ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #304 from toniblyx/devel

Browse Source 
Devel
This commit is contained in:
Toni de la Fuente
2019-03-11 22:27:07 -04:00
committed by GitHub
parent e284dd3afc c8cc343784
commit a3d1ed5129
3 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
checks/check_extra71
View File

@@ -11,7 +11,7 @@
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
CHECK_ID_extra71="7.1,7.01"
CHECK_TITLE_extra71="[extra71] Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
CHECK_SCORED_extra71="NOT_SCORED"
CHECK_TYPE_extra71="EXTRA"
CHECK_ALTERNATE_extra701="extra71"
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check71="extra71"
CHECK_ALTERNATE_check701="extra71"
extra71(){
# "Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
# "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
ADMIN_GROUPS=''
AWS_GROUPS=$($AWSCLI $PROFILE_OPT iam list-groups --output text --query 'Groups[].GroupName')
for grp in $AWS_GROUPS; do

2
checks/check_extra713
View File

@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check713="extra713"
extra713(){
# "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
for regx in $REGIONS; do
LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text |cut -f2)
LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text 2> /dev/null | cut -f2)
if [[ $LIST_OF_GUARDDUTY_DETECTORS ]];then
while read -r detector;do
DETECTOR_ENABLED=$($AWSCLI guardduty get-detector --detector-id $detector $PROFILE_OPT --region $regx --query "Status" --output text|grep ENABLED)

8
checks/check_extra741
View File

@@ -27,10 +27,12 @@ extra741(){
if [ -s $USERDATA_FILE ];then
FILE_FORMAT_ASCII=$(file -b $USERDATA_FILE|grep ASCII)
#FINDINGS=$(grep '[A-Za-z0-9]\{20,40\}' $USERDATA_FILE | grep -i -e key -e secret -e token -e pass - |wc -l|tr -d '\ ')
FINDINGS=$(grep -i -e key -e secret -e token -e pass $USERDATA_FILE |wc -l|tr -d '\ ')
#FINDINGS=$(grep -i -e key -e secret -e token -e pass $USERDATA_FILE |wc -l|tr -d '\ ')
# This finds ftp or http URLs with credentials and common keywords
FINDINGS=$(egrep -i '[[:alpha:]]*://[[:alnum:]]*:[[:alnum:]]*@.*/|key|secret|token|pass' $USERDATA_FILE |wc -l|tr -d '\ ')
if [[ $FILE_FORMAT_ASCII ]]; then
if [[ $FINDINGS -eq 0 ]]; then
textPass "$regx: Nothing found in $instance" "$regx"
textPass "$regx: No keys found in $instance" "$regx"
# delete file if nothing interesting is there
rm -f $USERDATA_FILE
else
@@ -39,7 +41,7 @@ extra741(){
else
mv $USERDATA_FILE $USERDATA_FILE.gz ; gunzip $USERDATA_FILE.gz
if [[ $FINDINGS -eq 0 ]]; then
textPass "$regx: Nothing found in $instance" "$regx"
textPass "$regx: No keys found in $instance" "$regx"
rm -f $USERDATA_FILE.gz
else
textFail "$regx: Found $FINDINGS keys in $instance! Check file $USERDATA_FILE" "$regx"