ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,453 Commits 1 Branch 0 Tags
7e8de8adb85bb1ccce59f8a6674546dfeb84d6ad
Commit Graph

1453 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Dop
7e8de8adb8 check28 only look at symmetric keys 
AWS doesn't support the automatic rotation of asymmetric keys
 2021-02-04 10:07:27 -05:00
Toni de la Fuente
e91e2cfee6 Updated extra73 with service name 
Updated extra73 with service name
 2021-02-03 14:55:15 +01:00
Toni de la Fuente
d33c82cd00 Merge branch 'master' into patch-1 2021-02-03 14:54:22 +01:00
Toni de la Fuente
0e3e4a9227 Updated 
added CHECK_SERVICENAME_extra73="s3"
 2021-02-03 14:51:11 +01:00
Toni de la Fuente
bea84ad6d3 Fix title grammar in check_extra73 @CenturionGamer 
Fix title grammar in check_extra73 @CenturionGamer
 2021-02-03 14:49:35 +01:00
Toni de la Fuente
79c4a65ba8 Improved to consider services and severity 2021-02-02 17:36:35 +01:00
Toni de la Fuente
e6d175d62e Check for errors generating credential report, limit loop iterations @zfLQ2qx2 
Check for errors generating credential report, limit loop iterations @zfLQ2qx2
 2021-02-02 15:28:32 +01:00
CenturionGamer
880523880d Update check_extra73 
Fixed the grammar by removing "the" in the description.
 2021-01-28 13:06:44 -05:00
Toni de la Fuente
f9c2e0cf26 Revert PR #718 2021-01-22 16:17:26 +01:00
Toni de la Fuente
6f371744dc Added AWS service name to json, csv and html outputs 2021-01-22 10:56:59 +01:00
Toni de la Fuente
dfdff6e863 Added service name to all checks 2021-01-22 00:23:53 +01:00
Toni de la Fuente
8ed40791ad Added service name to sample check 2021-01-22 00:21:26 +01:00
Toni de la Fuente
f85845c26b Added service name to all checks 2021-01-22 00:19:45 +01:00
Toni de la Fuente
73cac580f3 Added severity field to CSV and HTML output reports 2021-01-21 22:42:40 +01:00
Toni de la Fuente
6bb49fd162 Merge branch 'master' of https://github.com/toniblyx/prowler 2021-01-21 22:40:50 +01:00
Toni de la Fuente
478cb4aa54 Adjusted severity variable 2021-01-21 22:40:25 +01:00
Toni de la Fuente
47aa6998f4 Update check_extra7130 profile parameter was not set @soffensive 
Update check_extra7130 profile parameter was not set @soffensive
 2021-01-18 17:07:00 +01:00
soffensive
f7e4a1f6a4 Update check_extra7130 
Profile was not set
 2021-01-18 16:41:18 +01:00
Toni de la Fuente
b1332f1154 Fix regex in check43 @ilyas28 
Fix regex in check43 @ilyas28
 2021-01-15 13:05:29 +01:00
İlyas Apaydın
8e35e63359 fix regex in check43 2021-01-14 13:38:33 +03:00
C.J
be3e771454 Check for errors generating credential report, limit loop iterations 2021-01-14 04:41:16 -05:00
Toni de la Fuente
f5b26387f0 Clear AWS_DEFAULT_OUTPUT on start @zfLQ2qx2 
Clear AWS_DEFAULT_OUTPUT on start @zfLQ2qx2
 2021-01-14 10:19:07 +01:00
C.J
ed0f01b617 Clear AWS_DEFAULT_OUTPUT on start 2021-01-14 04:01:40 -05:00
Toni de la Fuente
d047cd807a Fix check extra73 fail message omits bucket name @zfLQ2qx2 
Fix check extra73 fail message omits bucket name @zfLQ2qx2
 2021-01-14 09:28:44 +01:00
C.J
6a9a47e549 Fix for issue 713 2021-01-13 19:16:48 -05:00
Toni de la Fuente
6cbee3b16c Fix log metric filter check3x with multiple trails @bridgecrewio 
Fix log metric filter check3x with multiple trails @bridgecrewio
 2021-01-13 23:08:17 +01:00
Toni de la Fuente
a53aeff0e8 Catch errors assuming role and describing regions @zfLQ2qx2 
Catch errors assuming role and describing regions @zfLQ2qx2
 2021-01-13 22:50:11 +01:00
