&1)
ret=$? ret=$?
if [[ $ret -ne 0 ]]; then if [[ $ret -ne 0 ]]; then
echo "$OPTRED Access Denied trying to describe regions! Review permissions as described here: https://github.com/toniblyx/prowler/#requirements-and-installation $OPTNORMAL" echo "$OPTRED Access Denied trying to describe regions! Review permissions as described here: https://github.com/prowler-cloud/prowler/#requirements-and-installation $OPTNORMAL"
EXITCODE=1 EXITCODE=1
exit $EXITCODE exit $EXITCODE
fi fi

2
util/Dockerfile
View File

@@ -3,7 +3,7 @@
FROM public.ecr.aws/amazonlinux/amazonlinux:latest FROM public.ecr.aws/amazonlinux/amazonlinux:latest
LABEL maintainer="https://github.com/toniblyx/prowler" LABEL maintainer="https://github.com/prowler-cloud/prowler"
ARG USERNAME=prowler ARG USERNAME=prowler
ARG USERID=34000 ARG USERID=34000

2
util/cloudshell/shortcut.sh
View File

@@ -15,7 +15,7 @@ mkdir ${account}-results
# Prowler # Prowler
cd ~ cd ~
git clone https://github.com/toniblyx/prowler git clone https://github.com/prowler-cloud/prowler
pip3 install detect-secrets --user pip3 install detect-secrets --user
cd prowler cd prowler
screen -dmS prowler sh -c "./prowler -M csv,html;cd ~;zip -r ${account}-results/prowler-${account}.zip /home/cloudshell-user/prowler/output" screen -dmS prowler sh -c "./prowler -M csv,html;cd ~;zip -r ${account}-results/prowler-${account}.zip /home/cloudshell-user/prowler/output"

2
util/codebuild/codebuild-prowler-audit-account-cfn.yaml
View File

@@ -247,7 +247,7 @@ Resources:
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
- unzip awscliv2.zip - unzip awscliv2.zip
- ./aws/install - ./aws/install
- git clone https://github.com/toniblyx/prowler - git clone https://github.com/prowler-cloud/prowler
build: build:
commands: commands:
- echo "Running Prowler as ./prowler $PROWLER_OPTIONS" - echo "Running Prowler as ./prowler $PROWLER_OPTIONS"

4
util/html/generate-html-from-csv.sh
View File

@@ -31,8 +31,8 @@ OUTPUT_FILE_NAME="report-unified-csv"
EXTENSION_HTML="html" EXTENSION_HTML="html"
INPUT=$1 INPUT=$1
IFS=',' # used inside the while loop for csv delimiter IFS=',' # used inside the while loop for csv delimiter
HTML_LOGO_URL="https://github.com/toniblyx/prowler/" HTML_LOGO_URL="https://github.com/prowler-cloud/prowler/"
HTML_LOGO_IMG="https://raw.githubusercontent.com/toniblyx/prowler/master/util/html/prowler-logo.png" HTML_LOGO_IMG="https://raw.githubusercontent.com/prowler-cloud/prowler/master/util/html/prowler-logo-new.png"
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; } [ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }

