Merge pull request #232 from rheak/master

Update Scored Value for 115 and 315. Update 13 to only check users with enabled console password.
2026-02-13 00:05:04 +00:00 · 2018-08-14 10:18:39 -04:00
parent b59aaf40d4 3ef5a42b73
commit ebceebbc75
1 changed files with 9 additions and 17 deletions
--- a/checks/check13
+++ b/checks/check13
@@ -17,16 +17,9 @@ CHECK_ALTERNATE_check103="check13"
 check13(){
  # "Ensure credentials unused for 90 days or greater are disabled (Scored)"
  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
  # Only check Password last used for users with password enabled 
  if [[ $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED ]]; then
    COMMAND13=$(
    for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
      cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep $i| awk '{ print $1 }'|tr '\n' ' ';
    done)
    # list of users that have used password
    USERS_PASSWORD_USED=$($AWSCLI iam list-users --query "Users[?PasswordLastUsed].UserName" --output text $PROFILE_OPT --region $REGION)
    if [[ $USERS_PASSWORD_USED ]]; then
      # look for users with a password last used more or equal to 90 days
      for i in $USERS_PASSWORD_USED; do
      DATEUSED=$($AWSCLI iam list-users --query "Users[?UserName=='$i'].PasswordLastUsed" --output text $PROFILE_OPT --region $REGION | cut -d'T' -f1)
      HOWOLDER=$(how_older_from_today $DATEUSED)
      if [ $HOWOLDER -gt "90" ];then
@@ -35,7 +28,6 @@ check13(){
        textPass "User \"$i\" found with credentials used in the last 90 days"
      fi
    done
    fi
  else
      textPass "No users found with password enabled"
  fi