ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ECS task definition environment variables check

Browse Source 
(cherry picked from commit 662f287dd6739cd6d8e5e0d95537f4ca4b7b6493)
This commit is contained in:
Nimrod Kor
2019-11-21 12:39:22 -08:00
parent 961b79a4aa
commit b61af3a9eb
2 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
checks/check_extra768 Normal file
View File

@@ -0,0 +1,38 @@
#!/usr/bin/env bash
# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
CHECK_ID_extra763="7.63"
CHECK_TITLE_extra763="[extra763] Check if S3 buckets have object versioning enabled (Not Scored) (Not part of CIS benchmark)"
CHECK_SCORED_extra763="NOT_SCORED"
CHECK_TYPE_extra763="EXTRA"
CHECK_ALTERNATE_check763="extra763"
extra763(){
# "Check if S3 buckets have object versioning enabled (Not Scored) (Not part of CIS benchmark)"
LIST_OF_BUCKETS=$($AWSCLI s3api list-buckets $PROFILE_OPT --query Buckets[*].Name --output text|xargs -n1)
if [[ $LIST_OF_BUCKETS ]]; then
for bucket in $LIST_OF_BUCKETS;do
BUCKET_VERSIONING_ENABLED=$($AWSCLI s3api get-bucket-versioning --bucket $bucket $PROFILE_OPT --query Status --output text 2>&1)
if [[ $(echo "$BUCKET_VERSIONING_ENABLED" | grep AccessDenied) ]]; then
textFail "Access Denied Trying to Get Bucket Versioning for $bucket"
continue
fi
if [[ $(echo "$BUCKET_VERSIONING_ENABLED" | grep "^Enabled$") ]]; then
textPass "Bucket $bucket has versioning enabled"
else
textFail "Bucket $bucket has versioning disabled!"
fi
done
else
textInfo "No S3 Buckets found"
fi
}

2
groups/group11_secrets
View File

@@ -15,7 +15,7 @@ GROUP_ID[11]='secrets'
GROUP_NUMBER[11]='11.0'
GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [secrets] **'
GROUP_RUN_BY_DEFAULT[11]='N' # but it runs when execute_all is called (default)
GROUP_CHECKS[11]='extra741,extra742,extra759,extra760'
GROUP_CHECKS[11]='extra741,extra742,extra759,extra760,extra768'
# requires https://github.com/Yelp/detect-secrets
# `pip install detect-secrets`