From bd9e49d3e3a042d0e592ce42a469c913778cec70 Mon Sep 17 00:00:00 2001 From: MrSecure Date: Tue, 24 Apr 2018 21:19:42 -0700 Subject: [PATCH] mark Extra checks as such --- checks/check_extra71 | 1 + checks/check_extra710 | 1 + checks/check_extra711 | 1 + checks/check_extra712 | 1 + checks/check_extra713 | 1 + checks/check_extra714 | 1 + checks/check_extra715 | 1 + checks/check_extra716 | 1 + checks/check_extra717 | 1 + checks/check_extra718 | 1 + checks/check_extra719 | 1 + checks/check_extra72 | 1 + checks/check_extra720 | 1 + checks/check_extra721 | 1 + checks/check_extra722 | 1 + checks/check_extra723 | 1 + checks/check_extra724 | 1 + checks/check_extra725 | 3 ++- checks/check_extra726 | 1 + checks/check_extra727 | 1 + checks/check_extra728 | 1 + checks/check_extra729 | 1 + checks/check_extra73 | 1 + checks/check_extra74 | 1 + checks/check_extra75 | 1 + checks/check_extra76 | 1 + checks/check_extra77 | 2 +- checks/check_extra78 | 1 + checks/check_extra79 | 1 + 29 files changed, 30 insertions(+), 2 deletions(-) diff --git a/checks/check_extra71 b/checks/check_extra71 index fcba890d..25e95cda 100644 --- a/checks/check_extra71 +++ b/checks/check_extra71 @@ -13,6 +13,7 @@ CHECK_ID_extra71="7.1,7.01" CHECK_TITLE_extra71="[extra71] Ensure users with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra71="NOT_SCORED" +CHECK_TYPE_extra71="EXTRA" CHECK_ALTERNATE_extra701="extra71" CHECK_ALTERNATE_check71="extra71" CHECK_ALTERNATE_check701="extra71" diff --git a/checks/check_extra710 b/checks/check_extra710 index 957c4502..c259695a 100644 --- a/checks/check_extra710 +++ b/checks/check_extra710 @@ -13,6 +13,7 @@ CHECK_ID_extra710="7.10" CHECK_TITLE_extra710="[extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra710="NOT_SCORED" +CHECK_TYPE_extra710="EXTRA" CHECK_ALTERNATE_check710="extra710" extra710(){ diff --git a/checks/check_extra711 b/checks/check_extra711 index a8e558f0..e9af65a3 100644 --- a/checks/check_extra711 +++ b/checks/check_extra711 @@ -13,6 +13,7 @@ CHECK_ID_extra711="7.11" CHECK_TITLE_extra711="[extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra711="NOT_SCORED" +CHECK_TYPE_extra711="EXTRA" CHECK_ALTERNATE_check711="extra711" extra711(){ diff --git a/checks/check_extra712 b/checks/check_extra712 index 9194dac4..641e03ef 100644 --- a/checks/check_extra712 +++ b/checks/check_extra712 @@ -13,6 +13,7 @@ CHECK_ID_extra712="7.12" CHECK_TITLE_extra712="[extra712] Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra712="NOT_SCORED" +CHECK_TYPE_extra712="EXTRA" CHECK_ALTERNATE_check712="extra712" extra712(){ diff --git a/checks/check_extra713 b/checks/check_extra713 index ffd23b0a..ffbf6a44 100644 --- a/checks/check_extra713 +++ b/checks/check_extra713 @@ -13,6 +13,7 @@ CHECK_ID_extra713="7.13" CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra713="NOT_SCORED" +CHECK_TYPE_extra713="EXTRA" CHECK_ALTERNATE_check713="extra713" extra713(){ diff --git a/checks/check_extra714 b/checks/check_extra714 index 7b13cc44..2a5233d6 100644 --- a/checks/check_extra714 +++ b/checks/check_extra714 @@ -13,6 +13,7 @@ CHECK_ID_extra714="7.14" CHECK_TITLE_extra714="[extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra714="NOT_SCORED" +CHECK_TYPE_extra714="EXTRA" CHECK_ALTERNATE_check714="extra714" extra714(){ diff --git a/checks/check_extra715 b/checks/check_extra715 index b49c718f..34eb9a3d 100644 --- a/checks/check_extra715 +++ b/checks/check_extra715 @@ -13,6 +13,7 @@ CHECK_ID_extra715="7.15" CHECK_TITLE_extra715="[extra715] Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra715="NOT_SCORED" +CHECK_TYPE_extra715="EXTRA" CHECK_ALTERNATE_check715="extra715" extra715(){ diff --git a/checks/check_extra716 b/checks/check_extra716 index fe3e26f1..b0b51b85 100644 --- a/checks/check_extra716 +++ b/checks/check_extra716 @@ -13,6 +13,7 @@ CHECK_ID_extra716="7.16" CHECK_TITLE_extra716="[extra716] Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra716="NOT_SCORED" +CHECK_TYPE_extra716="EXTRA" CHECK_ALTERNATE_check716="extra716" extra716(){ diff --git a/checks/check_extra717 b/checks/check_extra717 index d141bd9f..0bb04741 100644 --- a/checks/check_extra717 +++ b/checks/check_extra717 @@ -13,6 +13,7 @@ CHECK_ID_extra717="7.17" CHECK_TITLE_extra717="[extra717] Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra717="NOT_SCORED" +CHECK_TYPE_extra717="EXTRA" CHECK_ALTERNATE_check717="extra717" extra717(){ diff --git a/checks/check_extra718 b/checks/check_extra718 index e8b245ab..e5b32690 100644 --- a/checks/check_extra718 +++ b/checks/check_extra718 @@ -13,6 +13,7 @@ CHECK_ID_extra718="7.18" CHECK_TITLE_extra718="[extra718] Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra718="NOT_SCORED" +CHECK_TYPE_extra718="EXTRA" CHECK_ALTERNATE_check718="extra718" extra718(){ diff --git a/checks/check_extra719 b/checks/check_extra719 index 2245d661..c8526139 100644 --- a/checks/check_extra719 +++ b/checks/check_extra719 @@ -13,6 +13,7 @@ CHECK_ID_extra719="7.19" CHECK_TITLE_extra719="[extra719] Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra719="NOT_SCORED" +CHECK_TYPE_extra719="EXTRA" CHECK_ALTERNATE_check719="extra719" extra719(){ diff --git a/checks/check_extra72 b/checks/check_extra72 index 4575bddd..f9fa11b9 100644 --- a/checks/check_extra72 +++ b/checks/check_extra72 @@ -13,6 +13,7 @@ CHECK_ID_extra72="7.2,7.02" CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra72="NOT_SCORED" +CHECK_TYPE_extra72="EXTRA" CHECK_ALTERNATE_extra702="extra72" CHECK_ALTERNATE_check72="extra72" CHECK_ALTERNATE_check702="extra72" diff --git a/checks/check_extra720 b/checks/check_extra720 index 1e1b1255..9acff441 100644 --- a/checks/check_extra720 +++ b/checks/check_extra720 @@ -13,6 +13,7 @@ CHECK_ID_extra720="7.20" CHECK_TITLE_extra720="[extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra720="NOT_SCORED" +CHECK_TYPE_extra720="EXTRA" CHECK_ALTERNATE_check720="extra720" extra720(){ diff --git a/checks/check_extra721 b/checks/check_extra721 index b8bef0e4..ac6ca054 100644 --- a/checks/check_extra721 +++ b/checks/check_extra721 @@ -13,6 +13,7 @@ CHECK_ID_extra721="7.21" CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra721="NOT_SCORED" +CHECK_TYPE_extra721="EXTRA" CHECK_ALTERNATE_check721="extra721" extra721(){ diff --git a/checks/check_extra722 b/checks/check_extra722 index 426ab785..1b088cd6 100644 --- a/checks/check_extra722 +++ b/checks/check_extra722 @@ -13,6 +13,7 @@ CHECK_ID_extra722="7.22" CHECK_TITLE_extra722="[extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra722="NOT_SCORED" +CHECK_TYPE_extra722="EXTRA" CHECK_ALTERNATE_check722="extra722" extra722(){ diff --git a/checks/check_extra723 b/checks/check_extra723 index 7065508f..589df548 100644 --- a/checks/check_extra723 +++ b/checks/check_extra723 @@ -13,6 +13,7 @@ CHECK_ID_extra723="7.23" CHECK_TITLE_extra723="[extra723] Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra723="NOT_SCORED" +CHECK_TYPE_extra723="EXTRA" CHECK_ALTERNATE_check723="extra723" extra723(){ diff --git a/checks/check_extra724 b/checks/check_extra724 index 67a2aa54..068a07d2 100644 --- a/checks/check_extra724 +++ b/checks/check_extra724 @@ -13,6 +13,7 @@ CHECK_ID_extra724="7.24" CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra724="NOT_SCORED" +CHECK_TYPE_extra724="EXTRA" CHECK_ALTERNATE_check724="extra724" extra724(){ diff --git a/checks/check_extra725 b/checks/check_extra725 index 4b5d426e..e719ff26 100644 --- a/checks/check_extra725 +++ b/checks/check_extra725 @@ -14,6 +14,7 @@ CHECK_ID_extra725="7.25" CHECK_TITLE_extra725="[extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra725="NOT_SCORED" +CHECK_TYPE_extra725="EXTRA" CHECK_ALTERNATE_check725="extra725" # per Object-level logging is not configured at Bucket level but at CloudTrail trail level @@ -54,7 +55,7 @@ extra725(){ textFail "$regx: S3 bucket $bucket has Object-level logging disabled" "$regx" done fi - # delete all temp files + # delete all temp files rm -fr $TEMP_BUCKET_LIST_FILE $TEMP_TRAILS_LIST_FILE $TEMP_BUCKETS_LOGGING_LIST_FILE } diff --git a/checks/check_extra726 b/checks/check_extra726 index fa879f6e..6b0bd0b1 100644 --- a/checks/check_extra726 +++ b/checks/check_extra726 @@ -14,6 +14,7 @@ CHECK_ID_extra726="7.26" CHECK_TITLE_extra726="[extra726] Check Trusted Advisor for errors and warnings (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra726="NOT_SCORED" +CHECK_TYPE_extra726="EXTRA" CHECK_ALTERNATE_check726="extra726" extra726(){ diff --git a/checks/check_extra727 b/checks/check_extra727 index e0802e30..2356684c 100644 --- a/checks/check_extra727 +++ b/checks/check_extra727 @@ -14,6 +14,7 @@ CHECK_ID_extra727="7.27" CHECK_TITLE_extra727="[extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra727="NOT_SCORED" +CHECK_TYPE_extra727="EXTRA" CHECK_ALTERNATE_check727="extra727" extra727(){ diff --git a/checks/check_extra728 b/checks/check_extra728 index 4d03d64f..7f4e4be0 100644 --- a/checks/check_extra728 +++ b/checks/check_extra728 @@ -14,6 +14,7 @@ CHECK_ID_extra728="7.28" CHECK_TITLE_extra728="[extra728] Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra728="NOT_SCORED" +CHECK_TYPE_extra728="EXTRA" CHECK_ALTERNATE_check728="extra728" extra728(){ diff --git a/checks/check_extra729 b/checks/check_extra729 index 3b502ff6..603acbb0 100644 --- a/checks/check_extra729 +++ b/checks/check_extra729 @@ -14,6 +14,7 @@ CHECK_ID_extra729="7.29" CHECK_TITLE_extra729="[extra729] Ensure there are no EBS Volumes unencrypted (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra729="NOT_SCORED" +CHECK_TYPE_extra729="EXTRA" CHECK_ALTERNATE_check729="extra729" extra729(){ diff --git a/checks/check_extra73 b/checks/check_extra73 index 8256915e..7838f570 100644 --- a/checks/check_extra73 +++ b/checks/check_extra73 @@ -13,6 +13,7 @@ CHECK_ID_extra73="7.3,7.03" CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra73="NOT_SCORED" +CHECK_TYPE_extra73="EXTRA" CHECK_ALTERNATE_extra703="extra73" CHECK_ALTERNATE_check73="extra73" CHECK_ALTERNATE_check703="extra73" diff --git a/checks/check_extra74 b/checks/check_extra74 index b2964c13..cf736188 100644 --- a/checks/check_extra74 +++ b/checks/check_extra74 @@ -13,6 +13,7 @@ CHECK_ID_extra74="7.4,7.04" CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra74="NOT_SCORED" +CHECK_TYPE_extra74="EXTRA" CHECK_ALTERNATE_extra704="extra74" CHECK_ALTERNATE_check74="extra74" CHECK_ALTERNATE_check704="extra74" diff --git a/checks/check_extra75 b/checks/check_extra75 index 029fb461..3e050462 100644 --- a/checks/check_extra75 +++ b/checks/check_extra75 @@ -13,6 +13,7 @@ CHECK_ID_extra75="7.5,7.05" CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra75="NOT_SCORED" +CHECK_TYPE_extra75="EXTRA" CHECK_ALTERNATE_extra705="extra75" CHECK_ALTERNATE_check75="extra75" CHECK_ALTERNATE_check705="extra75" diff --git a/checks/check_extra76 b/checks/check_extra76 index bb8e5d53..0f5683e5 100644 --- a/checks/check_extra76 +++ b/checks/check_extra76 @@ -13,6 +13,7 @@ CHECK_ID_extra76="7.6,7.06" CHECK_TITLE_extra76="[extra75] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra76="NOT_SCORED" +CHECK_TYPE_extra76="EXTRA" CHECK_ALTERNATE_extra706="extra76" CHECK_ALTERNATE_check76="extra76" CHECK_ALTERNATE_check706="extra76" diff --git a/checks/check_extra77 b/checks/check_extra77 index 3bf32251..8e0b9b41 100644 --- a/checks/check_extra77 +++ b/checks/check_extra77 @@ -10,10 +10,10 @@ # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. - CHECK_ID_extra77="7.7,7.07" CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra77="NOT_SCORED" +CHECK_TYPE_extra77="EXTRA" CHECK_ALTERNATE_extra707="extra77" CHECK_ALTERNATE_check77="extra77" CHECK_ALTERNATE_check707="extra77" diff --git a/checks/check_extra78 b/checks/check_extra78 index 0b0802cb..681b4d0b 100644 --- a/checks/check_extra78 +++ b/checks/check_extra78 @@ -13,6 +13,7 @@ CHECK_ID_extra78="7.8,7.08" CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra78="NOT_SCORED" +CHECK_TYPE_extra78="EXTRA" CHECK_ALTERNATE_extra708="extra78" CHECK_ALTERNATE_check78="extra78" CHECK_ALTERNATE_check708="extra78" diff --git a/checks/check_extra79 b/checks/check_extra79 index d3ee4b1d..e45e5ddc 100644 --- a/checks/check_extra79 +++ b/checks/check_extra79 @@ -13,6 +13,7 @@ CHECK_ID_extra79="7.9,7.09" CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)" CHECK_SCORED_extra79="NOT_SCORED" +CHECK_TYPE_extra79="EXTRA" CHECK_ALTERNATE_extra709="extra79" CHECK_ALTERNATE_check79="extra79" CHECK_ALTERNATE_check709="extra79"