From d640086112fa7900ae977da826434a4a67bb87a8 Mon Sep 17 00:00:00 2001 From: gabrielsoltz Date: Thu, 6 Jun 2019 21:26:10 +0100 Subject: [PATCH 1/4] add guardduty regions --- checks/check_extra713 | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/checks/check_extra713 b/checks/check_extra713 index cb0f8d5d..ecd5239e 100644 --- a/checks/check_extra713 +++ b/checks/check_extra713 @@ -17,8 +17,17 @@ CHECK_TYPE_extra713="EXTRA" CHECK_ALTERNATE_check713="extra713" extra713(){ + + # Guardduty Regions are not the same as REGIONS + PYTHON=$(which python) + if [ ! -z "${PYTHON}" ]; then + GD_REGIONS=$($PYTHON -c "import boto3 ; session = boto3.session.Session() ; print (session.get_available_regions('guardduty'))") + else + GD_REGIONS=$REGIONS + fi + # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)" - for regx in $REGIONS; do + for regx in $GD_REGIONS; do LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text 2> /dev/null | cut -f2) if [[ $LIST_OF_GUARDDUTY_DETECTORS ]];then while read -r detector;do From a09055ff31d4476d1f0dba44cf24d829a5b00231 Mon Sep 17 00:00:00 2001 From: gabrielsoltz Date: Thu, 6 Jun 2019 21:35:52 +0100 Subject: [PATCH 2/4] fix --- checks/check_extra713 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/checks/check_extra713 b/checks/check_extra713 index ecd5239e..6a493804 100644 --- a/checks/check_extra713 +++ b/checks/check_extra713 @@ -21,13 +21,14 @@ extra713(){ # Guardduty Regions are not the same as REGIONS PYTHON=$(which python) if [ ! -z "${PYTHON}" ]; then - GD_REGIONS=$($PYTHON -c "import boto3 ; session = boto3.session.Session() ; print (session.get_available_regions('guardduty'))") + GD_REGIONS=($($PYTHON -c "import boto3 ; session = boto3.session.Session() ; print (session.get_available_regions('guardduty'))")) else GD_REGIONS=$REGIONS fi # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)" - for regx in $GD_REGIONS; do + for GD_REGION in "${GD_REGIONS[@]}"; do + regx="$(echo "$GD_REGION" | cut -d \' -f 2 | cut -d \' -f 1)" LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text 2> /dev/null | cut -f2) if [[ $LIST_OF_GUARDDUTY_DETECTORS ]];then while read -r detector;do From 8ee06449b70b5d5a393c21f82fc129e7b909d4e9 Mon Sep 17 00:00:00 2001 From: gabrielsoltz Date: Fri, 7 Jun 2019 05:49:47 +0100 Subject: [PATCH 3/4] fix code --- checks/check_extra713 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/checks/check_extra713 b/checks/check_extra713 index 6a493804..27eb9add 100644 --- a/checks/check_extra713 +++ b/checks/check_extra713 @@ -21,14 +21,15 @@ extra713(){ # Guardduty Regions are not the same as REGIONS PYTHON=$(which python) if [ ! -z "${PYTHON}" ]; then + #textInfo "Using python and boto3 for getting Guardduty Available Regions" GD_REGIONS=($($PYTHON -c "import boto3 ; session = boto3.session.Session() ; print (session.get_available_regions('guardduty'))")) + for GD_REGION in "${GD_REGIONS[@]}"; do GD_REGIONS_PARSED+="$(echo "$GD_REGION" | cut -d \' -f 2 | cut -d \' -f 1 && echo " ")"; done else - GD_REGIONS=$REGIONS + GD_REGIONS_PARSED=$REGIONS fi # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)" - for GD_REGION in "${GD_REGIONS[@]}"; do - regx="$(echo "$GD_REGION" | cut -d \' -f 2 | cut -d \' -f 1)" + for regx in $GD_REGIONS_PARSED; do LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text 2> /dev/null | cut -f2) if [[ $LIST_OF_GUARDDUTY_DETECTORS ]];then while read -r detector;do From 89268e4875974a672fb11fcf9a489d6f4e20c891 Mon Sep 17 00:00:00 2001 From: gabrielsoltz Date: Fri, 7 Jun 2019 05:51:26 +0100 Subject: [PATCH 4/4] textInfo --- checks/check_extra713 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/check_extra713 b/checks/check_extra713 index 27eb9add..f70c626b 100644 --- a/checks/check_extra713 +++ b/checks/check_extra713 @@ -21,7 +21,7 @@ extra713(){ # Guardduty Regions are not the same as REGIONS PYTHON=$(which python) if [ ! -z "${PYTHON}" ]; then - #textInfo "Using python and boto3 for getting Guardduty Available Regions" + textInfo "Using python and boto3 for getting Guardduty Available Regions" GD_REGIONS=($($PYTHON -c "import boto3 ; session = boto3.session.Session() ; print (session.get_available_regions('guardduty'))")) for GD_REGION in "${GD_REGIONS[@]}"; do GD_REGIONS_PARSED+="$(echo "$GD_REGION" | cut -d \' -f 2 | cut -d \' -f 1 && echo " ")"; done else