mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
mark Extra checks as such
This commit is contained in:
MrSecure
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra71="7.1,7.01"
|
||||
CHECK_TITLE_extra71="[extra71] Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra71="NOT_SCORED"
|
||||
CHECK_TYPE_extra71="EXTRA"
|
||||
CHECK_ALTERNATE_extra701="extra71"
|
||||
CHECK_ALTERNATE_check71="extra71"
|
||||
CHECK_ALTERNATE_check701="extra71"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra710="7.10"
|
||||
CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra710="NOT_SCORED"
|
||||
CHECK_TYPE_extra710="EXTRA"
|
||||
CHECK_ALTERNATE_check710="extra710"
|
||||
|
||||
extra710(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra711="7.11"
|
||||
CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra711="NOT_SCORED"
|
||||
CHECK_TYPE_extra711="EXTRA"
|
||||
CHECK_ALTERNATE_check711="extra711"
|
||||
|
||||
extra711(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra712="7.12"
|
||||
CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra712="NOT_SCORED"
|
||||
CHECK_TYPE_extra712="EXTRA"
|
||||
CHECK_ALTERNATE_check712="extra712"
|
||||
|
||||
extra712(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra713="7.13"
|
||||
CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra713="NOT_SCORED"
|
||||
CHECK_TYPE_extra713="EXTRA"
|
||||
CHECK_ALTERNATE_check713="extra713"
|
||||
|
||||
extra713(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra714="7.14"
|
||||
CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra714="NOT_SCORED"
|
||||
CHECK_TYPE_extra714="EXTRA"
|
||||
CHECK_ALTERNATE_check714="extra714"
|
||||
|
||||
extra714(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra715="7.15"
|
||||
CHECK_TITLE_extra715="[extra715] Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra715="NOT_SCORED"
|
||||
CHECK_TYPE_extra715="EXTRA"
|
||||
CHECK_ALTERNATE_check715="extra715"
|
||||
|
||||
extra715(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra716="7.16"
|
||||
CHECK_TITLE_extra716="[extra716] Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra716="NOT_SCORED"
|
||||
CHECK_TYPE_extra716="EXTRA"
|
||||
CHECK_ALTERNATE_check716="extra716"
|
||||
|
||||
extra716(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra717="7.17"
|
||||
CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra717="NOT_SCORED"
|
||||
CHECK_TYPE_extra717="EXTRA"
|
||||
CHECK_ALTERNATE_check717="extra717"
|
||||
|
||||
extra717(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra718="7.18"
|
||||
CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra718="NOT_SCORED"
|
||||
CHECK_TYPE_extra718="EXTRA"
|
||||
CHECK_ALTERNATE_check718="extra718"
|
||||
|
||||
extra718(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra719="7.19"
|
||||
CHECK_TITLE_extra719="[extra719] Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra719="NOT_SCORED"
|
||||
CHECK_TYPE_extra719="EXTRA"
|
||||
CHECK_ALTERNATE_check719="extra719"
|
||||
|
||||
extra719(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra72="7.2,7.02"
|
||||
CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra72="NOT_SCORED"
|
||||
CHECK_TYPE_extra72="EXTRA"
|
||||
CHECK_ALTERNATE_extra702="extra72"
|
||||
CHECK_ALTERNATE_check72="extra72"
|
||||
CHECK_ALTERNATE_check702="extra72"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra720="7.20"
|
||||
CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra720="NOT_SCORED"
|
||||
CHECK_TYPE_extra720="EXTRA"
|
||||
CHECK_ALTERNATE_check720="extra720"
|
||||
|
||||
extra720(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra721="7.21"
|
||||
CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra721="NOT_SCORED"
|
||||
CHECK_TYPE_extra721="EXTRA"
|
||||
CHECK_ALTERNATE_check721="extra721"
|
||||
|
||||
extra721(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra722="7.22"
|
||||
CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra722="NOT_SCORED"
|
||||
CHECK_TYPE_extra722="EXTRA"
|
||||
CHECK_ALTERNATE_check722="extra722"
|
||||
|
||||
extra722(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra723="7.23"
|
||||
CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra723="NOT_SCORED"
|
||||
CHECK_TYPE_extra723="EXTRA"
|
||||
CHECK_ALTERNATE_check723="extra723"
