ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 15:25:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,646 Commits 1 Branch 0 Tags
6874fa4793ea62bc1bd5aeff9141c92f2785c679
Commit Graph

210 Commits

Author SHA1 Message Date
Joaquin Rinaudo
2a4cebaa1e WIP: security hub integration 2020-09-01 17:03:25 +02:00
Joaquin Rinaudo
9baa6d6ae9 revert: master 2020-09-01 16:26:16 +02:00
Joaquin Rinaudo
43f3365bb4 revert: master 2020-09-01 16:22:32 +02:00
Joaquin Rinaudo
17e74a355f Merge branch 'master' of https://github.com/toniblyx/prowler 2020-08-28 07:13:16 +02:00
Joaquin Rinaudo
c65fc3b989 fix(security-hub): unique finding id, if status not changed, comment otherwise resolve older findings 2020-08-27 17:08:37 +02:00
Toni de la Fuente
03b1d898a6 Added AWS partition variable to the ASFF output format 2020-08-25 16:54:22 +02:00
Toni de la Fuente
97e6a80bdc Added AWS partition variable to the ASFF output format 2020-08-25 16:49:20 +02:00
Toni de la Fuente
8686547ebb Allow list All findings in single view in html report 2020-06-25 15:03:45 +02:00
Marc Jay
4dac3aab55 Import Security Hub finding into the same region as the related resource 
Force the batch-import-findings AWS CLI call to be directed at the region the currently reporting resource is located in, as Security Hub enforces this requirement

When checking that Security Hub is enabled, check for all regions that are in scope, e.g. all regions, unless '-f <region>' is used

Fixes #618
 2020-06-05 12:55:53 +01:00
Urjit Singh Bhatia
2fca2a49fd Split ignores by newline instead of spaces only 2020-05-27 13:58:55 -07:00
Toni de la Fuente
e69b079220 Fix typo on PR #601 2020-05-27 10:02:32 +02:00
Toni de la Fuente
46a8a3ca82 Adding support for IRSA @GabrielCastro 
Adding support for IRSA
 2020-05-27 09:44:52 +02:00
Toni de la Fuente
485b7d90bc Added native html report - upgrade to 21st century ;) 2020-05-25 21:29:29 +02:00
Toni de la Fuente
78b26a022a Added native html report - upgrade to 21st century ;) 2020-05-25 21:24:33 +02:00
Gabriel Castro
3e19ed44e5 Feature: add support for IRSA 
IAM roles for service accounts (IRSA) allows prowler to be used from
inside a kubernetes cluster.
 2020-05-25 13:14:15 -04:00
Toni de la Fuente
e5ce06e761 Write output files to a directory relative to Prowler @marcjay 
Write output files to a directory relative to Prowler
 2020-05-21 18:06:46 +02:00
Toni de la Fuente
2b336d08de Added ENV to output when credentials are env variables 2020-05-19 15:06:57 +02:00
Toni de la Fuente
48b6c290b1 Enhance handing region on assume role when default is not us-east-1 2020-05-11 16:32:43 +02:00
Marc Jay
802d1151c2 Write output files to a directory relative to Prowler 
Write output files (CSV, JSON, etc.) to an `output` directory that is relative to prowler itself, no matter where prowler is invoked from.
Simplify Dockerfile by specifying a WORKDIR
Replace ADD command with the more recommended COPY command
Update README to cover how to run in Docker and access saved reports
Add a .dockerignore file to ignore .git and output directories

This partially addresses #570 - previously, within Docker, Prowler was attempting to write
reports to the root `/` directory in the container, which it did not have permission to do.
Instead, reports are now written to a path relative to Prowler
 2020-05-08 11:46:53 +01:00
Stephen Connor
2a54a180da Change value of FAIL to FAILED for jsonAsff output type (incompatible with AWS Security Hub) 2020-05-07 14:47:09 +01:00
Marc Jay
6279dc1517 Show failures that are ignored due to whitelisting as skipped checks in JUnit output 
Continue to show (unwhitelisted) failed checks as failures in JUnit output, but rather than exclude failing whitelisted checks from JUnit, mark them as skipped

