256 Commits

Author	SHA1	Message	Date
Toni de la Fuente	528e14d4cf	Update check119 ... updated to not scored	2020-02-10 22:55:57 +01:00
root	9ed7d75c44	Add command for check119	2020-01-12 17:40:41 -05:00
Toni de la Fuente	b3b903959b	Merge pull request #446 from zfLQ2qx2/cleanup_temp_files ... Try to make sure prowler cleans up its temporary files	2019-12-31 15:21:33 +01:00
Toni de la Fuente	4806d5fc78	Merge pull request #447 from zfLQ2qx2/update_check_extra764 ... Misc fixes to check extra764	2019-12-31 11:39:21 +01:00
Toni de la Fuente	a755ec806a	Merge pull request #444 from zfLQ2qx2/update_extra769 ... Add additional error checking to check extra769	2019-12-31 11:05:44 +01:00
root	7d324bed65	Resolve issue with not_available state in results	2019-12-30 14:43:51 -05:00
root	b22b0af2ce	Misc fixes to check extra764	2019-12-30 14:20:50 -05:00
root	4cc5cd1ab1	Try to make sure prowler cleans up its temporary files	2019-12-30 13:43:53 -05:00
root	688f028698	Add additional error checkings to check extra769	2019-12-30 11:33:12 -05:00
Toni de la Fuente	74380a62d9	Merge pull request #443 from zfLQ2qx2/update_ecr_checks ... Add error checking to checks extra77 and extra765	2019-12-30 16:31:27 +01:00
root	c84190c3d9	Add error checking to checks extra77 and extra765	2019-12-30 10:07:14 -05:00
Toni de la Fuente	23be47a9b6	Enhanced title for check extra723	2019-12-27 12:09:35 +01:00
Nimrod Kor	1087d60457	Small check fixes ... (cherry picked from commit 70879ba1e03ee7d5e5d59f94fd049620e08e4847)	2019-12-18 13:24:31 +02:00
Toni de la Fuente	0d120a4536	Merge pull request #437 from bridgecrewio/feature/check_bucket_policies_public_write ... Check bucket policies public write	2019-12-17 10:41:35 +01:00
Toni de la Fuente	0ab5d87b8f	Merge pull request #433 from kmcquade/check/public-instance-with-instance-profile-attached ... Added check_extra770, which checks for internet facing instances with an instance profile attached	2019-12-17 10:40:01 +01:00
Toni de la Fuente	933e4152cc	Merge pull request #435 from bridgecrewio/feature/fix_check26 ... Fix check26 - get the account ID from sts	2019-12-17 10:14:11 +01:00
Nimrod Kor	fc3f4e830e	Reuse ACCOUNT_NUM	2019-12-17 09:29:06 +02:00
Nimrod Kor	7e803bb6a9	Change to check 771	2019-12-15 18:18:02 +02:00
Nimrod Kor	2d5d551696	Initial commit	2019-12-15 18:18:02 +02:00
Nimrod Kor	8e1aa17a80	Fix check26 - get the account ID from sts ... (cherry picked from commit ae20d9c5b770ac593e64fa399fde55312d97ae1c)	2019-12-15 15:55:54 +02:00
Kinnaird McQuade	3b264d556b	Added check_extra770, which checks for internet facing instances with an Instance Profile attached.	2019-12-12 11:07:14 -05:00
Nimrod Kor	559b0585dc	Add trail count to check21 and fail if no trail exist ... (cherry picked from commit fcf28dfa70fb93df9f61393b8dff2cc5fc14729e)	2019-12-12 09:45:06 +02:00
Toni de la Fuente	7b5ece8007	New check IAM Access Analyzer issue #428	2019-12-03 15:58:19 +01:00
Toni de la Fuente	fe65eaf373	New check ECS scan on push issue #427	2019-12-03 15:27:09 +01:00
Toni de la Fuente	dce9d5c96d	Merge pull request #423 from barnhartguy/master ... Update check_extra768	2019-11-25 10:03:27 +01:00
Will Thames	2e11e0a3f2	Fix extra764 check ... Add missing bracket to prevent: ``` jq: error: syntax error, unexpected INVALID_CHARACTER, expecting $end (Unix shell quoting issues?) at <top-level>, line 1: .Statement[]|select(((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and .Principal == "*")) and .Action=="s3:*" and (.Resource|type == "array") and (.Resource|map({(.):0})[]|has($arn)) and (.Resource|map({(.):0})[]|has($arn+"/*")) and .Condition.Bool."aws:SecureTransport" == "false") ``` (line breaks added to reduce commit width)	2019-11-25 16:01:26 +10:00