12
util/org-multi-account/README.md
View File

@@ -1,6 +1,6 @@
# Example Solution: Organizational Prowler Deployment # Example Solution: Organizational Prowler Deployment
Deploys [Prowler](https://github.com/toniblyx/prowler) to assess all Accounts in an AWS Organization on a schedule, creates assessment reports in HTML, and stores them in an S3 bucket. Deploys [Prowler](https://github.com/prowler-cloud/prowler) to assess all Accounts in an AWS Organization on a schedule, creates assessment reports in HTML, and stores them in an S3 bucket.
--- ---
@@ -32,7 +32,7 @@ Deploys [Prowler](https://github.com/toniblyx/prowler) to assess all Accounts in
1. [ProwlerRole.yaml](ProwlerRole.yaml) 1. [ProwlerRole.yaml](ProwlerRole.yaml)
- Creates Cross-Account Role for Prowler to assess accounts in AWS Organization - Creates Cross-Account Role for Prowler to assess accounts in AWS Organization
- Allows Role to be assumed by the Prowler EC2 instance role in the AWS account where Prowler EC2 resides (preferably the Audit/Security account). - Allows Role to be assumed by the Prowler EC2 instance role in the AWS account where Prowler EC2 resides (preferably the Audit/Security account).
- Role has [permissions](https://github.com/toniblyx/prowler#custom-iam-policy) needed for Prowler to assess accounts. - Role has [permissions](https://github.com/prowler-cloud/prowler#custom-iam-policy) needed for Prowler to assess accounts.
- Role has rights to Prowler S3 from Component #1. - Role has rights to Prowler S3 from Component #1.
1. [ProwlerEC2.yaml](ProwlerEC2.yaml) 1. [ProwlerEC2.yaml](ProwlerEC2.yaml)
- Creates Prowler EC2 instance - Creates Prowler EC2 instance
@@ -40,7 +40,7 @@ Deploys [Prowler](https://github.com/toniblyx/prowler) to assess all Accounts in
- Uses ```t2.micro``` Instance Type - Uses ```t2.micro``` Instance Type
- Encrypts Root Volume with AWS Managed Key "aws/ebs" - Encrypts Root Volume with AWS Managed Key "aws/ebs"
- Uses [cfn-init](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-init.html) for prepping the Prowler EC2 - Uses [cfn-init](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-init.html) for prepping the Prowler EC2
- Installs necessary [packages](https://github.com/toniblyx/prowler#requirements-and-installation) for Prowler - Installs necessary [packages](https://github.com/prowler-cloud/prowler#requirements-and-installation) for Prowler
- Downloads [run-prowler-reports.sh](src/run-prowler-reports.sh) script from Prowler S3 from Component #1. - Downloads [run-prowler-reports.sh](src/run-prowler-reports.sh) script from Prowler S3 from Component #1.
- Creates ```/home/ec2-user/.awsvariables```, to store CloudFormation data as variables to be used in script. - Creates ```/home/ec2-user/.awsvariables```, to store CloudFormation data as variables to be used in script.
- Creates cron job for Prowler to run on a schedule. - Creates cron job for Prowler to run on a schedule.
@@ -72,7 +72,7 @@ Deploys [Prowler](https://github.com/toniblyx/prowler) to assess all Accounts in
``` ```
- In summary: - In summary:
- Download latest version of [Prowler](https://github.com/toniblyx/prowler) - Download latest version of [Prowler](https://github.com/prowler-cloud/prowler)
- Find AWS Master Account - Find AWS Master Account
- Lookup All Accounts in AWS Organization - Lookup All Accounts in AWS Organization
- Run Prowler against All Accounts in AWS Organization - Run Prowler against All Accounts in AWS Organization
@@ -130,7 +130,7 @@ Deploys [Prowler](https://github.com/toniblyx/prowler) to assess all Accounts in
cat .awsvariables cat .awsvariables
``` ```
1. Run Prowler interactively. See [Usage Examples](https://github.com/toniblyx/prowler#usage) 1. Run Prowler interactively. See [Usage Examples](https://github.com/prowler-cloud/prowler#usage)
```bash ```bash
cd /home/ec2-user cd /home/ec2-user
@@ -147,5 +147,5 @@ Deploys [Prowler](https://github.com/toniblyx/prowler) to assess all Accounts in
```bash ```bash
cd /home/ec2-user cd /home/ec2-user
rm -rf prowler rm -rf prowler
git clone https://github.com/toniblyx/prowler.git git clone https://github.com/prowler-cloud/prowler.git
``` ```

4
util/org-multi-account/serverless_codebuild/README.md
View File

@@ -4,9 +4,9 @@ Langage: [Korean](README_kr.md)
This project is created to apply prowler in a multi-account environment within AWS Organizations. This project is created to apply prowler in a multi-account environment within AWS Organizations.
CloudWatch triggers CodeBuild every fixed time. CloudWatch triggers CodeBuild every fixed time.
CodeBuild executes the script which clones the latest prowler from [here](https://github.com/toniblyx/prowler) and performs security assessment on all the accounts in AWS Organizations. The assessment reports are sent to S3 bucket in Log Archive Account. CodeBuild executes the script which clones the latest prowler from [here](https://github.com/prowler-cloud/prowler) and performs security assessment on all the accounts in AWS Organizations. The assessment reports are sent to S3 bucket in Log Archive Account.
For more information on how to use prowler, see [here](https://github.com/toniblyx/prowler#usage). For more information on how to use prowler, see [here](https://github.com/prowler-cloud/prowler#usage).
![Untitled](docs/images/prowler_org_architecture.png) ![Untitled](docs/images/prowler_org_architecture.png)

4
util/org-multi-account/serverless_codebuild/README_kr.md
View File

@@ -4,9 +4,9 @@ Langage: [English](README.md)
이 문서는 AWS Organization 내의 multi account 환경에서 prowler 를 적용하기 위해 작성된 문서입니다. 이 문서는 AWS Organization 내의 multi account 환경에서 prowler 를 적용하기 위해 작성된 문서입니다.
일정 시간마다 CloudWatch는 CodeBuild 를 트리거합니다. 일정 시간마다 CloudWatch는 CodeBuild 를 트리거합니다.
CodeBuild 는 최신의 [prowler](https://github.com/toniblyx/prowler) 소스를 클론받고, CodeBuild 는 최신의 [prowler](https://github.com/prowler-cloud/prowler) 소스를 클론받고,
Organization 내의 모든 Account 에 대해 security assessment 를 수행합니다. Organization 내의 모든 Account 에 대해 security assessment 를 수행합니다.
prowler 의 자세한 사용방법은 [이 곳](https://github.com/toniblyx/prowler#usagee) 을 참고합니다. prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud/prowler#usagee) 을 참고합니다.
![Untitled](docs/images/prowler_org_architecture.png) ![Untitled](docs/images/prowler_org_architecture.png)

2
util/org-multi-account/serverless_codebuild/src/run-prowler-reports.sh
View File

@@ -7,7 +7,7 @@
# Show Prowler Version, and Download Prowler, if it doesn't already exist # Show Prowler Version, and Download Prowler, if it doesn't already exist
if ! ./prowler/prowler -V 2>/dev/null; then if ! ./prowler/prowler -V 2>/dev/null; then
git clone https://github.com/toniblyx/prowler.git git clone https://github.com/prowler-cloud/prowler.git
./prowler/prowler -V ./prowler/prowler -V
fi fi

2
util/org-multi-account/src/run-prowler-reports.sh
View File

@@ -7,7 +7,7 @@ cd /home/ec2-user || exit
# Show Prowler Version, and Download Prowler, if it doesn't already exist # Show Prowler Version, and Download Prowler, if it doesn't already exist
if ! ./prowler/prowler -V 2>/dev/null; then if ! ./prowler/prowler -V 2>/dev/null; then
git clone https://github.com/toniblyx/prowler.git git clone https://github.com/prowler-cloud/prowler.git
./prowler/prowler -V ./prowler/prowler -V
fi fi

2
util/other-contrib/multi-account/Audit_Pipeline.yaml
View File

@@ -102,7 +102,7 @@ Parameters:
- 'rds' - 'rds'
pCustomProwlerRepo: pCustomProwlerRepo:
Type: String Type: String
Default: 'https://github.com/toniblyx/prowler.git' Default: 'https://github.com/prowler-cloud/prowler.git'
MinLength: 10 MinLength: 10
pCustomProwlerCloneArgs: pCustomProwlerCloneArgs:
Type: String Type: String

2
util/terraform-kickstarter/prowler_build_spec.yml
View File

@@ -10,7 +10,7 @@ phases:
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
- unzip awscliv2.zip - unzip awscliv2.zip
- ./aws/install - ./aws/install
- git clone https://github.com/toniblyx/prowler - git clone https://github.com/prowler-cloud/prowler
- cd prowler - cd prowler
build: build: