diff --git a/docs/developer-guide/checks.md b/docs/developer-guide/checks.md index affa6a1d..58790642 100644 --- a/docs/developer-guide/checks.md +++ b/docs/developer-guide/checks.md @@ -101,7 +101,7 @@ All the checks MUST fill the `report.status` and `report.status_extended` with t - Status -- `report.status` - `PASS` --> If the check is passing against the configured value. - - `FAIL` --> If the check is passing against the configured value. + - `FAIL` --> If the check is failing against the configured value. - `INFO` --> This value cannot be used unless a manual operation is required in order to determine if the `report.status` is whether `PASS` or `FAIL`. - Status Extended -- `report.status_extended` - MUST end in a dot `.` diff --git a/docs/developer-guide/debugging.md b/docs/developer-guide/debugging.md new file mode 100644 index 00000000..e6b20d60 --- /dev/null +++ b/docs/developer-guide/debugging.md @@ -0,0 +1,45 @@ +# Debugging + +Debugging in Prowler make things easier! +If you are developing Prowler, it's possible that you will encounter some situations where you have to inspect the code in depth to fix some unexpected issues during the execution. To do that, if you are using VSCode you can run the code using the integrated debugger. Please, refer to this [documentation](https://code.visualstudio.com/docs/editor/debugging) for guidance about the debugger in VSCode. +The following file is an example of the [debugging configuration](https://code.visualstudio.com/docs/editor/debugging#_launch-configurations) file that you can add to [Virtual Studio Code](https://code.visualstudio.com/). + +This file should inside the *.vscode* folder and its name has to be *launch.json*: + +```json +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Python: Current File", + "type": "python", + "request": "launch", + "program": "prowler.py", + "args": [ + "aws", + "-f", + "eu-west-1", + "--service", + "cloudwatch", + "--log-level", + "ERROR", + "-p", + "dev", + ], + "console": "integratedTerminal", + "justMyCode": false + }, + { + "name": "Python: Debug Tests", + "type": "python", + "request": "launch", + "program": "${file}", + "purpose": [ + "debug-test" + ], + "console": "integratedTerminal", + "justMyCode": false + } + ] +} +``` diff --git a/docs/getting-started/requirements.md b/docs/getting-started/requirements.md index d758cb72..7f29c716 100644 --- a/docs/getting-started/requirements.md +++ b/docs/getting-started/requirements.md @@ -71,22 +71,48 @@ To use each one you need to pass the proper flag to the execution. Prowler fro A #### Azure Active Directory scope -Azure Active Directory (AAD) permissions required by the tool are the following: +Microsoft Entra ID (AAD earlier) permissions required by the tool are the following: - `Directory.Read.All` - `Policy.Read.All` The best way to assign it is through the azure web console: -![AAD Permissions](../img/AAD-permissions.png) +1. Access to Microsoft Entra ID +2. In the left menu bar, go to "App registrations" +3. Once there, in the menu bar click on "+ New registration" to register a new application +4. Fill the "Name, select the "Supported account types" and click on "Register. You will be redirected to the applications page. + ![Register an Application page](../img/register-application.png) +4. Select the new application +5. In the left menu bar, select "API permissions" +6. Then click on "+ Add a permission" and select "Microsoft Graph" +7. Once in the "Microsoft Graph" view, select "Application permissions" +8. Finally, search for "Directory" and "Policy" and select the following permissions: + - `Directory.Read.All` + - `Policy.Read.All` + ![EntraID Permissions](../img/AAD-permissions.png) + #### Subscriptions scope -Regarding the subscription scope, Prowler by default scans all the subscriptions that is able to list, so it is required to add the following RBAC builtin roles per subscription to the entity that is going to be assumed by the tool: +Regarding the subscription scope, Prowler by default scans all the subscriptions that is able to list, so it is required to add the following RBAC builtin roles per subscription to the entity that is going to be assumed by the tool: - `Security Reader` - `Reader` +To assign this roles, follow the instructions: + +1. Access your subscription, then select your subscription. +2. Select "Access control (IAM)". +3. In the overview, select "Roles" + ![IAM Page](../img/page-IAM.png) +4. Click on "+ Add" and select "Add role assignment" +5. In the search bar, type `Security Reader`, select it and click on "Next" +6. In the Members tab, click on "+ Select members" and add the members you want to assign this role. +7. Click on "Review + assign" to apply the new role. + +*Repeat these steps for `Reader` role* + ## Google Cloud ### GCP Authentication diff --git a/docs/img/page-IAM.png b/docs/img/page-IAM.png new file mode 100644 index 00000000..b584be27 Binary files /dev/null and b/docs/img/page-IAM.png differ diff --git a/docs/img/register-application.png b/docs/img/register-application.png new file mode 100644 index 00000000..dd692919 Binary files /dev/null and b/docs/img/register-application.png differ diff --git a/mkdocs.yml b/mkdocs.yml index b112aa8f..ac3d40dd 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -74,6 +74,7 @@ nav: - Testing: - Unit Tests: developer-guide/unit-testing.md - Integration Tests: developer-guide/integration-testing.md + - Debugging: developer-guide/debugging.md - Security: security.md - Contact Us: contact.md - Troubleshooting: troubleshooting.md