Toni de la Fuente
81787d1946 Add check for AccessDenied when calling GetBucketLocation in extra73,extra734,extra764 @zfLQ2qx2 
Add check for AccessDenied when calling GetBucketLocation in extra73,extra734,extra764 @zfLQ2qx2
 2021-01-13 22:35:20 +01:00
Toni de la Fuente
b23f9b3b5d Fix changes made in check27 2021-01-13 22:21:45 +01:00
Toni de la Fuente
51d6fc99ed Handle shadow CloudTrails more gracefully in checks check21,check22,check24,check27 @zfLQ2qx2 
Handle shadow CloudTrails more gracefully in checks check21,check22,check24,check27 @zfLQ2qx2
 2021-01-13 21:35:07 +01:00
Toni de la Fuente
0d4988b874 Additional check for location of awscli @zfLQ2qx2 
Additional check for location of awscli @zfLQ2qx2
 2021-01-13 21:25:04 +01:00
Toni de la Fuente
17c0409d35 Fix date command for busybox @zfLQ2qx2 
Fix date command for busybox @zfLQ2qx2
 2021-01-13 21:19:07 +01:00
C.J
1d9c1eaece Catch errors assuming role and describing regions 2021-01-13 09:44:15 -05:00
Toni de la Fuente
d77f1ea651 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:58:23 +01:00
Toni de la Fuente
2bc3fcf7ee Add new check extra7131 RDS minor version upgrade 2021-01-13 12:57:08 +01:00
Toni de la Fuente
bcdd12bf84 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:51:49 +01:00
C.J
733c99c1e0 Add check for AccessDenied when calling GetBucetLocation 2021-01-12 15:38:47 -05:00
C.J
ecc08722e1 Handle shadow cloudtrails more gracefully 2021-01-12 13:37:30 -05:00
C.J
f53a32ae26 Additional check for location of awscli 2021-01-12 11:03:30 -05:00
C.J
bf1bd505c5 Fix for busybox date command 2021-01-12 09:11:52 -05:00
Toni de la Fuente
eac59cade8 Add new check extra_7130 to check encryption of a SNS topic @mpratsch 
Add new check extra_7130 to check encryption of a SNS topic @mpratsch
 2021-01-08 13:54:55 +01:00
Martina Rath
994abe8fa3 Add check7130 to group7_extras and fix some issues 2021-01-08 13:43:46 +01:00
Toni de la Fuente
6ad1816e37 Fix EKS related checks regarding us-west-1 @njgibbon 
Fix EKS related checks regarding us-west-1 @njgibbon
 2021-01-07 19:29:22 +01:00
Toni de la Fuente
20b8b1eb1f Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner 
Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner
 2021-01-07 19:22:20 +01:00
Martina Rath
9a060a3c43 Add new extras check (7130) to check encryption of a SNS topic 2020-12-30 08:46:13 +01:00
Barrie Bremner
75e5de9c37 Accept current most restrictive TLSv1.2-only ALB security policy as secure 
The `ELBSecurityPolicy-FS-1-2-Res-2020-10` policy is the most
restrictive TLS v1.2 only SSL/TLS security policy available, and is a
subset of the already accepted `ELBSecurityPolicy-FS-1-2-Res-2019-08`
policy - this commit adds `ELBSecurityPolicy-FS-1-2-Res-2020-10` to
the list of acceptable "secure" security policies.

`ELBSecurityPolicy-FS-1-2-Res-2020-10` has a very limited set of
ciphers, is TLS v1.2 only and supports Forward Secrecy.

Current SSL Labs tests gives it an "A" rating for another source of
confirmation.
 2020-12-24 16:52:01 +00:00
njgibbon
4adc7f5864 feat - fix - taking out eks check condition because california region 2020-12-24 00:00:06 +00:00
Toni de la Fuente
0ddb045ca2 Update README.md 2020-12-18 15:27:59 +01:00
Toni de la Fuente
297eeea783 Label version 2.3.0-18122020 2020-12-18 13:09:47 +01:00
Toni de la Fuente
d540cefc23 Fix FreeBSD $OSTYPE check @ring-pete 
Fix FreeBSD $OSTYPE check @ring-pete
 2020-12-18 10:24:48 +01:00