From eae4722499a017ab9b684319d02fc88daa819809 Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Wed, 25 Mar 2020 17:25:38 +0100 Subject: [PATCH] Updated ES check titles and results --- checks/check_extra715 | 10 +++++----- checks/check_extra716 | 6 +++--- checks/check_extra779 | 2 +- checks/check_extra780 | 8 ++++---- checks/check_extra781 | 8 ++++---- checks/check_extra782 | 8 ++++---- checks/check_extra783 | 6 +++--- checks/check_extra784 | 6 +++--- checks/check_extra785 | 6 +++--- 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/checks/check_extra715 b/checks/check_extra715 index 8de075a3..0acde205 100644 --- a/checks/check_extra715 +++ b/checks/check_extra715 @@ -23,19 +23,19 @@ extra715(){ for domain in $LIST_OF_DOMAINS;do SEARCH_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.SEARCH_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False) if [[ $SEARCH_SLOWLOG_ENABLED ]];then - textPass "$regx: Amazon Elasticsearch Service (ES) domain $domain SEARCH_SLOW_LOGS enabled" "$regx" + textPass "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS enabled" "$regx" else - textFail "$regx: Amazon Elasticsearch Service (ES) domain $domain SEARCH_SLOW_LOGS disabled!" "$regx" + textFail "$regx: Amazon ES domain $domain SEARCH_SLOW_LOGS disabled!" "$regx" fi INDEX_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.INDEX_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False) if [[ $INDEX_SLOWLOG_ENABLED ]];then - textPass "$regx: Amazon Elasticsearch Service (ES) domain $domain INDEX_SLOW_LOGS enabled" "$regx" + textPass "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS enabled" "$regx" else - textFail "$regx: Amazon Elasticsearch Service (ES) domain $domain INDEX_SLOW_LOGS disabled!" "$regx" + textFail "$regx: Amazon ES domain $domain INDEX_SLOW_LOGS disabled!" "$regx" fi done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domain found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra716 b/checks/check_extra716 index abe5c546..2bd4cc16 100644 --- a/checks/check_extra716 +++ b/checks/check_extra716 @@ -27,14 +27,14 @@ extra716(){ # check if the policy has Principal as * CHECK_ES_DOMAIN_ALLUSERS_POLICY=$(cat $TEMP_POLICY_FILE | jq -r '. | .Statement[] | select(.Effect == "Allow" and (((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and .Condition == null)') if [[ $CHECK_ES_DOMAIN_ALLUSERS_POLICY ]];then - textFail "$regx: Amazon Elasticsearch Service (ES) $domain policy allow Anonymous cross account access (Principal: \"*\")" "$regx" + textFail "$regx: Amazon ES domain $domain policy allow Anonymous cross account access (Principal: \"*\")" "$regx" else - textPass "$regx: Amazon Elasticsearch Service (ES) $domain does not allow Anonymous cross account access" "$regx" + textPass "$regx: Amazon ES domain $domain does not allow Anonymous cross account access" "$regx" fi rm -f $TEMP_POLICY_FILE done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domain found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra779 b/checks/check_extra779 index 0532fcd7..2375375d 100644 --- a/checks/check_extra779 +++ b/checks/check_extra779 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra779="7.79" -CHECK_TITLE_extra779="[extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports 9200/9300/5601 (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra779="[extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports 9200/9300/5601" CHECK_SCORED_extra779="NOT_SCORED" CHECK_TYPE_extra779="EXTRA" CHECK_ALTERNATE_check779="extra779" diff --git a/checks/check_extra780 b/checks/check_extra780 index dbee7b0d..eadb584a 100644 --- a/checks/check_extra780 +++ b/checks/check_extra780 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra780="7.80" -CHECK_TITLE_extra780="[extra780] Check if Elasticsearch Service domains has Cognito authentication for Kibana enabled (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra780="[extra780] Check if Amazon Elasticsearch Service (ES) domains has Amazon Cognito authentication for Kibana enabled" CHECK_SCORED_extra780="NOT_SCORED" CHECK_TYPE_extra780="EXTRA" CHECK_ALTERNATE_check780="extra780" @@ -23,13 +23,13 @@ extra780(){ for domain in $LIST_OF_DOMAINS;do CHECK_IF_COGNITO_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.CognitoOptions.Enabled' --output text|grep -i true) if [[ $CHECK_IF_COGNITO_ENABLED ]];then - textPass "$regx: $domain has Cognito authentication for Kibana enabled" "$regx" + textPass "$regx: Amazon ES domain $domain has Amazon Cognito authentication for Kibana enabled" "$regx" else - textFail "$regx: $domain does not have Cognito authentication for Kibana enabled" "$regx" + textFail "$regx: Amazon ES domain $domain does not have Amazon Cognito authentication for Kibana enabled" "$regx" fi done else - textInfo "$regx: No Elasticsearch Service domains found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra781 b/checks/check_extra781 index c19289ca..2b19cc7e 100644 --- a/checks/check_extra781 +++ b/checks/check_extra781 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra781="7.81" -CHECK_TITLE_extra781="[extra781] Check