190 Commits

Author	SHA1	Message	Date
Samuel Dugo	71355b0c4c	New option "-E" supports exclusion of one or multiple checks ... Added new option "-E" which will execute all tests except a list of specified checks separated by comma (i.e. check21,check31). Any invalid check name will be discarded. And if just one argument is passed and this is invalid, then Prowler will execute all checks. To save space, the option will return a list of total checks excluding the list provided. Then, the functionality will overwrite CHECK_ID with the final list and the program will continue as if the user entered "-c" option and the final list of checks.	2018-12-21 12:14:10 +01:00
Samuel Dugo	00e5e65176	Option "-c" supports one or multiple checks ... Added support for option "-c" to specify one or multiple specific checks to be performed. To specify multiple tests include them using a comma delimiter (i.e. check21,check22).	2018-12-19 17:05:13 +01:00
Toni de la Fuente	0ca1a8f28c	version and extras last addition	2018-11-26 23:23:16 -05:00
Toni de la Fuente	e2861614c2	Generate creds report only if group1 related	2018-11-14 22:30:22 -05:00
Toni de la Fuente	d14bdcc6c3	added option -L to list check groups	2018-11-14 20:38:02 -05:00
Toni de la Fuente	b4ea16b6f7	Changed label to beta3	2018-10-31 23:16:23 -04:00
Jeremy Phillips	ad012f8db6	List not listing checks, but executing them. Then only displays the first check per group.	2018-10-09 08:52:24 -04:00
Toni de la Fuente	17b821aee6	improved group error handling	2018-07-26 23:30:48 -04:00
Toni de la Fuente	8acc18b32b	added json support to README and usage	2018-05-29 16:23:37 -04:00
Ben Hecht	84e9ef2f94	Add JSON support	2018-05-29 15:22:08 -04:00
MrSecure	00df2c0d0a	ensure credential report is available before running any checks	2018-04-27 12:37:56 -05:00
Toni de la Fuente	2afbda53b2	fixed banner on -g option	2018-04-20 17:36:54 -04:00
MrSecure	d1693e0f3d	move getWhoami to position where it will run before any checks ... This restores the AWS account number in the CSV output when running checks or groups.	2018-04-20 15:55:51 -05:00
MrSecure	7ba6080522	add -V flag to show version	2018-04-20 15:54:47 -05:00
Toni de la Fuente	5efd2669fa	new check Trusted Avisor errors/warnings	2018-04-20 12:57:07 -04:00
Toni de la Fuente	38ad3ca657	region and profile handling improved	2018-04-19 09:47:16 -04:00
Toni de la Fuente	8f86a5319f	set version label 2.0-beta2	2018-04-11 10:14:34 -04:00
Toni de la Fuente	4c607bba1c	improved current directoy handler for includes	2018-04-11 10:13:43 -04:00
Toni de la Fuente	1b0d09da13	added version variable to banner	2018-04-11 10:01:50 -04:00
Toni de la Fuente	e3e038127f	license changes for checks	2018-04-09 15:09:30 -04:00
Toni de la Fuente	91b8a832ec	hide banner on csv output for group mode	2018-03-28 12:32:51 -04:00
Toni de la Fuente	07b166baa9	changed outputs to the new ones	2018-03-28 11:07:46 -04:00
Toni de la Fuente	70483ba81b	updated README and usage	2018-03-27 18:07:03 -04:00
Toni de la Fuente	2648067ac6	fully functional beta 2.0	2018-03-26 22:54:21 -04:00
Toni de la Fuente	6647702d90	added support of -g groups	2018-03-26 21:32:15 -04:00
Toni de la Fuente	7866d42df9	changed output to PASS and FAIL	2018-03-26 15:40:40 -04:00
Toni de la Fuente	a21bff31a5	create check files	2018-03-20 22:59:34 -04:00
Dan Borges	5156376df6	Update prowler	2018-03-06 09:58:12 -08:00
Toni de la Fuente	6ccd1020e3	Merge pull request #180 from subramani95/patch-4 ... Improving check41 and check42	2018-02-26 23:23:29 -05:00
Toni de la Fuente	fa03991edd	Merge pull request #181 from doshitan/improve-check28 ... Improve check28	2018-02-22 11:38:26 -08:00
Tanner Doshier	d7f4f99f15	Improve check28 ... The CIS benchmarks state that only customer managed CMKs should be checked, so exclude all AWS managed CMKs, not just the one for ACM. Also fix up some formatting and dead code.	2018-02-22 12:32:36 -06:00
Tanner Doshier	1295c5ecff	Use #!/usr/bin/env bash instead of hard coding #!/bin/bash ... Better cross-platform support.	2018-02-22 12:16:12 -06:00
Subramani Ramanathan	65c417a357	Improving check41 and check42 ... Improved check41 and check42 to ensure no inbound rule exists that has:- # port no 22 and source of 0.0.0.0/0 # port no in the range (i.e 0-1024) and source of 0.0.0.0/0 # port value of all and source of 0.0.0.0/0	2018-02-21 02:48:20 +05:30
Toni de la Fuente	ec7930146b	New checks and improvements	2018-02-16 12:33:05 -05:00
Subramani Ramanathan	771cbf6b08	Fix to get CloudWatch Log Group Region ... Fix to get CloudWatch Log Group Region, when more than one log group names are there	2018-02-12 21:55:55 +05:30
Subramani Ramanathan	f64fac3e17	Improved 'check31' ... Get the Metric Name using Log Group and Filter names and check the alarms associated with that metric.	2018-02-12 18:43:20 +05:30
Toni de la Fuente	d101e2b3bf	Added new check extra719 route53 query logging	2018-02-09 19:57:54 -05:00
Toni de la Fuente	f5ba67da86	Added check extra718 bucket server access logging	2018-02-09 18:15:06 -05:00
Toni de la Fuente	cd276ab959	Added new check extra717 ELB logging	2018-02-09 17:17:09 -05:00
Toni de la Fuente	b2264997d6	Added new check extra716 ES service allow open access	2018-02-08 01:21:22 -05:00
Toni de la Fuente	55d3d642f9	Added new check extra716 ES service allow open access	2018-02-08 01:01:28 -05:00
Toni de la Fuente	841e5436b9	Added new check extra715 ES service logging	2018-02-08 00:27:27 -05:00
Toni de la Fuente	3665d64f2b	Added check extra714 CloudFront logging	2018-02-07 23:49:26 -05:00
Toni de la Fuente	b92ba781ba	Fixed mktemp in OSX and OS handlign	2018-02-07 22:52:32 -05:00
Toni de la Fuente	c447e456d0	Fixed mktemp in OSX	2018-02-07 22:48:02 -05:00
Toni de la Fuente	9f977d263d	Fixed mktemp in OSX	2018-02-07 22:47:13 -05:00
Toni de la Fuente	53580d488c	Fix issue #165	2018-02-07 22:22:51 -05:00
Toni de la Fuente	84591d25a6	New check extra713 for GuardDuty	2018-02-05 23:41:19 -05:00
Toni de la Fuente	194eecb269	New forensics-ready check group and extra712	2018-02-05 23:07:55 -05:00
Toni de la Fuente	9f01be416a	Improved check31 issue #111	2018-02-05 22:02:53 -05:00