ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
544 Commits 1 Branch 0 Tags
573fa46aaca1ff109615800b201aeb91befe8af6
Commit Graph

84 Commits

Author SHA1 Message Date
Samuel Dugo
573fa46aac Fixed AccessDeniedException on extra730 
When executing Prowler using a specific profile (in my case to assume a role) , check_extra730 returns:

"An error occurred (AccessDeniedException) when calling the DescribeCertificate operation: User: [ASSUMED_ROLE_ARN] is not authorized to perform: acm:DescribeCertificate on resource: [RESOURCE_ARN]"

This is because line 28 did not contain  the following parameters: "$PROFILE_OPT --region $regx" .
 2018-12-05 11:35:44 +01:00
Toni de la Fuente
aeaf533585 Added extra740 EBS snapshots are encrypted and HIPAA 2018-11-19 23:22:18 -05:00
Toni de la Fuente
5757a88227 Added extra739 ELB logging and typos 2018-11-19 22:55:29 -05:00
Jason Turner
cafd203406 Updated check29 to validate against FlowLogId which is valid for both CloudWatch and s3 destinations 2018-11-14 14:19:44 -08:00
Toni de la Fuente
2437f8fb16 Added extra738 CloudFront HTTPS 2018-11-08 20:21:46 -05:00
Toni de la Fuente
fa5b81b28e Added extra737 KMS keys rotation 2018-11-07 23:37:06 -05:00
Toni de la Fuente
9bdbf6f51c Added extra736 check exposed KMS keys 2018-11-07 23:27:58 -05:00
Toni de la Fuente
b6a30df808 Added extra735 check encrypted RDS 2018-11-07 22:00:28 -05:00
Toni de la Fuente
0dc2b9a081 Improved extra734 checking enforce policy 2018-11-06 00:17:00 -05:00
Toni de la Fuente
29e142361b Improved extra734 checking enforce policy 2018-11-06 00:15:20 -05:00
Toni de la Fuente
883afa4959 Added extra734 check S3 bucket encryption 2018-11-05 23:30:00 -05:00
Toni de la Fuente
c7bfd72d2d Add check extra733 SAML Provider STS 2018-10-31 23:09:24 -04:00
Toni de la Fuente
9a88249965 Added check extra732 Cloudfront CDN Geo restrictions 2018-10-31 22:45:59 -04:00
Toni de la Fuente
6cb75fa26a Added check extra732 Cloudfront CDN Geo restrictions 2018-10-31 22:44:45 -04:00
Toni de la Fuente
2fd6f9801a Added check extra731 SNS topics Public 2018-10-31 22:23:41 -04:00
Toni de la Fuente
fe8a123ead Added check extra730 - ACM cert expiration 2018-10-31 00:01:47 -04:00
jlamande@gmail.com
bd06720416 Accelerate check 122 (scope local, 1 less API call by policy) 2018-10-19 13:43:37 +02:00
jlamande@gmail.com
8798861c99 fix(check13): should not pass if user never logged in 2018-10-17 10:16:49 +02:00
Maximilian Bode
ff973e09c4 Use awscli query instead of cut for Extra 7.13 
Fixes #249.
The text output of `aws guardduty get-detector` has changed with awscli release 1.16.25, leading to GuardDuty detectors misreported as suspended.
 2018-10-02 12:20:42 +02:00
Toni de la Fuente
843a762e44 Fixed issue #247 2018-09-24 22:27:34 -04:00
Toni de la Fuente
fe44298e4e fixed checkID in check_extra76 2018-09-21 09:45:22 -04:00
Michael Schubert
c7b913fff4 Take age of access key 2 from correct column 2018-09-20 16:18:19 +02:00
Gary Patterson
5aad05b0ae Added managed to output 2018-09-11 23:06:00 -05:00
Gary Patterson
c575b5c243 Update Check 1.16 based on CIS v1.2 05-23-2018 to include list-user-policies for Inline Polices 2018-09-11 22:56:06 -05:00
Toni de la Fuente
62ea9135b6 Improved username filtering for check12 2018-09-05 11:09:03 +01:00
Toni de la Fuente
7f53b6d3ce Merge pull request #239 from martinusnel/hotfix/check_extra725 
Fixed test for no S3 buckets and moved code.
 2018-09-02 19:17:08 +02:00
Martinus Nel
3bffbe2ca4 Fixed test for no S3 buckets and moved code. Changed method to run through the trails list file. 2018-08-28 16:52:31 +01:00
Toni de la Fuente
68675ac365 PR 235 2018-08-15 16:09:17 -04:00
Toni de la Fuente
1516c4ea15 Fixed as SCORED 2018-08-15 15:48:58 -04:00
Toni de la Fuente
7a474aa335 Fixed as SCORED 2018-08-15 15:48:39 -04:00
Keith Rhea
97da9c2122 Modified checks and documentation to reflect changes in CIS_Benchmark_v1.2.0(05-23-2018) 2018-08-15 09:16:27 -06:00
Toni de la Fuente
ebceebbc75 Merge pull request #232 from rheak/master 
Update Scored Value for 115 and 315. Update 13 to only check users with enabled console password.
 2018-08-14 10:18:39 -04:00
Toni de la Fuente
b59aaf40d4 Issue #230 2018-08-14 10:11:44 -04:00
Toni de la Fuente
302dbb5e9d Merge pull request #228 from martinusnel/hotfix/check111 
Fixed Bash test.
 2018-08-10 19:07:49 -04:00
Keith Rhea
3ef5a42b73 Updated check13 to only check users that have console password enabled 2018-08-10 15:21:39 -06:00
Keith Rhea
b98d337478 Updated check315 variable CHECK_SCORED_check315=NOT_SCORED 2018-08-10 15:20:03 -06:00
Keith Rhea
3f90a33a13 Updated check115 variable CHECK_SCORED_check115=NOT_SCORED 2018-08-10 15:19:20 -06:00
Martinus Nel
39276a90ff Sorted output to have a fixed list for diff. 2018-08-10 11:36:58 +01:00
Martinus Nel
350d784414 Fixed Bash test. 2018-08-10 11:21:51 +01:00
Toni de la Fuente
665ca9fda3 fixed issue #226 2018-08-01 23:05:54 -04:00
Toni de la Fuente
e12f1f6957 fixed and improved check27 2018-07-26 21:44:59 -04:00
Nik
0c213ce566 Corrected Password expiration check 
The previous check didnt accept lower password expiration time. Updated to accept less than or equal to 90 days. Also edited printed statement to include set value.
 2018-06-26 12:29:54 +01:00
Nathan Haneysmith
f7737a9efd Fix extra727 and extra728 #221 2018-06-13 14:18:22 -07:00
Toni de la Fuente
a97069e1ed Fix extra73 issue #219 2018-06-04 21:39:27 -04:00
Toni de la Fuente
62bfb28d21 Fix extra73 issue #219 2018-06-04 21:38:17 -04:00
Toni de la Fuente
11d3a17e14 Fix extra73 issue #219 2018-06-04 21:34:52 -04:00
Marcus Young
0d109c77d9 Fix issue with CLOUDWATCH_LOGGROUP_REGION possibly returning multiple duplicate regions 2018-06-01 09:35:08 -05:00
Ben Hecht
ac7d51b6f3 Support graceful failing of buckets with corrupt/unintended permissions 2018-05-29 17:19:23 -04:00
Toni de la Fuente
3d278f9ebd fixed check28 issue #209 2018-04-30 12:24:10 -04:00
Toni de la Fuente
c445c6d46f fixed check28 issue #209 2018-04-30 12:21:26 -04:00