ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add the option to filter API requests by region

Browse Source 
This change adds the ability to perform checks against specific regions only.

The -r option allows you to set the region that API requests are made against,
but checks are always made against all regions.

The -f allows you to filter which regions to run checks against.
This commit is contained in:
AlexClineBB
2017-05-31 14:59:37 -04:00
parent 9727d5a3ed
commit fc9b8a1d3c
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
prowler
View File

@@ -48,21 +48,23 @@ WHITE=""
# Set the defaults for these getopts variables
PROFILE="default"
REGION="us-east-1"
FILTERREGION=""
# Command usage menu
usage(){
echo -e "\nUSAGE:
`basename $0` -p <profile> -r <region> [ -h ]
Options:
-p <profile> specify your AWS profile to use (i.e.: default)
-r <region> specify a desired AWS region to use (i.e.: us-east-1)
-c <checknum> specify a check number or group from the AWS CIS benchmark (i.e.: check11 for check 1.1 or check3 for entire section 3)
-h this help
-p <profile> specify your AWS profile to use (i.e.: default)
-r <region> specify an AWS region to direct API requests to (i.e.: us-east-1)
-c <checknum> specify a check number or group from the AWS CIS benchmark (i.e.: check11 for check 1.1 or check3 for entire section 3)
-f <filterregion> specify an AWS region to run checks against (i.e.: us-west-1)
-h this help
"
exit
}
while getopts "hp:r:c:" OPTION; do
while getopts "hp:r:c:f:" OPTION; do
case $OPTION in
h )
usage
@@ -77,6 +79,9 @@ while getopts "hp:r:c:" OPTION; do
c )
CHECKNUMBER=$OPTARG
;;
f )
FILTERREGION=$OPTARG
;;
: )
echo -e "\n$RED ERROR!$NORMAL -$OPTARG requires an argument\n"
exit 1
@@ -192,7 +197,7 @@ echo -e " |_|$NORMAL$BLUE CIS based AWS Account Hardening Tool$NORMAL\n"
# Get whoami in AWS, who is the user running this shell script
getWhoami() {
echo -e "\nThis report is being generated using credentials below:\n"
echo -e "AWS-CLI Profile: $NOTICE[$PROFILE]$NORMAL AWS Region: $NOTICE[$REGION]$NORMAL\n"
echo -e "AWS-CLI Profile: $NOTICE[$PROFILE]$NORMAL AWS API Region: $NOTICE[$REGION]$NORMAL AWS Filter Region: $NOTICE[${FILTERREGION:-all}]\n"
$AWSCLI sts get-caller-identity --output table --profile $PROFILE --region $REGION
}
@@ -228,7 +233,8 @@ cleanTemp(){
REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
--output text \
--profile $PROFILE \
--region $REGION)
--region $REGION \
--region-names $FILTERREGION)
infoReferenceLong(){
# Report review note: