mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
Consolidated titles and outputs including resource ID in ASFF
This commit is contained in:
Toni de la Fuente
@@ -19,33 +19,33 @@ GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra7
|
||||
|
||||
# 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored) [group4, cislevel1, cislevel2]
|
||||
# 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored) [group4, cislevel1, cislevel2]
|
||||
# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark) [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
|
||||
# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark) [extras, gdpr, hipaa, rds]
|
||||
# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark) [extras, gdpr, hipaa, secrets, apigateway, rds]
|
||||
# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark) [extras, gdpr, secrets]
|
||||
# 7.7 [extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark) [group1, extras, secrets, elasticsearch]
|
||||
# 7.8 [extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark) [extras, rds, elasticsearch, trustboundaries]
|
||||
# 7.9 [extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark) [extras, trustboundaries]
|
||||
# 7.10 [extra710] Check for internet facing EC2 Instances (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
|
||||
# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user [extras, gdpr, hipaa, rds]
|
||||
# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used [extras, gdpr, hipaa, secrets, apigateway, rds]
|
||||
# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public [extras, gdpr, secrets]
|
||||
# 7.7 [extra77] Ensure there are no ECR repositories set as Public [group1, extras, secrets, elasticsearch]
|
||||
# 7.8 [extra78] Ensure there are no Public Accessible RDS instances [extras, rds, elasticsearch, trustboundaries]
|
||||
# 7.9 [extra79] Check for internet facing Elastic Load Balancers [extras, trustboundaries]
|
||||
# 7.10 [extra710] Check for internet facing EC2 Instances [extras]
|
||||
# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters [extras]
|
||||
# 7.16 [extra716] Check if Amazon Elasticsearch Service (ES) domains are set as Public or if it has open policy access [extras, elasticsearch]
|
||||
# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public (Not Scored) (Not part of CIS benchmark) [extras, rds]
|
||||
# 7.27 [extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark) [extras, gdpr]
|
||||
# 7.31 [extra731] Check if SNS topics have policy set as Public (Not Scored) (Not part of CIS benchmark) [extras, gdpr]
|
||||
# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark) [extras, gdpr]
|
||||
# 7.45 [extra745] Check if API Gateway endpoint is public or private (Not Scored) (Not part of CIS benchmark) [extras, apigateway]
|
||||
# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211 (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# redundant 7.56 [extra756] Check if Redshift cluster is Public Accessible (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public [extras, rds]
|
||||
# 7.27 [extra727] Check if SQS queues have policy set as Public [extras, gdpr]
|
||||
# 7.31 [extra731] Check if SNS topics have policy set as Public [extras, gdpr]
|
||||
# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS [extras, gdpr]
|
||||
# 7.45 [extra745] Check if API Gateway endpoint is public or private [extras, apigateway]
|
||||
# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port [extras]
|
||||
# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483 [extras]
|
||||
# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306 [extras]
|
||||
# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432 [extras]
|
||||
# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379 [extras]
|
||||
# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018 [extras]
|
||||
# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888 [extras]
|
||||
# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211 [extras]
|
||||
# redundant 7.56 [extra756] Check if Redshift cluster is Public Accessible [extras]
|
||||
# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached [extras]
|
||||
# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918) [extras]
|
||||
# 7.79 [extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports [extras, elasticsearch]
|
||||
# 7.87 [extra787] Check connection and authentication for Internet exposed Elasticsearch/Kibana ports [extras, elasticsearch]
|
||||
# 7.88 [extra788] Check connection and authentication for Internet exposed Amazon Elasticsearch Service (ES) domains [extras, elasticsearch]
|
||||
# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access (Not Scored) (Not part of CIS benchmark) [extras]
|
||||
# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access [extras]
|
||||
|
||||
Reference in New Issue
Block a user