ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
825 Commits 1 Branch 0 Tags
923fadbfa9b7e7ee6cc0a38db7d7e088dfb2de6e
Commit Graph

232 Commits

Author SHA1 Message Date
Toni de la Fuente
dce9d5c96d Merge pull request #423 from barnhartguy/master 
Update check_extra768
 2019-11-25 10:03:27 +01:00
Will Thames
2e11e0a3f2 Fix extra764 check 
Add missing bracket to prevent:

```
jq: error: syntax error, unexpected INVALID_CHARACTER, expecting $end (Unix shell quoting issues?) at <top-level>, line 1:
.Statement[]|select(((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and
.Principal == "*")) and .Action=="s3:*" and (.Resource|type == "array") and (.Resource|map({(.):0})[]|has($arn)) and
(.Resource|map({(.):0})[]|has($arn+"/*")) and .Condition.Bool."aws:SecureTransport" == "false")
```

(line breaks added to reduce commit width)
 2019-11-25 16:01:26 +10:00
barnhartguy
c630c02a26 Update check_extra768 
fixed typo
 2019-11-24 14:37:09 +02:00
Toni de la Fuente
8f91bfee24 clean up documentation and added info to check_sample 2019-11-22 11:59:03 +01:00
Toni de la Fuente
c513e7af6c Merge pull request #420 from bridgecrewio/feature/ecs_task_definition_secrets_check_contribute 
Add ECS task definition environment variables check
 2019-11-22 00:18:00 +01:00
Toni de la Fuente
2e1cead3a2 Merge pull request #419 from zfLQ2qx2/prowler-extra719 
Filter out private zones in check extra719
 2019-11-22 00:12:36 +01:00
Toni de la Fuente
5c8b0aa942 Merge pull request #418 from zfLQ2qx2/prowler-check726 
Handle Trusted Advisor entitlement issue gracefully
 2019-11-22 00:10:39 +01:00
Toni de la Fuente
15dda01842 Merge pull request #417 from zfLQ2qx2/prowler-misc-updates 
Update extra764 and extra734, add .gitignore rules for vim
 2019-11-22 00:09:35 +01:00
Nimrod Kor
d19ae27f7c Fix merge issue 2019-11-21 12:48:17 -08:00
Nimrod Kor
b61af3a9eb Add ECS task definition environment variables check 
(cherry picked from commit 662f287dd6739cd6d8e5e0d95537f4ca4b7b6493)
 2019-11-21 12:44:09 -08:00
zfLQ2qx2
687686c929 Filter out private zones in check extra719 2019-11-21 15:36:38 -05:00
zfLQ2qx2
94a90599bd Handle Trusted Advisor entitlement issue gracefully 2019-11-21 15:17:03 -05:00
zfLQ2qx2
669469e618 Update extra764 and extra734, add .gitignore rules for vim 2019-11-21 14:56:13 -05:00
Toni de la Fuente
961b79a4aa Added extra767 for CloudFront field level encryption issue #425 2019-11-21 17:48:34 +01:00
Toni de la Fuente
264b84ae2a Added check_extra765 ECR scanning issue #406 2019-11-21 00:52:18 +01:00
Toni de la Fuente
d737193b98 Merge pull request #407 from zfLQ2qx2/prowler_misc_fixes 
Misc prowler fixes


