Added extra740 EBS snapshots are encrypted and HIPAA

checks/check_extra740

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra740="7.40"
+CHECK_TITLE_extra740="[extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra740="NOT_SCORED"
+CHECK_TYPE_extra740="EXTRA"
+CHECK_ALTERNATE_check740="extra740"
+
+extra740(){
+  textInfo "Looking for EBS Snapshots in all regions...  "
+  for regx in $REGIONS; do
+    LIST_OF_EBS_SNAPSHOTS=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --owner-ids $ACCOUNT_NUM --output text --query 'Snapshots[*].{ID:SnapshotId}' --max-items $MAXITEMS | grep -v None 2> /dev/null)
+    if [[ $LIST_OF_EBS_SNAPSHOTS ]];then
+      for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
+        SNAPSHOT_IS_ENCRYPTED=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --output text --snapshot-id $snapshot --query Snapshots[*].Encrypted|grep False)
+        if [[ $SNAPSHOT_IS_ENCRYPTED ]];then
+          textFail "$regx: $snapshot is currently not encrypted!" "$regx"
+        else
+          textPass "$regx: $snapshot is encrypted" "$regx"
+        fi
+      done
+    else
+      textInfo "$regx: No EBS Snapshots found" "$regx" 
+    fi
+  done
+}

groups/group10_hipaa

@@ -13,9 +13,9 @@
 
 GROUP_ID[10]='hipaa'
 GROUP_NUMBER[10]='10.0'
-GROUP_TITLE[10]='HIPAA Compliance - WORK IN PROGRESS!! - [hipaa] *******************'
+GROUP_TITLE[10]='HIPAA Compliance - ONLY AS REFERENCE - [hipaa] ****************'
 GROUP_RUN_BY_DEFAULT[10]='N' # run it when execute_all is called
-GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra739'
+GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra739,extra729,extra734,check38,extra73,extra740,extra735'
 
 # Resources:
 # https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf

groups/group8_forensics

@@ -13,6 +13,6 @@
 
 GROUP_ID[8]='forensics-ready'
 GROUP_NUMBER[8]='8.0'
-GROUP_TITLE[8]='Forensics Readiness - [forensics-ready] ************************'
+GROUP_TITLE[8]='Forensics Readiness - [forensics-ready] ***********************'
 GROUP_RUN_BY_DEFAULT[8]='N' # run it when execute_all is called
 GROUP_CHECKS[8]='check21,check22,check23,check24,check25,check26,check27,check29,extra712,extra713,extra714,extra715,extra717,extra718,extra719,extra720,extra721,extra722,extra725,extra739'

groups/group9_gdpr

@@ -13,7 +13,7 @@
 
 GROUP_ID[9]='gdpr'
 GROUP_NUMBER[9]='9.0'
-GROUP_TITLE[9]='GDPR Readiness - WORK IN PROGRESS!! - [gdpr] *******************'
+GROUP_TITLE[9]='GDPR Readiness - ONLY AS REFERENCE - [gdpr] ********************'
 GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called
 GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738'