feat(reorganize_folders): Merge checks. (#1196)

Co-authored-by: sergargar <sergio@verica.io>

providers/aws/services/acm/check_extra724

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+CHECK_ID_extra724="7.24"
+CHECK_TITLE_extra724="[extra724] Check if ACM certificates have Certificate Transparency logging enabled"
+CHECK_SCORED_extra724="NOT_SCORED"
+CHECK_CIS_LEVEL_extra724="EXTRA"
+CHECK_SEVERITY_extra724="Medium"
+CHECK_ASFF_RESOURCE_TYPE_extra724="AwsCertificateManagerCertificate"
+CHECK_ALTERNATE_check724="extra724"
+CHECK_SERVICENAME_extra724="acm"
+CHECK_RISK_extra724='Domain owners can search the log to identify unexpected certificates; whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.'
+CHECK_REMEDIATION_extra724='Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.'
+CHECK_DOC_extra724='https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/'
+CHECK_CAF_EPIC_extra724='Logging and Monitoring'
+
+extra724(){
+  # "Check if ACM certificates have Certificate Transparency logging enabled "
+  for regx in $REGIONS; do
+    LIST_OF_CERTS=$($AWSCLI acm list-certificates $PROFILE_OPT  --region $regx --query CertificateSummaryList[].CertificateArn --output text)
+    if [[ $LIST_OF_CERTS ]];then
+      for cert_arn in $LIST_OF_CERTS;do
+        CT_ENABLED=$($AWSCLI acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Options.CertificateTransparencyLoggingPreference --output text)
+        CERT_DOMAIN_NAME=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.DomainName --output text)
+        CERT_TYPE=$(aws acm describe-certificate $PROFILE_OPT --region $regx --certificate-arn $cert_arn --query Certificate.Type --output text)
+        if [[ $CERT_TYPE == "IMPORTED" ]];then
+          # Ignore imported certificate
+          textInfo "$regx: ACM Certificate $CERT_DOMAIN_NAME is imported." "$regx" "$CERT_DOMAIN_NAME"
+        else
+          if [[ $CT_ENABLED == "ENABLED" ]];then
+            textPass "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging enabled!" "$regx" "$CERT_DOMAIN_NAME"
+          else
+            textFail "$regx: ACM Certificate $CERT_DOMAIN_NAME has Certificate Transparency logging disabled!" "$regx" "$CERT_DOMAIN_NAME"
+          fi
+        fi
+      done
+    else
+       textInfo "$regx: No ACM Certificates found" "$regx"
+    fi
+  done
+}

providers/aws/services/acm/check_extra730

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy
+# of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+
+DAYS_TO_EXPIRE_THRESHOLD="7"
+
+CHECK_ID_extra730="7.30"
+CHECK_TITLE_extra730="[extra730] Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less"
+CHECK_SCORED_extra730="NOT_SCORED"
+CHECK_CIS_LEVEL_extra730="EXTRA"
+CHECK_SEVERITY_extra730="High"
+CHECK_ASFF_RESOURCE_TYPE_extra730="AwsCertificateManagerCertificate"
+CHECK_ALTERNATE_check730="extra730"
+CHECK_SERVICENAME_extra730="acm"
+CHECK_RISK_extra730='Expired certificates can impact service availability.'
+CHECK_REMEDIATION_extra730='Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.'
+CHECK_DOC_extra730='https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html'
+CHECK_CAF_EPIC_extra730='Data Protection'
+
+extra730(){
+  # Only RSA key types, needed to recover Amazon Issued, Imported and Private PKIs
+  local ACM_KEY_TYPES="RSA_1024,RSA_2048,RSA_3072,RSA_4096"
+  local ACM_CERTIFICATE_STATUSES="ISSUED"
+
+  # "Check if ACM Certificates are about to expire in $DAYS_TO_EXPIRE_THRESHOLD days or less"
+  for regx in $REGIONS; do
+    LIST_OF_ACM_CERTS=$("${AWSCLI}" acm list-certificates ${PROFILE_OPT} --region "${regx}" --include keyTypes="${ACM_KEY_TYPES}" --certificate-statuses "${ACM_CERTIFICATE_STATUSES}" --query 'CertificateSummaryList[].CertificateArn' --output text)
+    if [[ $LIST_OF_ACM_CERTS ]]; then
+      for cert in $LIST_OF_ACM_CERTS; do
+        CERT_DATA=$("${AWSCLI}" acm describe-certificate ${PROFILE_OPT} --region "${regx}" --certificate-arn "${cert}" --query 'Certificate.[DomainName,NotAfter]' --output text)
+        # Format: domain.test.com YYYY-MM-DDTHH:MM:SS
+        echo "$CERT_DATA" | while read -r FQDN NOTAFTER; do
+          EXPIRES_DATE=$(timestamp_to_date "${NOTAFTER}")
+          if [[ "${EXPIRES_DATE}" == "" ]]
+          then
+            textInfo "${regx}: Certificate for ${FQDN} has an incorrect timestamp format: ${NOTAFTER}" "${regx}" "${FQDN}"
+          else
+            COUNTER_DAYS=$(how_many_days_from_today "${EXPIRES_DATE}")
+            if [[ $COUNTER_DAYS -le $DAYS_TO_EXPIRE_THRESHOLD ]]; then
+              textFail "${regx}: Certificate for ${FQDN} is about to expire in ${COUNTER_DAYS} days!" "${regx}" "${FQDN}"
+            else
+              textPass "${regx}: Certificate for ${FQDN} expires in ${COUNTER_DAYS} days" "${regx}" "{$FQDN}"
+            fi
+          fi
+        done
+      done
+    else
+      textInfo "${regx}: No certificates found" "${regx}"
+    fi
+  done
+}