From aeaf533585eb62ad2626f00f720977c864132aa5 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <toni.delafuente@alfresco.com>
Date: Mon, 19 Nov 2018 23:22:18 -0500
Subject: [PATCH] Added extra740 EBS snapshots are encrypted and HIPAA

---
 checks/check_extra740   | 36 ++++++++++++++++++++++++++++++++++++
 groups/group10_hipaa    |  4 ++--
 groups/group8_forensics |  2 +-
 groups/group9_gdpr      |  2 +-
 4 files changed, 40 insertions(+), 4 deletions(-)
 create mode 100644 checks/check_extra740

diff --git a/checks/check_extra740 b/checks/check_extra740
new file mode 100644
index 00000000..d74c7600
--- /dev/null
+++ b/checks/check_extra740
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra740="7.40"
+CHECK_TITLE_extra740="[extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)"
+CHECK_SCORED_extra740="NOT_SCORED"
+CHECK_TYPE_extra740="EXTRA"
+CHECK_ALTERNATE_check740="extra740"
+
+extra740(){
+  textInfo "Looking for EBS Snapshots in all regions...  "
+  for regx in $REGIONS; do
+    LIST_OF_EBS_SNAPSHOTS=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --owner-ids $ACCOUNT_NUM --output text --query 'Snapshots[*].{ID:SnapshotId}' --max-items $MAXITEMS | grep -v None 2> /dev/null)
+    if [[ $LIST_OF_EBS_SNAPSHOTS ]];then
+      for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
+        SNAPSHOT_IS_ENCRYPTED=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --output text --snapshot-id $snapshot --query Snapshots[*].Encrypted|grep False)
+        if [[ $SNAPSHOT_IS_ENCRYPTED ]];then
+          textFail "$regx: $snapshot is currently not encrypted!" "$regx"
+        else
+          textPass "$regx: $snapshot is encrypted" "$regx"
+        fi
+      done
+    else
+      textInfo "$regx: No EBS Snapshots found" "$regx" 
+    fi
+  done
+}
diff --git a/groups/group10_hipaa b/groups/group10_hipaa
index 06d42c6e..92ce974e 100644
--- a/groups/group10_hipaa
+++ b/groups/group10_hipaa
@@ -13,9 +13,9 @@
 
 GROUP_ID[10]='hipaa'
 GROUP_NUMBER[10]='10.0'
-GROUP_TITLE[10]='HIPAA Compliance - WORK IN PROGRESS!! - [hipaa] *******************'
+GROUP_TITLE[10]='HIPAA Compliance - ONLY AS REFERENCE - [hipaa] ****************'
 GROUP_RUN_BY_DEFAULT[10]='N' # run it when execute_all is called
-GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra739'
+GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra739,extra729,extra734,check38,extra73,extra740,extra735'
 
 # Resources:
 # https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf
diff --git a/groups/group8_forensics b/groups/group8_forensics
index f6f3265b..755caee5 100644
--- a/groups/group8_forensics
+++ b/groups/group8_forensics
@@ -13,6 +13,6 @@
 
 GROUP_ID[8]='forensics-ready'
 GROUP_NUMBER[8]='8.0'
-GROUP_TITLE[8]='Forensics Readiness - [forensics-ready] ************************'
+GROUP_TITLE[8]='Forensics Readiness - [forensics-ready] ***********************'
 GROUP_RUN_BY_DEFAULT[8]='N' # run it when execute_all is called
 GROUP_CHECKS[8]='check21,check22,check23,check24,check25,check26,check27,check29,extra712,extra713,extra714,extra715,extra717,extra718,extra719,extra720,extra721,extra722,extra725,extra739'
diff --git a/groups/group9_gdpr b/groups/group9_gdpr
index 209e00ba..08a55c1c 100644
--- a/groups/group9_gdpr
+++ b/groups/group9_gdpr
@@ -13,7 +13,7 @@
 
 GROUP_ID[9]='gdpr'
 GROUP_NUMBER[9]='9.0'
-GROUP_TITLE[9]='GDPR Readiness - WORK IN PROGRESS!! - [gdpr] *******************'
+GROUP_TITLE[9]='GDPR Readiness - ONLY AS REFERENCE - [gdpr] ********************'
 GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called
 GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738'