    Add GetEbsEncryptionByDefault wherever Prowler policies are mentioned
    Update Extra718 check to be aware of access denied responses
    Update Extra726 check to be more verbose for non-failure items
    Update Extra73 check to be aware of access denied responses
    Update Extra734 check to be aware of access denied responses and parse policies with jq for better accuracy
    Update Extra742 check for verbiage
    Update Extra756 check for verbiage and parameter order
    Update Extra761 check for failure scenarios (requires most recent awscli and addition to Prowler IAM policy)
    Added Extra763 check to verify that object versioning is enabled on S3 buckets
    Added Extra764 check to verify that S3 buckets enforce a secure transport policy
 2019-11-20 22:03:02 +00:00
Toni de la Fuente
649192eb41 Merge pull request #411 from zfLQ2qx2/prowler-extra75-enhancement 
Update extra75 to be aware of default security groups
 2019-11-20 21:46:21 +00:00
zfLQ2qx2
054043d78e Update extra75 to aware of default security groups 2019-11-20 00:09:35 -05:00
zfLQ2qx2
603ed0b16f Update log metric filter checks to latest AWS CIS Foundations Benchmark and provide hints on how to remediate 2019-11-19 01:37:42 -05:00
zfLQ2qx2
3a893889b6 Misc prowler fixes 2019-11-13 22:49:32 -05:00
Toni de la Fuente
18e5c0b8ae Merge pull request #404 from gabrielsoltz/check_extra731_jq 
Extra 731 with JQ
 2019-10-28 15:36:43 +01:00
Toni de la Fuente
e748275fc5 Merge pull request #403 from gabrielsoltz/check_extra727_smarter 
Check extra727 smarter (SQS)
 2019-10-28 15:35:45 +01:00
gabrielsoltz
8bb1529c2a jq_improvements 2019-10-25 16:46:36 +02:00
gabrielsoltz
61ef02ec50 reduce_api_calls 2019-10-25 16:42:59 +02:00
gabrielsoltz
fb45fa0c03 reduce_api_calls 2019-10-24 23:56:02 +02:00
gabrielsoltz
6a52ebe492 reduce_api_calls 2019-10-24 23:54:04 +02:00
gabrielsoltz
9b81fc0ac7 fix jq array 2019-10-24 23:30:34 +02:00
gabrielsoltz
508a9354b7 fix jq array 2019-10-24 23:28:58 +02:00
gabrielsoltz
63898690c8 remove_old_check 2019-10-24 13:25:18 +02:00
gabrielsoltz
d026ed5cac improve_extra727 2019-10-24 13:22:26 +02:00
gabrielsoltz
529fc6421d better_output 2019-10-23 15:04:22 +02:00
gabrielsoltz
7aa1573275 comments 2019-10-23 14:06:29 +02:00
gabrielsoltz
bb69f51456 comment 2019-10-23 14:03:49 +02:00
gabrielsoltz
5cadd0c2f2 remove_unused_variable 2019-10-23 14:03:08 +02:00
gabrielsoltz
df5def48d9 comments_and_fix 2019-10-23 13:45:20 +02:00
gabrielsoltz
5252518d97 extra73 2019-10-23 13:38:36 +02:00
Mr. Secure
be0bc7aa65 extra 7.62 - output cleanup 
- remove warnings about long execution
- update pass/fail text to help split on ':' for CSV post-processing
 2019-10-22 10:35:48 -05:00
Mr. Secure
827b1fdb3b add region info to textFail,textPass output 2019-10-22 08:12:00 -05:00
Mr. Secure
23a7c7f393 fix spelling error in message 2019-10-21 18:07:56 -05:00
Mr. Secure
e683ea5384 fix over-quoting bug 2019-10-21 09:38:16 -05:00
Mr. Secure
2c531a2ffc add check for unsupported lambda runtimes 2019-10-21 09:28:00 -05:00
Toni de la Fuente
08cd94fe5b Merge pull request #391 from jcaffet/add/check_extra761 
add extra761 check if EBS default encryption is enabled per region
 2019-10-13 20:55:19 +02:00
Toni de la Fuente
40a2ea6c90 fixed region for extra757 and extra758 2019-10-13 19:05:57 +02:00
Jerome Caffet
7e28f85247 add cli options 2019-10-13 08:02:18 +02:00
Jerome Caffet
66c59ea1f7 add extra761 EBS default encryption 2019-10-09 14:33:46 +02:00
Toni de la Fuente
4401d4209c CURRENT_ACCOUNT_ID is not needed 
since ACCOUNT_ID is available
 2019-09-17 14:52:30 -04:00
Venki
44cfa71358 updated logging 2019-09-16 09:24:34 +01:00
Venki
ecde62451c remove unnecessary variables and removed echo 2019-09-16 09:16:59 +01:00
Venkatadri Duggina
d5f22ab100 fixing check26 cross access bug 2019-09-15 23:33:37 +01:00
Toni de la Fuente
0327880258 Merge pull request #376 from mastertinner/372 
List CloudFront distributions only once
 2019-09-13 00:09:37 +02:00