ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed report temp deletion after single check and fixed check24 region bug

Browse Source
This commit is contained in:
Toni de la Fuente
2016-10-12 12:16:31 -04:00
parent 3e79b5c5be
commit e9eda9dfdb
1 changed files with 51 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
prowler
View File

@@ -219,12 +219,17 @@ genCredReport() {
done done
} }
# Save report to a file, decode it, deletion at finish, acb stands for AWS CIS Benchmark # Save report to a file, decode it, deletion at finish and after every single check, acb stands for AWS CIS Benchmark
saveReport(){ saveReport(){
TEMP_REPORT_FILE=/tmp/.acb TEMP_REPORT_FILE=/tmp/.acb
$AWSCLI iam get-credential-report --query 'Content' --output text --profile $PROFILE --region $REGION | decode_report > $TEMP_REPORT_FILE $AWSCLI iam get-credential-report --query 'Content' --output text --profile $PROFILE --region $REGION | decode_report > $TEMP_REPORT_FILE
} }
# Delete temporary report file
cleanTemp(){
rm -fr $TEMP_REPORT_FILE
}
# Get a list of all available AWS Regions # Get a list of all available AWS Regions
REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \ REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
--output text \ --output text \
@@ -505,7 +510,7 @@ check24(){
LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails --profile $PROFILE --region $REGION --query 'trailList[*].Name' --output text) LIST_OF_TRAILS=$($AWSCLI cloudtrail describe-trails --profile $PROFILE --region $REGION --query 'trailList[*].Name' --output text)
if [[ $LIST_OF_TRAILS ]];then if [[ $LIST_OF_TRAILS ]];then
for trail in $LIST_OF_TRAILS;do for trail in $LIST_OF_TRAILS;do
TRAIL_REGION=$($AWSCLI cloudtrail describe-trails --profile $PROFILE --region $REGION --query 'trailList[*]' --output text | grep $trail | awk '{ print $1}') TRAIL_REGION=$($AWSCLI cloudtrail describe-trails --profile $PROFILE --region $REGION --query 'trailList[*]' --output text | grep $trail | awk '{ print $3}')
LATESTDELIVERY_TIMESTAMP=$($AWSCLI cloudtrail get-trail-status --name $trail --profile $PROFILE --region $TRAIL_REGION --query 'LatestCloudWatchLogsDeliveryTime' --output text|grep -v None) LATESTDELIVERY_TIMESTAMP=$($AWSCLI cloudtrail get-trail-status --name $trail --profile $PROFILE --region $TRAIL_REGION --query 'LatestCloudWatchLogsDeliveryTime' --output text|grep -v None)
if [[ ! $LATESTDELIVERY_TIMESTAMP ]];then if [[ ! $LATESTDELIVERY_TIMESTAMP ]];then
echo -e " $RED $trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)$NORMAL" echo -e " $RED $trail trail is not logging in the last 24h or not configured (it is in $TRAIL_REGION)$NORMAL"
@@ -910,49 +915,49 @@ check44(){
singleCheck(){ singleCheck(){
if [[ $CHECKNUMBER ]];then if [[ $CHECKNUMBER ]];then
case "$CHECKNUMBER" in case "$CHECKNUMBER" in
check11) check11;exit;; check11) check11;cleanTemp;exit;;
check12) check12;exit;; check12) check12;cleanTemp;exit;;
check13) check13;exit;; check13) check13;cleanTemp;exit;;
check14) check14;exit;; check14) check14;cleanTemp;exit;;
check15) check15;exit;; check15) check15;cleanTemp;exit;;
check16) check16;exit;; check16) check16;cleanTemp;exit;;
check17) check17;exit;; check17) check17;cleanTemp;exit;;
check18) check18;exit;; check18) check18;cleanTemp;exit;;
check19) check19;exit;; check19) check19;cleanTemp;exit;;
check110) check110;exit;; check110) check110;cleanTemp;exit;;
check111) check111;exit;; check111) check111;cleanTemp;exit;;
check112) check112;exit;; check112) check112;cleanTemp;exit;;
check113) check113;exit;; check113) check113;cleanTemp;exit;;
check114) check114;exit;; check114) check114;cleanTemp;exit;;
check115) check115;exit;; check115) check115;cleanTemp;exit;;
check21) check21;exit;; check21) check21;cleanTemp;exit;;
check22) check22;exit;; check22) check22;cleanTemp;exit;;
check23) check23;exit;; check23) check23;cleanTemp;exit;;
check24) check24;exit;; check24) check24;cleanTemp;exit;;
check25) check25;exit;; check25) check25;cleanTemp;exit;;
check26) check26;exit;; check26) check26;cleanTemp;exit;;
check27) check27;exit;; check27) check27;cleanTemp;exit;;
check28) check28;exit;; check28) check28;cleanTemp;exit;;
check31) check31;exit;; check31) check31;cleanTemp;exit;;
check32) check32;exit;; check32) check32;cleanTemp;exit;;
check33) check33;exit;; check33) check33;cleanTemp;exit;;
check34) check34;exit;; check34) check34;cleanTemp;exit;;
check35) check35;exit;; check35) check35;cleanTemp;exit;;
check36) check36;exit;; check36) check36;cleanTemp;exit;;
check37) check37;exit;; check37) check37;cleanTemp;exit;;
check38) check38;exit;; check38) check38;cleanTemp;exit;;
check39) check39;exit;; check39) check39;cleanTemp;exit;;
check310) check310;exit;; check310) check310;cleanTemp;exit;;
check311) check311;exit;; check311) check311;cleanTemp;exit;;
check312) check312;exit;; check312) check312;cleanTemp;exit;;
check313) check313;exit;; check313) check313;cleanTemp;exit;;
check314) check314;exit;; check314) check314;cleanTemp;exit;;
check315) check315;exit;; check315) check315;cleanTemp;exit;;
check316) check316;exit;; check316) check316;cleanTemp;exit;;
check41) check41;exit;; check41) check41;cleanTemp;exit;;
check42) check42;exit;; check42) check42;cleanTemp;exit;;
check43) check43;exit;; check43) check43;cleanTemp;exit;;
check44) check44;exit;; check44) check44;cleanTemp;exit;;
* ) echo -e "\n$RED ERROR! Use a valid check name (i.e. check41) $NORMAL\n";exit;; * ) echo -e "\n$RED ERROR! Use a valid check name (i.e. check41) $NORMAL\n";exit;;
esac esac
fi fi
@@ -1020,5 +1025,4 @@ check44
echo -e "\n$BLUE - For more information and reference:$NORMAL" echo -e "\n$BLUE - For more information and reference:$NORMAL"
echo -e " $NOTICE https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf$NORMAL" echo -e " $NOTICE https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf$NORMAL"
# Delete temp file cleanTemp
rm -fr $TEMP_REPORT_FILE