ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,081 Commits 1 Branch 0 Tags
1beb483be3742a8a088542e9902fbaadfda4edc5
Commit Graph

1081 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Toni de la Fuente
1beb483be3 Fixed issue with govcloud on extra764 #536 2020-04-22 20:40:18 +02:00
Toni de la Fuente
7dc790a3f5 Fixed issue with govcloud on extra764 #536 2020-04-22 20:05:39 +02:00
Toni de la Fuente
8c9aea1231 Improved GetCallerIdentity handling / credentials 2020-04-22 13:54:17 +02:00
Toni de la Fuente
9f03bd7545 Added txt output as mono for -M 2020-04-22 12:58:54 +02:00
Toni de la Fuente
2eb41ff910 Added account id to the output filename 2020-04-22 12:32:05 +02:00
Toni de la Fuente
2d64a1182e Added account id to the output filename 2020-04-22 12:31:27 +02:00
Toni de la Fuente
43fb877109 Added account id to the output filename 2020-04-22 12:28:31 +02:00
Toni de la Fuente
ef952ce9cc Simplified caller id info on outputs 2020-04-22 12:07:20 +02:00
Toni de la Fuente
0cca77a141 Check if gbase64 (GNU) is available on Mac and use it in preference to BSD base64 @marcjay 
Check if gbase64 (GNU) is available on Mac and use it in preference to BSD base64
 2020-04-22 12:01:40 +02:00
Toni de la Fuente
5b9cf7fa99 Fix -E flag no longer excluding checks @marcjay 
Fix -E flag no longer excluding checks
 2020-04-22 11:55:01 +02:00
Marc Jay
5805576dce Check if gbase64 (GNU) is available on Mac and use it in preference to BSD base64 
Previously it was switching to GNU versions of base64 even if base64 was the BSD version

Fixes #568
 2020-04-22 10:35:33 +01:00
Toni de la Fuente
9cbdefc2de Adds CSV header to the output file too #565 2020-04-22 11:27:08 +02:00
Marc Jay
c2669622cf Fix -E flag no longer excluding checks 
Remove re-declaration of TOTAL_CHECKS variable

Bug introduced by #561

Fixes #566
 2020-04-22 09:58:33 +01:00
Toni de la Fuente
b9051e6fc9 Merge pull request #563 from marcjay/correct-check13-496 
Extend check13 to meet all CIS rules and consolidate with extra774
 2020-04-22 10:46:37 +02:00
Toni de la Fuente
92091d9ecd Rollback #562 fix issue #564 2020-04-22 10:31:30 +02:00
Marc Jay
ad66254b45 Extend check13 to meet all CIS rules and consolidate with extra774 
Create `include/check_creds_last_used` and move all logic for checking last usages of passwords and access keys there
Modify check13 and extra774 to call new function, specifying time-range of last 90 days and last 30 days respectively
Modify messages in check14 and check121 so that all mentions of 'access key's are consistent

Fixes #496
 2020-04-21 01:21:55 +01:00
Toni de la Fuente
d6374f8bc8 Updated textInfo message on extra712 2020-04-20 19:27:39 +02:00
Toni de la Fuente
0c7805356e Enhancement: extra712 improved with Macie API call instead of IAM @eko0126 
using api commands to check if macie is enabled instead of looking ia…
 2020-04-20 19:20:13 +02:00
Toni de la Fuente
86ea46d77c Update check_extra712 2020-04-20 19:19:05 +02:00
Toni de la Fuente
3feac6f75b Improve listing of Checks and Groups @marcjay 
Improve listing of Checks and Groups
 2020-04-20 19:14:50 +02:00
Marc Jay
71bf414faf Merge branch 'master' into improve-listing-of-checks-and-groups-545 2020-04-20 18:11:06 +01:00
Toni de la Fuente
38a970f4fc Enhancement: extra768 only check latest version of ECS task definition 
Only check latest version of task definition
 2020-04-20 19:00:26 +02:00
Toni de la Fuente
3dae201a80 Merge branch 'marcjay-add-junit-xml-output-mode-log-duration-537' 2020-04-20 18:57:27 +02:00
Toni de la Fuente
d45b739b1e Merge branch 'add-junit-xml-output-mode-log-duration-537' of https://github.com/marcjay/prowler into marcjay-add-junit-xml-output-mode-log-duration-537 2020-04-20 18:51:26 +02:00
Toni de la Fuente
ce56f0cb24 git push origin masterMerge branch 'nalansitan-extra725' 2020-04-20 18:49:37 +02:00
Toni de la Fuente
d02d9e1c95 Merge branch 'extra725' of https://github.com/nalansitan/prowler into nalansitan-extra725 2020-04-20 18:46:39 +02:00
Alex Gray
5b8370179a Get the list of families and then get latest task definition 2020-04-20 09:15:15 -04:00
He.Longfei
b42cc33a6c using api commands to check if macie is enabled instead of looking iam role 2020-04-20 15:01:38 +08:00
Marc Jay
8f179338d8 Fix invalid references to $i when it should reference a local $group_index variable 2020-04-20 01:30:37 +01:00
Marc Jay
47a05c203a Improve listing of Checks and Groups 
Change `-l` flag to print a unique list of every single check (assuming none are orphaned outside of all groups)
Allow `-g <group_id>` to be specified in combination with `-l`, to only print checks that are referenced by the specified group
When listing all checks with `-l` only, print out all groups that reference each check