barnhartguy	c630c02a26	Update check_extra768 ... fixed typo	2019-11-24 14:37:09 +02:00
Toni de la Fuente	8f91bfee24	clean up documentation and added info to check_sample	2019-11-22 11:59:03 +01:00
Toni de la Fuente	c513e7af6c	Merge pull request #420 from bridgecrewio/feature/ecs_task_definition_secrets_check_contribute ... Add ECS task definition environment variables check	2019-11-22 00:18:00 +01:00
Toni de la Fuente	2e1cead3a2	Merge pull request #419 from zfLQ2qx2/prowler-extra719 ... Filter out private zones in check extra719	2019-11-22 00:12:36 +01:00
Toni de la Fuente	5c8b0aa942	Merge pull request #418 from zfLQ2qx2/prowler-check726 ... Handle Trusted Advisor entitlement issue gracefully	2019-11-22 00:10:39 +01:00
Toni de la Fuente	15dda01842	Merge pull request #417 from zfLQ2qx2/prowler-misc-updates ... Update extra764 and extra734, add .gitignore rules for vim	2019-11-22 00:09:35 +01:00
Nimrod Kor	d19ae27f7c	Fix merge issue	2019-11-21 12:48:17 -08:00
Nimrod Kor	b61af3a9eb	Add ECS task definition environment variables check ... (cherry picked from commit 662f287dd6739cd6d8e5e0d95537f4ca4b7b6493)	2019-11-21 12:44:09 -08:00
zfLQ2qx2	687686c929	Filter out private zones in check extra719	2019-11-21 15:36:38 -05:00
zfLQ2qx2	94a90599bd	Handle Trusted Advisor entitlement issue gracefully	2019-11-21 15:17:03 -05:00
zfLQ2qx2	669469e618	Update extra764 and extra734, add .gitignore rules for vim	2019-11-21 14:56:13 -05:00
Toni de la Fuente	961b79a4aa	Added extra767 for CloudFront field level encryption issue #425	2019-11-21 17:48:34 +01:00
Toni de la Fuente	264b84ae2a	Added check_extra765 ECR scanning issue #406	2019-11-21 00:52:18 +01:00
Toni de la Fuente	d737193b98	Merge pull request #407 from zfLQ2qx2/prowler_misc_fixes ... Misc prowler fixes Add GetEbsEncryptionByDefault wherever Prowler policies are mentioned Update Extra718 check to be aware of access denied responses Update Extra726 check to be more verbose for non-failure items Update Extra73 check to be aware of access denied responses Update Extra734 check to be aware of access denied responses and parse policies with jq for better accuracy Update Extra742 check for verbiage Update Extra756 check for verbiage and parameter order Update Extra761 check for failure scenarios (requires most recent awscli and addition to Prowler IAM policy) Added Extra763 check to verify that object versioning is enabled on S3 buckets Added Extra764 check to verify that S3 buckets enforce a secure transport policy	2019-11-20 22:03:02 +00:00
Toni de la Fuente	649192eb41	Merge pull request #411 from zfLQ2qx2/prowler-extra75-enhancement ... Update extra75 to be aware of default security groups	2019-11-20 21:46:21 +00:00
zfLQ2qx2	054043d78e	Update extra75 to aware of default security groups	2019-11-20 00:09:35 -05:00
zfLQ2qx2	603ed0b16f	Update log metric filter checks to latest AWS CIS Foundations Benchmark and provide hints on how to remediate	2019-11-19 01:37:42 -05:00
zfLQ2qx2	3a893889b6	Misc prowler fixes	2019-11-13 22:49:32 -05:00
Toni de la Fuente	18e5c0b8ae	Merge pull request #404 from gabrielsoltz/check_extra731_jq ... Extra 731 with JQ	2019-10-28 15:36:43 +01:00
Toni de la Fuente	e748275fc5	Merge pull request #403 from gabrielsoltz/check_extra727_smarter ... Check extra727 smarter (SQS)	2019-10-28 15:35:45 +01:00
gabrielsoltz	8bb1529c2a	jq_improvements	2019-10-25 16:46:36 +02:00
gabrielsoltz	61ef02ec50	reduce_api_calls	2019-10-25 16:42:59 +02:00
gabrielsoltz	fb45fa0c03	reduce_api_calls	2019-10-24 23:56:02 +02:00
gabrielsoltz	6a52ebe492	reduce_api_calls	2019-10-24 23:54:04 +02:00