ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,658 Commits 1 Branch 0 Tags
0437c10dfd19e36fa3edcec28113d6c3d368a69f
Commit Graph

1658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Martina Rath
073d2ab727 Add check if Enhanced monitoring is enabled on RDS instances 2021-02-05 08:12:11 +01:00
Michael Dop
7e8de8adb8 check28 only look at symmetric keys 
AWS doesn't support the automatic rotation of asymmetric keys
 2021-02-04 10:07:27 -05:00
C.J
de87de3b39 Add access checks for several checks 2021-02-03 17:07:02 -05:00
Toni de la Fuente
e91e2cfee6 Updated extra73 with service name 
Updated extra73 with service name
 2021-02-03 14:55:15 +01:00
Toni de la Fuente
d33c82cd00 Merge branch 'master' into patch-1 2021-02-03 14:54:22 +01:00
Toni de la Fuente
0e3e4a9227 Updated 
added CHECK_SERVICENAME_extra73="s3"
 2021-02-03 14:51:11 +01:00
Toni de la Fuente
bea84ad6d3 Fix title grammar in check_extra73 @CenturionGamer 
Fix title grammar in check_extra73 @CenturionGamer
 2021-02-03 14:49:35 +01:00
Toni de la Fuente
79c4a65ba8 Improved to consider services and severity 2021-02-02 17:36:35 +01:00
Toni de la Fuente
e6d175d62e Check for errors generating credential report, limit loop iterations @zfLQ2qx2 
Check for errors generating credential report, limit loop iterations @zfLQ2qx2
 2021-02-02 15:28:32 +01:00
CenturionGamer
880523880d Update check_extra73 
Fixed the grammar by removing "the" in the description.
 2021-01-28 13:06:44 -05:00
C.J
cbcc8c61a5 Implement OS neutral method of converting rfc3339 dates to epoch 2021-01-26 14:54:27 -05:00
Toni de la Fuente
f9c2e0cf26 Revert PR #718 2021-01-22 16:17:26 +01:00
Toni de la Fuente
6f371744dc Added AWS service name to json, csv and html outputs 2021-01-22 10:56:59 +01:00
Toni de la Fuente
dfdff6e863 Added service name to all checks 2021-01-22 00:23:53 +01:00
Toni de la Fuente
8ed40791ad Added service name to sample check 2021-01-22 00:21:26 +01:00
Toni de la Fuente
f85845c26b Added service name to all checks 2021-01-22 00:19:45 +01:00
Toni de la Fuente
73cac580f3 Added severity field to CSV and HTML output reports 2021-01-21 22:42:40 +01:00
Toni de la Fuente
6bb49fd162 Merge branch 'master' of https://github.com/toniblyx/prowler 2021-01-21 22:40:50 +01:00
Toni de la Fuente
478cb4aa54 Adjusted severity variable 2021-01-21 22:40:25 +01:00
Toni de la Fuente
47aa6998f4 Update check_extra7130 profile parameter was not set @soffensive 
Update check_extra7130 profile parameter was not set @soffensive
 2021-01-18 17:07:00 +01:00
soffensive
f7e4a1f6a4 Update check_extra7130 
Profile was not set
 2021-01-18 16:41:18 +01:00
Toni de la Fuente
b1332f1154 Fix regex in check43 @ilyas28 
Fix regex in check43 @ilyas28
 2021-01-15 13:05:29 +01:00
İlyas Apaydın
8e35e63359 fix regex in check43 2021-01-14 13:38:33 +03:00
C.J
be3e771454 Check for errors generating credential report, limit loop iterations 2021-01-14 04:41:16 -05:00
Toni de la Fuente
f5b26387f0 Clear AWS_DEFAULT_OUTPUT on start @zfLQ2qx2 
Clear AWS_DEFAULT_OUTPUT on start @zfLQ2qx2
 2021-01-14 10:19:07 +01:00
C.J
ed0f01b617 Clear AWS_DEFAULT_OUTPUT on start 2021-01-14 04:01:40 -05:00
Toni de la Fuente
d047cd807a Fix check extra73 fail message omits bucket name @zfLQ2qx2 
Fix check extra73 fail message omits bucket name @zfLQ2qx2
 2021-01-14 09:28:44 +01:00
C.J
6a9a47e549 Fix for issue 713 2021-01-13 19:16:48 -05:00
Toni de la Fuente
6cbee3b16c Fix log metric filter check3x with multiple trails @bridgecrewio 