Fixes #590
 2020-05-07 01:00:42 +01:00
Toni de la Fuente
f618a16075 Fixed AWS partition variable on generateJsonAsffOutput 2020-05-06 22:57:26 +02:00
Toni de la Fuente
68ad3a7461 Support whitelists per check @urjitbhatia 
Support whitelists per check using option -w whitelistfile.txt
 2020-05-06 22:46:57 +02:00
Huang Yaming
bc07c95bda Support setting entropy limit for detect-secrets from env 2020-05-06 17:53:23 +08:00
Urjit Singh Bhatia
8cdf3838a0 Print warnings with the right color code 2020-05-04 16:33:50 -07:00
Urjit Singh Bhatia
5ac9be3292 correct color info line for warning 2020-05-04 14:48:04 -07:00
Urjit Singh Bhatia
103782f72b Fix warning handling with changes to official master 2020-05-04 14:37:30 -07:00
Urjit Singh Bhatia
5886f8524a Merge remote-tracking branch 'official/master' into whitelistSupport 2020-05-04 13:56:14 -07:00
Toni de la Fuente
a2cbcc00eb Fix issue with aws-cli v2 and timestamp on check24 #585 2020-04-29 18:10:41 +02:00
Toni de la Fuente
e4ae0a403a Ensure that hyphen is at end of tr string to prevent 'reverse collating sequence order' error in GNU tr @marcjay 
Ensure that hyphen is at end of tr string to prevent 'reverse collating sequence order' error in GNU tr
 2020-04-29 12:09:53 +02:00
Toni de la Fuente
1f949b4175 Improved AWS partition handle 2020-04-29 12:06:47 +02:00
Marc Jay
af3afa8c8f Merge branch 'master' into fix-tr-error-on-centos-573 2020-04-27 17:24:03 +01:00
Marc Jay
f84b843388 Wrap all mode checks with whitespace, along with comparison strings, so only exact string matches are allowed, preventing clashes when output modes are named similarly, e.g. 'json' and 'json-asff' 
Fixes #571
 2020-04-26 01:02:39 +01:00
Marc Jay
e25125fbfc Ensure that hyphen is at end of tr string to prevent 'reverse collating sequence order' error in GNU tr 
Stop echo from adding newlines using `-n`, removing the need to stop replacing new-line characters with underscores

Fixes #573
 2020-04-26 00:40:27 +01:00
Toni de la Fuente
7dc790a3f5 Fixed issue with govcloud on extra764 #536 2020-04-22 20:05:39 +02:00
Toni de la Fuente
8c9aea1231 Improved GetCallerIdentity handling / credentials 2020-04-22 13:54:17 +02:00
Toni de la Fuente
9f03bd7545 Added txt output as mono for -M 2020-04-22 12:58:54 +02:00
Toni de la Fuente
2eb41ff910 Added account id to the output filename 2020-04-22 12:32:05 +02:00
Toni de la Fuente
2d64a1182e Added account id to the output filename 2020-04-22 12:31:27 +02:00
Toni de la Fuente
43fb877109 Added account id to the output filename 2020-04-22 12:28:31 +02:00
Toni de la Fuente
ef952ce9cc Simplified caller id info on outputs 2020-04-22 12:07:20 +02:00
Toni de la Fuente
0cca77a141 Check if gbase64 (GNU) is available on Mac and use it in preference to BSD base64 @marcjay 
Check if gbase64 (GNU) is available on Mac and use it in preference to BSD base64
 2020-04-22 12:01:40 +02:00
Marc Jay
5805576dce Check if gbase64 (GNU) is available on Mac and use it in preference to BSD base64 
Previously it was switching to GNU versions of base64 even if base64 was the BSD version

Fixes #568
 2020-04-22 10:35:33 +01:00
Toni de la Fuente
9cbdefc2de Adds CSV header to the output file too #565 2020-04-22 11:27:08 +02:00
Marc Jay
ad66254b45 Extend check13 to meet all CIS rules and consolidate with extra774 
Create `include/check_creds_last_used` and move all logic for checking last usages of passwords and access keys there
Modify check13 and extra774 to call new function, specifying time-range of last 90 days and last 30 days respectively
Modify messages in check14 and check121 so that all mentions of 'access key's are consistent

Fixes #496
 2020-04-21 01:21:55 +01:00
Marc Jay
71bf414faf Merge branch 'master' into improve-listing-of-checks-and-groups-545 2020-04-20 18:11:06 +01:00
Toni de la Fuente
d45b739b1e Merge branch 'add-junit-xml-output-mode-log-duration-537' of https://github.com/marcjay/prowler into marcjay-add-junit-xml-output-mode-log-duration-537 2020-04-20 18:51:26 +02:00
Marc Jay
47a05c203a Improve listing of Checks and Groups 
Change `-l` flag to print a unique list of every single check (assuming none are orphaned outside of all groups)
Allow `-g <group_id>` to be specified in combination with `-l`, to only print checks that are referenced by the specified group
When listing all checks with `-l` only, print out all groups that reference each check

Fixes: #545
 2020-04-20 01:12:53 +01:00
Toni de la Fuente
6747b208ce Improved extra716 and extra788 2020-04-17 15:16:55 +02:00
Marc Jay
78f649bd65 Replace -J flag with junit-xml output format 
Rearrange output functions so they support outputting text alongside other formats, if specified
Add a convenience function for checking if JUnit output is enabled
Move monochrome setting into loop so it better supports multiple formats
Update README
 2020-04-15 23:36:40 +01:00