if Amazon Elasticsearch Service (ES) domains has encryption at-rest enabled (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra781="[extra781] Check if Amazon Elasticsearch Service (ES) domains has encryption at-rest enabled" CHECK_SCORED_extra781="NOT_SCORED" CHECK_TYPE_extra781="EXTRA" CHECK_ALTERNATE_check781="extra781" @@ -23,13 +23,13 @@ extra781(){ for domain in $LIST_OF_DOMAINS;do CHECK_IF_ENCREST_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.EncryptionAtRestOptions.Enabled' --output text|grep -i true) if [[ $CHECK_IF_ENCREST_ENABLED ]];then - textPass "$regx: Amazon Elasticsearch Service (ES) $domain has encryption at-rest enabled" "$regx" + textPass "$regx: Amazon ES domain $domain has encryption at-rest enabled" "$regx" else - textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have encryption at-rest enabled" "$regx" + textFail "$regx: Amazon ES domain $domain does not have encryption at-rest enabled" "$regx" fi done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra782 b/checks/check_extra782 index 1c92beec..1c38c7f3 100644 --- a/checks/check_extra782 +++ b/checks/check_extra782 @@ -11,7 +11,7 @@ # CONDITIONS OF ANY KIND, either express or implied. See the License for the # specific language governing permissions and limitations under the License. CHECK_ID_extra782="7.82" -CHECK_TITLE_extra782="[extra782] Check if Amazon Elasticsearch Service (ES) domains has node-to-node encryption enabled (Not Scored) (Not part of CIS benchmark)" +CHECK_TITLE_extra782="[extra782] Check if Amazon Elasticsearch Service (ES) domains has node-to-node encryption enabled" CHECK_SCORED_extra782="NOT_SCORED" CHECK_TYPE_extra782="EXTRA" CHECK_ALTERNATE_check782="extra782" @@ -23,13 +23,13 @@ extra782(){ for domain in $LIST_OF_DOMAINS;do CHECK_IF_NODETOENCR_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.NodeToNodeEncryptionOptions.Enabled' --output text|grep -i true) if [[ $CHECK_IF_NODETOENCR_ENABLED ]];then - textPass "$regx: Amazon Elasticsearch Service (ES) $domain has node-to-node encryption enabled" "$regx" + textPass "$regx: Amazon ES domain $domain has node-to-node encryption enabled" "$regx" else - textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have node-to-node encryption enabled" "$regx" + textFail "$regx: Amazon ES domain $domain does not have node-to-node encryption enabled" "$regx" fi done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra783 b/checks/check_extra783 index 8b71b478..4c33b1ac 100644 --- a/checks/check_extra783 +++ b/checks/check_extra783 @@ -23,13 +23,13 @@ extra783(){ for domain in $LIST_OF_DOMAINS;do CHECK_IF_ENFORCEHTTPS_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.DomainEndpointOptions.EnforceHTTPS' --output text|grep -i true) if [[ $CHECK_IF_ENFORCEHTTPS_ENABLED ]];then - textPass "$regx: Amazon Elasticsearch Service (ES) $domain has enforce HTTPS enabled" "$regx" + textPass "$regx: Amazon ES domain $domain has enforce HTTPS enabled" "$regx" else - textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have enforce HTTPS enabled" "$regx" + textFail "$regx: Amazon ES domain $domain does not have enforce HTTPS enabled" "$regx" fi done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra784 b/checks/check_extra784 index 0a62207e..cb407538 100644 --- a/checks/check_extra784 +++ b/checks/check_extra784 @@ -23,13 +23,13 @@ extra784(){ for domain in $LIST_OF_DOMAINS;do CHECK_IF_INTERNALDB_ENABLED=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.AdvancedSecurityOptions.InternalUserDatabaseEnabled' --output text|grep -i true) if [[ $CHECK_IF_INTERNALDB_ENABLED ]];then - textPass "$regx: Amazon Elasticsearch Service (ES) $domain has internal user database enabled" "$regx" + textPass "$regx: Amazon ES domain $domain has internal user database enabled" "$regx" else - textFail "$regx: Amazon Elasticsearch Service (ES) $domain does not have internal user database enabled" "$regx" + textFail "$regx: Amazon ES domain $domain does not have internal user database enabled" "$regx" fi done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done } diff --git a/checks/check_extra785 b/checks/check_extra785 index a630eb28..243693b7 100644 --- a/checks/check_extra785 +++ b/checks/check_extra785 @@ -23,13 +23,13 @@ extra785(){ for domain in $LIST_OF_DOMAINS;do CHECK_IF_UPDATE_AVAILABLE=$($AWSCLI es describe-elasticsearch-domain --domain-name $domain $PROFILE_OPT --region $regx --query 'DomainStatus.ServiceSoftwareOptions.UpdateAvailable' --output text|grep -i true) if [[ $CHECK_IF_UPDATE_AVAILABLE ]];then - textInfo "$regx: Amazon Elasticsearch Service (ES) $domain has updates available" "$regx" + textInfo "$regx: Amazon ES domain $domain has updates available" "$regx" else - textPass "$regx: Amazon Elasticsearch Service (ES) $domain does not have have updates available" "$regx" + textPass "$regx: Amazon ES domain $domain does not have have updates available" "$regx" fi done else - textInfo "$regx: No Amazon Elasticsearch Service (ES) domains found" "$regx" + textInfo "$regx: No Amazon ES domain found" "$regx" fi done }