diff --git a/README.md b/README.md index 3a425505..f300b5a4 100644 --- a/README.md +++ b/README.md @@ -297,9 +297,9 @@ or with a given External ID: If you want to run Prowler or just a check or a group across all accounts of AWS Organizations you can do this: -First get a list of accounts that are not suspended: +First get a list of accounts: ``` -ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[?Status==`ACTIVE`].Id --output text) +ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[*].Id --output text) ``` Then run Prowler to assume a role (same in all members) per each account, in this example it is just running one particular check: ``` @@ -648,4 +648,4 @@ Prowler is licensed as Apache License 2.0 as specified in each file. You may obt **I'm not related anyhow with CIS organization, I just write and maintain Prowler to help companies over the world to make their cloud infrastructure more secure.** -If you want to contact me visit or follow me on Twitter my DMs are open. +If you want to contact me visit or follow me on Twitter my DMs are open. \ No newline at end of file diff --git a/include/assume_role b/include/assume_role index 9e43c0b3..cba07ef5 100644 --- a/include/assume_role +++ b/include/assume_role @@ -64,7 +64,6 @@ assume_role(){ export AWS_ACCESS_KEY_ID=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.AccessKeyId') export AWS_SECRET_ACCESS_KEY=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SecretAccessKey') export AWS_SESSION_TOKEN=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SessionToken') - export AWS_SESSION_EXPIRATION=$(convert_date_to_timestamp "$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.Expiration')") rm -fr $TEMP_STS_ASSUMED_FILE } diff --git a/include/os_detector b/include/os_detector index a99ad45f..af962d4c 100644 --- a/include/os_detector +++ b/include/os_detector @@ -108,14 +108,6 @@ bsd_get_iso8601_timestamp() { "$DATE_CMD" -u +"%Y-%m-%dT%H:%M:%SZ" } -gnu_convert_date_to_timestamp() { - date -d "$1" +%s -} - -bsd_convert_date_to_timestamp() { - date -j -f "%Y-%m-%dT%H:%M:%SZ" "$1" "+%s" -} - gnu_test_tcp_connectivity() { HOST=$1 PORT=$2 @@ -162,9 +154,6 @@ if [ "$OSTYPE" == "linux-gnu" ] || [ "$OSTYPE" == "linux-musl" ]; then test_tcp_connectivity() { gnu_test_tcp_connectivity "$1" "$2" "$3" } - convert_date_to_timestamp() { - gnu_convert_date_to_timestamp "$1" - } elif [[ "$OSTYPE" == "darwin"* ]]; then # BSD/OSX commands compatibility TEMP_REPORT_FILE=$(mktemp -t prowler.cred_report-XXXXXX) @@ -200,9 +189,6 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then get_iso8601_timestamp() { gnu_get_iso8601_timestamp } - convert_date_to_timestamp() { - gnu_convert_date_to_timestamp "$1" - } else how_older_from_today() { bsd_how_older_from_today "$1" @@ -222,9 +208,6 @@ elif [[ "$OSTYPE" == "darwin"* ]]; then get_iso8601_timestamp() { bsd_get_iso8601_timestamp } - convert_date_to_timestamp() { - bsd_convert_date_to_timestamp "$1" - } fi if "$BASE64_CMD" --version >/dev/null 2>&1 ; then decode_report() { @@ -265,9 +248,6 @@ elif [[ "$OSTYPE" == "cygwin" ]]; then test_tcp_connectivity() { gnu_test_tcp_connectivity "$1" "$2" "$3" } - convert_date_to_timestamp() { - gnu_convert_date_to_timestamp "$1" - } else echo "Unknown Operating System! Valid \$OSTYPE: linux-gnu, linux-musl, darwin* or cygwin" echo "Found: $OSTYPE" diff --git a/prowler b/prowler index c74a32ab..a2478f3f 100755 --- a/prowler +++ b/prowler @@ -320,15 +320,6 @@ show_group_title() { # Function to execute the check execute_check() { - if [[ $ACCOUNT_TO_ASSUME ]]; then - if (( "$AWS_SESSION_EXPIRATION" < (( "$(date -u "+%s")" + (( $SESSION_DURATION_TO_ASSUME / 10 )) )) )); then - unset AWS_ACCESS_KEY_ID - unset AWS_SECRET_ACCESS_KEY - unset AWS_SESSION_TOKEN - assume_role - fi - fi - # See if this is an alternate name for a check # for example, we might have been passed 1.01 which is another name for 1.1 local alternate_name_var=CHECK_ALTERNATE_$1