mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
Updated ES check titles and results
This commit is contained in:
Toni de la Fuente
@@ -23,19 +23,19 @@ extra715(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
SEARCH_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.SEARCH_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
|
||||
if [[ $SEARCH_SLOWLOG_ENABLED ]];then
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) domain $domain SEARCH_SLOW_LOGS enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) domain $domain SEARCH_SLOW_LOGS disabled!" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS disabled!" "$regx"
|
||||
fi
|
||||
INDEX_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.INDEX_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
|
||||
if [[ $INDEX_SLOWLOG_ENABLED ]];then
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) domain $domain INDEX_SLOW_LOGS enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) domain $domain INDEX_SLOW_LOGS disabled!" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS disabled!" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domain found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -27,14 +27,14 @@ extra716(){
|
||||
# check if the policy has Principal as *
|
||||
CHECK_ES_DOMAIN_ALLUSERS_POLICY=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and .Condition == null)')
|
||||
if [[ $CHECK_ES_DOMAIN_ALLUSERS_POLICY ]];then
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) $domain policy allow Anonymous cross account access (Principal: \"*\")" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain policy allow Anonymous cross account access (Principal: \"*\")" "$regx"
|
||||
else
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) $domain does not allow Anonymous cross account access" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain does not allow Anonymous cross account access" "$regx"
|
||||
fi
|
||||
rm -f $TEMP_POLICY_FILE
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domain found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra779="7.79"
|
||||
CHECK_TITLE_extra779="[extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports 9200/9300/5601 (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra779="[extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports 9200/9300/5601"
|
||||
CHECK_SCORED_extra779="NOT_SCORED"
|
||||
CHECK_TYPE_extra779="EXTRA"
|
||||
CHECK_ALTERNATE_check779="extra779"
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra780="7.80"
|
||||
CHECK_TITLE_extra780="[extra780] Check if Elasticsearch Service domains has Cognito authentication for Kibana enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra780="[extra780] Check if Amazon Elasticsearch Service (ES) domains has Amazon Cognito authentication for Kibana enabled"
|
||||
CHECK_SCORED_extra780="NOT_SCORED"
|
||||
CHECK_TYPE_extra780="EXTRA"
|
||||
CHECK_ALTERNATE_check780="extra780"
|
||||
@@ -23,13 +23,13 @@ extra780(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
CHECK_IF_COGNITO_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.CognitoOptions.Enabled' --output text|grep -i true)
|
||||
if [[ $CHECK_IF_COGNITO_ENABLED ]];then
|
||||
textPass "$regx: $domain has Cognito authentication for Kibana enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain has Amazon Cognito authentication for Kibana enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: $domain does not have Cognito authentication for Kibana enabled" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain does not have Amazon Cognito authentication for Kibana enabled" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Elasticsearch Service domains found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra781="7.81"
|
||||
CHECK_TITLE_extra781="[extra781] Check if Amazon Elasticsearch Service (ES) domains has encryption at-rest enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra781="[extra781] Check if Amazon Elasticsearch Service (ES) domains has encryption at-rest enabled"
|
||||
CHECK_SCORED_extra781="NOT_SCORED"
|
||||
CHECK_TYPE_extra781="EXTRA"
|
||||
CHECK_ALTERNATE_check781="extra781"
|
||||
@@ -23,13 +23,13 @@ extra781(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
CHECK_IF_ENCREST_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.EncryptionAtRestOptions.Enabled' --output text|grep -i true)
|
||||
if [[ $CHECK_IF_ENCREST_ENABLED ]];then
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) $domain has encryption at-rest enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain has encryption at-rest enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have encryption at-rest enabled" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain does not have encryption at-rest enabled" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations under the License.
|
||||
CHECK_ID_extra782="7.82"
|
||||
CHECK_TITLE_extra782="[extra782] Check if Amazon Elasticsearch Service (ES) domains has node-to-node encryption enabled (Not Scored) (Not part of CIS benchmark)"
|
||||
CHECK_TITLE_extra782="[extra782] Check if Amazon Elasticsearch Service (ES) domains has node-to-node encryption enabled"
|
||||
CHECK_SCORED_extra782="NOT_SCORED"
|
||||
CHECK_TYPE_extra782="EXTRA"
|
||||
CHECK_ALTERNATE_check782="extra782"
|
||||
@@ -23,13 +23,13 @@ extra782(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
CHECK_IF_NODETOENCR_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.NodeToNodeEncryptionOptions.Enabled' --output text|grep -i true)
|
||||
if [[ $CHECK_IF_NODETOENCR_ENABLED ]];then
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) $domain has node-to-node encryption enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain has node-to-node encryption enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have node-to-node encryption enabled" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain does not have node-to-node encryption enabled" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -23,13 +23,13 @@ extra783(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
CHECK_IF_ENFORCEHTTPS_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.DomainEndpointOptions.EnforceHTTPS' --output text|grep -i true)
|
||||
if [[ $CHECK_IF_ENFORCEHTTPS_ENABLED ]];then
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) $domain has enforce HTTPS enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain has enforce HTTPS enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have enforce HTTPS enabled" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain does not have enforce HTTPS enabled" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -23,13 +23,13 @@ extra784(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
CHECK_IF_INTERNALDB_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.AdvancedSecurityOptions.InternalUserDatabaseEnabled' --output text|grep -i true)
|
||||
if [[ $CHECK_IF_INTERNALDB_ENABLED ]];then
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) $domain has internal user database enabled" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain has internal user database enabled" "$regx"
|
||||
else
|
||||
textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have internal user database enabled" "$regx"
|
||||
textFail "$regx: Amazon ES domain $domain does not have internal user database enabled" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
@@ -23,13 +23,13 @@ extra785(){
|
||||
for domain in $LIST_OF_DOMAINS;do
|
||||
CHECK_IF_UPDATE_AVAILABLE=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.ServiceSoftwareOptions.UpdateAvailable' --output text|grep -i true)
|
||||
if [[ $CHECK_IF_UPDATE_AVAILABLE ]];then
|
||||
textInfo "$regx: Amazon Elasticsearch Service (ES) $domain has updates available" "$regx"
|
||||
textInfo "$regx: Amazon ES domain $domain has updates available" "$regx"
|
||||
else
|
||||
textPass "$regx: Amazon Elasticsearch Service (ES) $domain does not have have updates available" "$regx"
|
||||
textPass "$regx: Amazon ES domain $domain does not have have updates available" "$regx"
|
||||
fi
|
||||
done
|
||||
else
|
||||
textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx"
|
||||
textInfo "$regx: No Amazon ES domain found" "$regx"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user