Fixes: #545
 2020-04-20 01:12:53 +01:00
Toni de la Fuente
6747b208ce Improved extra716 and extra788 2020-04-17 15:16:55 +02:00
Marc Jay
78f649bd65 Replace -J flag with junit-xml output format 
Rearrange output functions so they support outputting text alongside other formats, if specified
Add a convenience function for checking if JUnit output is enabled
Move monochrome setting into loop so it better supports multiple formats
Update README
 2020-04-15 23:36:40 +01:00
Alex Gray
172f4b2681 Only check latest version of task definition 2020-04-15 15:19:44 -04:00
Marc Jay
dc31adcc18 Rename JUnit XML files to match the Java convention - with a 'TEST-' prefix 2020-04-15 13:42:33 +01:00
Marc Jay
fa17829832 Fix arithmetic expression for calculating test duration 2020-04-15 12:52:48 +01:00
Marc Jay
994390351e Add the ability to generate JUnit XML reports with a -J flag 
If the -J flag is passed, generate JUnit XML reports for each check, in-line with how Java tools generate JUnit reports.
Check section numbers equate to 'root packages', checks are second-level packages, each check equates to a testsuite (mirroring Java where each test class is a testsuite) and each pass/fail of a check equates to a testcase
Time the execution of each check and include this in the report
Include properties (Prowler version, check level etc.) in-line with standard JUnit files
XML escape all strings for safety

Detect if a user has GNU coreutils installed on Mac OS X, but not as their default, switching to using gdate for date commands if so, as it has more features, including getting dates in milliseconds
Add prowler-output, junit-reports and VSCode files to .gitignore
Update README to include JUnit info, address markdownlint warnings
Remove unused arguments to jq in generateJsonAsffOutput

Fixes #537
 2020-04-15 02:36:16 +01:00
Toni de la Fuente
462527015c Merge branch 'marcjay-simplify-check-id-variables' 2020-04-15 00:24:17 +02:00
Toni de la Fuente
3311acf82c Merge branch 'simplify-check-id-variables' of https://github.com/marcjay/prowler into marcjay-simplify-check-id-variables 2020-04-15 00:23:54 +02:00
Toni de la Fuente
f065beb93b Fixed title in group16_trustboundaries 2020-04-14 23:57:55 +02:00
Toni de la Fuente
2de49c3940 Added more sample commands and updates 2020-04-14 23:55:02 +02:00
Toni de la Fuente
f3664b56ec Open 2020-04-14 22:46:44 +02:00
Toni de la Fuente
4ea1864365 Allow multiple report types at once #345 2020-04-14 22:28:58 +02:00
Toni de la Fuente
e6fe5addbc Added section for Security Hub integration 2020-04-14 18:52:48 +02:00
Toni de la Fuente
58d793ec2a Added section for Security Hub integration 2020-04-14 18:51:13 +02:00
Toni de la Fuente
973f6b39a0 Merge branch 'master' of https://github.com/toniblyx/prowler 2020-04-14 16:45:54 +02:00
Toni de la Fuente
11c182c5fe Fixed issue with regions on check21 2020-04-14 16:45:37 +02:00
nalansitan
036ae640e5 support arn:aws:s3::: on extra725 2020-04-14 10:38:01 +08:00
Marc Jay
7e5a4a1de4 Adjust execute_check() now that check71's ID has changed 
Fix minor typo in a comment
 2020-04-14 02:17:28 +01:00
Marc Jay
0f49468601 Limit CHECK_ID to a single value, handing the left-pad formatting in one place 
Remove the second entry in any comma-separated check IDs from each check, formatting
the check ID with leading zeros in `include/outputs` if the `-n` flag is active
 2020-04-14 02:02:48 +01:00
Toni de la Fuente
df52057287 Fix: extra741 - Check if User Data is a valid GZIP file before attempting to gunzip @marcjay 
Extra741 - Check if User Data is a valid GZIP file before attempting to gunzip
 2020-04-13 23:53:39 +02:00