From c8622bc3471c1fcdab434b1c39a4c64279680fa2 Mon Sep 17 00:00:00 2001 From: gabrielsoltz Date: Thu, 13 Jun 2019 14:32:19 +0200 Subject: [PATCH] better check denied --- checks/check_extra73 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/checks/check_extra73 b/checks/check_extra73 index fa5c90da..a83f9e55 100644 --- a/checks/check_extra73 +++ b/checks/check_extra73 @@ -54,9 +54,8 @@ extra73(){ BUCKET_LOCATION="eu-west-1" fi # Check Explicit Deny and Avoid Error - CHEK_FOR_EXPLICIT_DENY=$($AWSCLI s3api get-bucket-acl $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket 2> /dev/null) - CHEK_FOR_EXPLICIT_DENY="$?" - if [[ $CHEK_FOR_EXPLICIT_DENY -eq 255 ]]; then + CHEK_FOR_EXPLICIT_DENY=$($AWSCLI s3api get-bucket-acl $PROFILE_OPT --region $BUCKET_LOCATION --bucket $bucket --output text 2>&1) + if [[ $(echo "$CHEK_FOR_EXPLICIT_DENY" | grep AccessDenied) ]] ; then textPass "$BUCKET_LOCATION: bucket have an explicit Deny. Not possible to get ACL." "$BUCKET_LOCATION" else # check if AllUsers is in the ACL as Grantee