|
||||
|
||||
extra723(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra724="7.24"
|
||||
CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra724="NOT_SCORED"
|
||||
CHECK_TYPE_extra724="EXTRA"
|
||||
CHECK_ALTERNATE_check724="extra724"
|
||||
|
||||
extra724(){
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
CHECK_ID_extra725="7.25"
|
||||
CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra725="NOT_SCORED"
|
||||
CHECK_TYPE_extra725="EXTRA"
|
||||
CHECK_ALTERNATE_check725="extra725"
|
||||
|
||||
# per Object-level logging is not configured at Bucket level but at CloudTrail trail level
|
||||
@@ -54,7 +55,7 @@ extra725(){
|
||||
textFail "$regx: S3 bucket $bucket has Object-level logging disabled" "$regx"
|
||||
done
|
||||
fi
|
||||
# delete all temp files
|
||||
# delete all temp files
|
||||
rm -fr $TEMP_BUCKET_LIST_FILE $TEMP_TRAILS_LIST_FILE $TEMP_BUCKETS_LOGGING_LIST_FILE
|
||||
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
CHECK_ID_extra726="7.26"
|
||||
CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra726="NOT_SCORED"
|
||||
CHECK_TYPE_extra726="EXTRA"
|
||||
CHECK_ALTERNATE_check726="extra726"
|
||||
|
||||
extra726(){
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
CHECK_ID_extra727="7.27"
|
||||
CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra727="NOT_SCORED"
|
||||
CHECK_TYPE_extra727="EXTRA"
|
||||
CHECK_ALTERNATE_check727="extra727"
|
||||
|
||||
extra727(){
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
CHECK_ID_extra728="7.28"
|
||||
CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra728="NOT_SCORED"
|
||||
CHECK_TYPE_extra728="EXTRA"
|
||||
CHECK_ALTERNATE_check728="extra728"
|
||||
|
||||
extra728(){
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
CHECK_ID_extra729="7.29"
|
||||
CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra729="NOT_SCORED"
|
||||
CHECK_TYPE_extra729="EXTRA"
|
||||
CHECK_ALTERNATE_check729="extra729"
|
||||
|
||||
extra729(){
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra73="7.3,7.03"
|
||||
CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra73="NOT_SCORED"
|
||||
CHECK_TYPE_extra73="EXTRA"
|
||||
CHECK_ALTERNATE_extra703="extra73"
|
||||
CHECK_ALTERNATE_check73="extra73"
|
||||
CHECK_ALTERNATE_check703="extra73"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra74="7.4,7.04"
|
||||
CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra74="NOT_SCORED"
|
||||
CHECK_TYPE_extra74="EXTRA"
|
||||
CHECK_ALTERNATE_extra704="extra74"
|
||||
CHECK_ALTERNATE_check74="extra74"
|
||||
CHECK_ALTERNATE_check704="extra74"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra75="7.5,7.05"
|
||||
CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra75="NOT_SCORED"
|
||||
CHECK_TYPE_extra75="EXTRA"
|
||||
CHECK_ALTERNATE_extra705="extra75"
|
||||
CHECK_ALTERNATE_check75="extra75"
|
||||
CHECK_ALTERNATE_check705="extra75"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra76="7.6,7.06"
|
||||
CHECK_TITLE_extra76="[extra75] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra76="NOT_SCORED"
|
||||
CHECK_TYPE_extra76="EXTRA"
|
||||
CHECK_ALTERNATE_extra706="extra76"
|
||||
CHECK_ALTERNATE_check76="extra76"
|
||||
CHECK_ALTERNATE_check706="extra76"
|
||||
|
||||
@@ -10,10 +10,10 @@
|
||||
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
|
||||
CHECK_ID_extra77="7.7,7.07"
|
||||
CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra77="NOT_SCORED"
|
||||
CHECK_TYPE_extra77="EXTRA"
|
||||
CHECK_ALTERNATE_extra707="extra77"
|
||||
CHECK_ALTERNATE_check77="extra77"
|
||||
CHECK_ALTERNATE_check707="extra77"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra78="7.8,7.08"
|
||||
CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra78="NOT_SCORED"
|
||||
CHECK_TYPE_extra78="EXTRA"
|
||||
CHECK_ALTERNATE_extra708="extra78"
|
||||
CHECK_ALTERNATE_check78="extra78"
|
||||
CHECK_ALTERNATE_check708="extra78"
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
CHECK_ID_extra79="7.9,7.09"
|
||||
CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_SCORED_extra79="NOT_SCORED"
|
||||
CHECK_TYPE_extra79="EXTRA"
|
||||
CHECK_ALTERNATE_extra709="extra79"
|
||||
CHECK_ALTERNATE_check79="extra79"
|
||||
CHECK_ALTERNATE_check709="extra79"
|
||||
|
||||
Reference in New Issue
Block a user