Fix log metric filter check3x with multiple trails @bridgecrewio
 2021-01-13 23:08:17 +01:00
Toni de la Fuente
a53aeff0e8 Catch errors assuming role and describing regions @zfLQ2qx2 
Catch errors assuming role and describing regions @zfLQ2qx2
 2021-01-13 22:50:11 +01:00
Toni de la Fuente
81787d1946 Add check for AccessDenied when calling GetBucketLocation in extra73,extra734,extra764 @zfLQ2qx2 
Add check for AccessDenied when calling GetBucketLocation in extra73,extra734,extra764 @zfLQ2qx2
 2021-01-13 22:35:20 +01:00
Toni de la Fuente
b23f9b3b5d Fix changes made in check27 2021-01-13 22:21:45 +01:00
Toni de la Fuente
51d6fc99ed Handle shadow CloudTrails more gracefully in checks check21,check22,check24,check27 @zfLQ2qx2 
Handle shadow CloudTrails more gracefully in checks check21,check22,check24,check27 @zfLQ2qx2
 2021-01-13 21:35:07 +01:00
Toni de la Fuente
0d4988b874 Additional check for location of awscli @zfLQ2qx2 
Additional check for location of awscli @zfLQ2qx2
 2021-01-13 21:25:04 +01:00
Toni de la Fuente
17c0409d35 Fix date command for busybox @zfLQ2qx2 
Fix date command for busybox @zfLQ2qx2
 2021-01-13 21:19:07 +01:00
C.J
1d9c1eaece Catch errors assuming role and describing regions 2021-01-13 09:44:15 -05:00
Toni de la Fuente
d77f1ea651 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:58:23 +01:00
Toni de la Fuente
2bc3fcf7ee Add new check extra7131 RDS minor version upgrade 2021-01-13 12:57:08 +01:00
Toni de la Fuente
bcdd12bf84 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:51:49 +01:00
C.J
733c99c1e0 Add check for AccessDenied when calling GetBucetLocation 2021-01-12 15:38:47 -05:00
C.J
ecc08722e1 Handle shadow cloudtrails more gracefully 2021-01-12 13:37:30 -05:00
C.J
f53a32ae26 Additional check for location of awscli 2021-01-12 11:03:30 -05:00
C.J
bf1bd505c5 Fix for busybox date command 2021-01-12 09:11:52 -05:00
Toni de la Fuente
eac59cade8 Add new check extra_7130 to check encryption of a SNS topic @mpratsch 
Add new check extra_7130 to check encryption of a SNS topic @mpratsch
 2021-01-08 13:54:55 +01:00
Martina Rath
994abe8fa3 Add check7130 to group7_extras and fix some issues 2021-01-08 13:43:46 +01:00
Toni de la Fuente
6ad1816e37 Fix EKS related checks regarding us-west-1 @njgibbon 
Fix EKS related checks regarding us-west-1 @njgibbon
 2021-01-07 19:29:22 +01:00
Toni de la Fuente
20b8b1eb1f Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner 
Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner
 2021-01-07 19:22:20 +01:00
Martina Rath
9a060a3c43 Add new extras check (7130) to check encryption of a SNS topic 2020-12-30 08:46:13 +01:00
Barrie Bremner
75e5de9c37 Accept current most restrictive TLSv1.2-only ALB security policy as secure 
The `ELBSecurityPolicy-FS-1-2-Res-2020-10` policy is the most
restrictive TLS v1.2 only SSL/TLS security policy available, and is a
subset of the already accepted `ELBSecurityPolicy-FS-1-2-Res-2019-08`
policy - this commit adds `ELBSecurityPolicy-FS-1-2-Res-2020-10` to
the list of acceptable "secure" security policies.

`ELBSecurityPolicy-FS-1-2-Res-2020-10` has a very limited set of
ciphers, is TLS v1.2 only and supports Forward Secrecy.

Current SSL Labs tests gives it an "A" rating for another source of
confirmation.
 2020-12-24 16:52:01 +00:00
njgibbon
4adc7f5864 feat - fix - taking out eks check condition because california region 2020-12-24 00:00:06 +00:00