ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed check122 to match CIS 1.22 checks requirements, instead of '=~ *' use '== *'

Browse Source
This commit is contained in:
Artashes Arabajyan
2019-04-05 12:06:27 +02:00
parent ec05e2f0f4
commit 917a323c15
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
checks/check122
View File

@@ -22,7 +22,7 @@ check122(){
for policy in $LIST_CUSTOM_POLICIES; do
POLICY_ARN=$(echo $policy | awk -F ',' '{print $1}')
POLICY_VERSION=$(echo $policy | awk -F ',' '{print $2}')
POLICY_WITH_FULL=$($AWSCLI iam get-policy-version --output text --policy-arn $POLICY_ARN --version-id $POLICY_VERSION --query "PolicyVersion.Document.Statement[?Action!=null]|[?Effect == 'Allow' && contains(Resource, '*') && contains (Action, '*')]" $PROFILE_OPT --region $REGION)
POLICY_WITH_FULL=$($AWSCLI iam get-policy-version --output text --policy-arn $POLICY_ARN --version-id $POLICY_VERSION --query "PolicyVersion.Document.Statement[?Action!=null]|[?Effect == 'Allow' && Resource == '*' && Action == '*']" $PROFILE_OPT --region $REGION)
if [[ $POLICY_WITH_FULL ]]; then
POLICIES_ALLOW_LIST="$POLICIES_ALLOW_LIST $POLICY_ARN"
fi
@@ -30,7 +30,7 @@ check122(){
if [[ $POLICIES_ALLOW_LIST ]]; then
textInfo "List of custom policies: "
for policy in $POLICIES_ALLOW_LIST; do
textInfo "Policy $policy allows \"*:*\""
textFail "Policy $policy allows \"*:*\""
done
else
textPass "No custom policy found that allow full \"*:*\" administrative privileges"