diff --git a/README.md b/README.md index 37e04a47..107272d0 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ It covers hardening and security best practices for all AWS regions related to t - GDPR [gdpr] Read more [here](#gdpr-checks) - HIPPA [hippa] Read more [here](#hipaa-checks) + For a comprehensive list and resolution look at the guide on the link above. With Prowler you can: @@ -512,6 +513,7 @@ With this group of checks, Prowler shows result of checks related to GDPR, more - 7.35 [extra735] Check if RDS instances storage is encrypted (Not Scored) (Not part of CIS benchmark) - 7.36 [extra736] Check exposed KMS keys (Not Scored) (Not part of CIS benchmark) - 7.38 [extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark) +- 7.40 [extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark) The `gdpr` group of checks uses existing and extra checks. To get a GDPR report, run this command: diff --git a/checks/check_extra730 b/checks/check_extra730 index f91b9b27..53be1c58 100644 --- a/checks/check_extra730 +++ b/checks/check_extra730 @@ -25,7 +25,7 @@ extra730(){ LIST_OF_ACM_CERTS=$($AWSCLI acm list-certificates $PROFILE_OPT --region $regx --query 'CertificateSummaryList[].CertificateArn' --output text) if [[ $LIST_OF_ACM_CERTS ]];then for cert in $LIST_OF_ACM_CERTS; do - CERT_DATA=$($AWSCLI acm describe-certificate --certificate-arn $cert --query 'Certificate.[DomainName,NotAfter]' --output text) + CERT_DATA=$($AWSCLI acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert --query 'Certificate.[DomainName,NotAfter]' --output text) echo "$CERT_DATA" | while read FQDN NOTAFTER; do EXPIRES_DATE=$(timestamp_to_date $NOTAFTER) COUNTER_DAYS=$(how_many_days_from_today $EXPIRES_DATE) diff --git a/groups/group7_extras b/groups/group7_extras index a3abe52e..7711b938 100644 --- a/groups/group7_extras +++ b/groups/group7_extras @@ -15,4 +15,8 @@ GROUP_ID[7]='extras' GROUP_NUMBER[7]='7.0' GROUP_TITLE[7]='Extras - [extras] **********************************************' GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called +<<<<<<< HEAD GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739' +======= +GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra737,extra738,extra739,extra740' +>>>>>>> b4cb323de4fd3977dd47815537542b9d15d00fd5 diff --git a/groups/group9_gdpr b/groups/group9_gdpr index 08a55c1c..7df4c6ec 100644 --- a/groups/group9_gdpr +++ b/groups/group9_gdpr @@ -15,7 +15,7 @@ GROUP_ID[9]='gdpr' GROUP_NUMBER[9]='9.0' GROUP_TITLE[9]='GDPR Readiness - ONLY AS REFERENCE - [gdpr] ********************' GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called -GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738' +GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738,extra740' # Resources: # https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf