ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
989 Commits 1 Branch 0 Tags
2e2fe96ff53ea1ec09225e64bd6d64f4def67363
Commit Graph

329 Commits

Author SHA1 Message Date
Toni de la Fuente
2e2fe96ff5 Improved extra716 filters and auth check 2020-04-01 21:57:20 +02:00
Toni de la Fuente
2e2e9b85af Merge branch 'master' of https://github.com/toniblyx/prowler 2020-04-01 16:53:04 +02:00
Toni de la Fuente
1ae5d5d725 Added custom ports variable to extra779 2020-04-01 16:52:52 +02:00
Huang Yaming
1419d4887a Ignore imported ACM Certificate in check_extra724 2020-03-27 14:49:52 +08:00
Toni de la Fuente
ba75d89911 Added connection test for port 9300 in both linux and macosx on extra779 2020-03-25 18:20:20 +01:00
Toni de la Fuente
8faf1f45c4 Added connection test for port 9300 in both linux and macosx on extra779 2020-03-25 18:19:41 +01:00
Toni de la Fuente
eae4722499 Updated ES check titles and results 2020-03-25 17:25:38 +01:00
Toni de la Fuente
8c18533752 Updated check titles 2020-03-25 17:18:43 +01:00
Toni de la Fuente
ee82424869 Enhanced extra779 with better authentication test and TEST_ES_AUTHENTICATION disabled 2020-03-25 12:44:10 +01:00
Toni de la Fuente
1615478444 Fixed query on extra779 2020-03-25 09:40:03 +01:00
Toni de la Fuente
568bba4c38 Add Elasticsearch checks issue #521 2020-03-24 23:46:11 +01:00
Toni de la Fuente
e082ef05f0 Merge branch 'patch-2' of https://github.com/lanhhuyet510/prowler into lanhhuyet510-patch-2 2020-03-23 15:09:15 +01:00
Toni de la Fuente
db3ac2361c Merge branch 'master' into checks/find_security_groups_with_wide_open_non_RFC1918_IPv4 2020-03-23 14:48:05 +01:00
Toni de la Fuente
30941c355c Added extra777 - Security Groups with too many rules @renuez 2020-03-23 14:39:23 +01:00
Ngọ Anh Đức
0979f421c3 Update check21 2020-03-09 13:00:43 +07:00
Ngọ Anh Đức
89514a1fa8 Update check21 2020-03-09 12:59:47 +07:00
Ngọ Anh Đức
ba13f25c9e Update check21 2020-03-09 12:57:49 +07:00
Ngọ Anh Đức
53ee538e0f add $PROFILE_OPT to the CLI 2020-03-09 12:57:00 +07:00
Ngọ Anh Đức
3116adf86e Update check21 2020-03-09 12:46:16 +07:00
Ngọ Anh Đức
263926a53b Improve check21 
- Add ISLOGGING_STATUS, INCLUDEMANAGEMENTEVENTS_STATUS, READWRITETYPE_STATUS to check
- Remove ` --no-include-shadow-trails ` from CLI
2.1 Ensure CloudTrail is enabled in all regions (Scored):
Via CLI
1. ` aws cloudtrail describe-trails `
Ensure `IsMultiRegionTrail` is set to true
2. `aws cloudtrail get-trail-status --name <trailname shown in describe-trails>`
Ensure `IsLogging` is set to true
3. `aws cloudtrail get-event-selectors --trail-name <trailname shown in describetrails>`
Ensure there is at least one Event Selector for a Trail with `IncludeManagementEvents` set to
`true` and `ReadWriteType` set to `All`
 2020-03-09 12:44:23 +07:00
Philipp Zeuner
cb5858d08a Updated check_extra778 to use PROFILE_OPT and AWSCLI 2020-03-08 09:56:52 +01:00
Philipp Zeuner
1b2b52e6a7 Fixed check_extra778 reference CHECK_ID 2020-03-08 09:22:11 +01:00
Philipp Zeuner
f5d083f781 Updated check_extra778 to exclude 0.0.0.0/0 edge case 2020-03-08 09:21:17 +01:00
Philipp Zeuner
f585ca54d1 Fixed check_extra788 logic bug related to SECURITY_GROUP and improved check_cidr() isolation 2020-03-08 09:20:05 +01:00
Philipp Zeuner
f149fb7535 Refactored check name to check_extra778 2020-03-08 08:15:20 +01:00
jonjozwiak
8173c20941 Improve performance of check_extra742 by limiting to one AWS CLI call 2020-03-04 16:46:28 +02:00
Toni de la Fuente
c0d8258283 [new check] Check if ECR image scan found vulnerabilities in the newest image version 
[new check] Check if ECR image scan found vulnerabilities in the newest image version
 2020-03-03 23:06:44 +01:00
Toni de la Fuente
4646dbcd0b Updated check_extra776 title 2020-03-03 23:04:09 +01:00
Marcel Beck
db260da8b0 feat: New check for ecr image scan findings 
This will check if there is any ecr image with findings.
 2020-03-03 22:53:26 +01:00
Philipp Zeuner
162ff05e42 Updated check_extra777 to fix CHECK_ALTERNATE variable 2020-03-02 22:53:32 +01:00
Philipp Zeuner
6ea863ac3b Initial commit 2020-03-01 20:26:51 +01:00
Marcel Beck
5257ce6c0b docs: Fix typo 2020-02-28 17:58:10 +01:00
Marcel Beck
c9508c28b3 fix: check119 needs to ignore terminated instances 
Terminated does not seem to have an instance profile. And its not
possible to start a terminated instance again.
 2020-02-25 09:23:55 +01:00
Faraz Angabini
2321655503 fixed check numbers for 774,775 2020-02-22 22:16:59 -08:00
Kasprzykowski
40985212ab check_extra775 added | group7_extras and group11_secrets updated 2020-02-21 09:24:13 -05:00
Kasprzykowski
a1d26b44c3 check_extra999 added and group7_extras updated 2020-02-21 09:05:33 -05:00
Christopher Morrow
4a1d4060ec Check Extra 774 - Fixed bug - was checking account creation time instead of last logon date. 2020-02-20 15:11:13 -08:00
Toni de la Fuente
ca34590da0 Merge branch 'bugfix/check_11_check_access_keys_usage' of https://github.com/bridgecrewio/prowler into bridgecrewio-bugfix/check_11_check_access_keys_usage 2020-02-19 18:14:37 +01:00
Toni de la Fuente
44716cfab2 Merge pull request #486 from bridgecrewio/bugfix/mark_only_available_rds_instances_as_violating 
Filter for only available rds instances
 2020-02-19 18:11:43 +01:00
Toni de la Fuente
1f3aaa8c7b Merge pull request #485 from bridgecrewio/bugfix/es_public_domains_filter_condition 
Add conditions check for extra716
 2020-02-19 18:09:37 +01:00
Toni de la Fuente
6213a7418c Merge pull request #484 from bridgecrewio/bugfix/public_bucket_policy_check_for_conditions 
Add conditions check for extra771
 2020-02-19 18:08:02 +01:00
Toni de la Fuente
bf9ffc0485 Merge pull request #483 from bridgecrewio/bugfix/extra748_check_for_all_ports 
Check extra748 should fail in case of all ports (0-65535) open
 2020-02-19 17:58:17 +01:00
Nimrod Kor
e41e77ed78 Remove unnecessary print 
(cherry picked from commit 72bb29f13cabf5bd85af3c5539a46eacd34538ae)
 2020-02-18 11:58:05 +02:00
Nimrod Kor
a6516e4af8 Check 1.1 - check password access and access key usage 
(cherry picked from commit f62cde1bf1a32138419cc1488392b93816958595)
 2020-02-18 11:36:57 +02:00
Nimrod Kor
4fe575030b Filter for only available rds instances 
(cherry picked from commit 5a7356be3cd137e08161b3dc0d7b8f1b2267c304)
 2020-02-18 10:48:58 +02:00
Nimrod Kor
178a34e40d Add conditions check for extra716 
(cherry picked from commit 2ec6696897a272c7d765cc31e37703a453f57289)
 2020-02-18 10:48:25 +02:00
Nimrod Kor
5f3293af1e Add conditions check for extra771 
(cherry picked from commit 805b276578d5afda60b38cffa28fe09b16380799)
 2020-02-18 10:28:36 +02:00
Nimrod Kor
28a8ae7572 Check extra748 should fail in case of all ports (0-65535) open 2020-02-18 10:26:44 +02:00
Nimrod Kor
daa26ed14c extra764 should also check for principal being AWS = "*" 2020-02-18 10:20:13 +02:00
Toni de la Fuente
f99d35888a Merge branch 'patch-1' of https://github.com/alphad05/prowler into alphad05-patch-1 2020-02-12 23:20:32 +01:00