ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update to 'check114'

Browse Source 
Updated 'check114' to ensure hardware MFA is enabled for root account by:-
1) Querying for 'SerialNumber' of the Virtual MFA Devices list
2) 'SerialNumber' is ARN for Virtual MFA Device and Device Number for Hardware MFA Device; so did grep for ARN with 'root-account-mfa-device' in the expression
This commit is contained in:
Subramani Ramanathan
2018-02-05 21:49:15 +05:30
committed by GitHub
parent 845ed39b8c
commit e192a5ef44
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
prowler
View File

@@ -819,9 +819,9 @@ check114(){
COMMAND113=$($AWSCLI iam get-account-summary $PROFILE_OPT --region $REGION --output json --query 'SummaryMap.AccountMFAEnabled')
textTitle "$ID114" "$TITLE114" "SCORED" "LEVEL1"
if [ "$COMMAND113" == "1" ]; then
COMMAND114=$($AWSCLI iam list-virtual-mfa-devices $PROFILE_OPT --region $REGION --query 'VirtualMFADevices' --output text|grep :root |wc -l)
if [ "$COMMAND114" == "1" ]; then
textOK "Virtual MFA is enabled for root"
COMMAND114=$($AWSCLI iam list-virtual-mfa-devices $PROFILE_OPT --region $REGION --output text --assignment-status Assigned --query 'VirtualMFADevices[*].[SerialNumber]' | grep '^arn:aws:iam::[0-9]\{12\}:mfa/root-account-mfa-device$')
if [[ "$COMMAND114" ]]; then
textWarn "Only Virtual MFA is enabled for root"
else
textOK "Hardware MFA is enabled for root "
fi