ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
580 Commits 1 Branch 0 Tags
9d526ff098a22594f42ea7dddd3d67381a739fbb
Commit Graph

94 Commits

Author SHA1 Message Date
Toni de la Fuente
9d526ff098 Added group11 keys and improved 741 and 742 2019-03-12 23:14:50 -04:00
Toni de la Fuente
bde9482928 Added check extra742 to find keys in CloudFormation Outputs 2019-03-12 22:40:40 -04:00
Toni de la Fuente
c8cc343784 Fix issue #303 2019-03-11 22:12:54 -04:00
Toni de la Fuente
6d15bb67fe Fix issue #300 2019-03-11 22:10:37 -04:00
Toni de la Fuente
b60d320622 Improved tittle to describe what extra71 does 2019-03-11 22:09:12 -04:00
Toni de la Fuente
7117399e14 Added find creds in URL on extra741 2019-03-05 11:40:29 -05:00
Toni de la Fuente
2bc3575de8 Improved extra714 to find secrets 2019-03-04 22:25:04 -05:00
Toni de la Fuente
170557a422 New POC scoring and extra741 key finder userdata 2019-02-08 16:39:05 +00:00
Toni de la Fuente
6600df9be9 extra741 finding keys in UserData 2019-01-29 06:09:37 +00:00
Toni de la Fuente
2e754a5370 Fixed check120 2019-01-07 22:06:34 -05:00
Samuel Dugo
573fa46aac Fixed AccessDeniedException on extra730 
When executing Prowler using a specific profile (in my case to assume a role) , check_extra730 returns:

"An error occurred (AccessDeniedException) when calling the DescribeCertificate operation: User: [ASSUMED_ROLE_ARN] is not authorized to perform: acm:DescribeCertificate on resource: [RESOURCE_ARN]"

This is because line 28 did not contain  the following parameters: "$PROFILE_OPT --region $regx" .
 2018-12-05 11:35:44 +01:00
Toni de la Fuente
aeaf533585 Added extra740 EBS snapshots are encrypted and HIPAA 2018-11-19 23:22:18 -05:00
Toni de la Fuente
5757a88227 Added extra739 ELB logging and typos 2018-11-19 22:55:29 -05:00
Jason Turner
cafd203406 Updated check29 to validate against FlowLogId which is valid for both CloudWatch and s3 destinations 2018-11-14 14:19:44 -08:00
Toni de la Fuente
2437f8fb16 Added extra738 CloudFront HTTPS 2018-11-08 20:21:46 -05:00
Toni de la Fuente
fa5b81b28e Added extra737 KMS keys rotation 2018-11-07 23:37:06 -05:00
Toni de la Fuente
9bdbf6f51c Added extra736 check exposed KMS keys 2018-11-07 23:27:58 -05:00
Toni de la Fuente
b6a30df808 Added extra735 check encrypted RDS 2018-11-07 22:00:28 -05:00
Toni de la Fuente
0dc2b9a081 Improved extra734 checking enforce policy 2018-11-06 00:17:00 -05:00
Toni de la Fuente
29e142361b Improved extra734 checking enforce policy 2018-11-06 00:15:20 -05:00
Toni de la Fuente
883afa4959 Added extra734 check S3 bucket encryption 2018-11-05 23:30:00 -05:00
Toni de la Fuente
c7bfd72d2d Add check extra733 SAML Provider STS 2018-10-31 23:09:24 -04:00
Toni de la Fuente
9a88249965 Added check extra732 Cloudfront CDN Geo restrictions 2018-10-31 22:45:59 -04:00
Toni de la Fuente
6cb75fa26a Added check extra732 Cloudfront CDN Geo restrictions 2018-10-31 22:44:45 -04:00
Toni de la Fuente
2fd6f9801a Added check extra731 SNS topics Public 2018-10-31 22:23:41 -04:00
Toni de la Fuente
fe8a123ead Added check extra730 - ACM cert expiration 2018-10-31 00:01:47 -04:00
jlamande@gmail.com
bd06720416 Accelerate check 122 (scope local, 1 less API call by policy) 2018-10-19 13:43:37 +02:00
jlamande@gmail.com
8798861c99 fix(check13): should not pass if user never logged in 2018-10-17 10:16:49 +02:00
Maximilian Bode
ff973e09c4 Use awscli query instead of cut for Extra 7.13 
Fixes #249.
The text output of `aws guardduty get-detector` has changed with awscli release 1.16.25, leading to GuardDuty detectors misreported as suspended.
 2018-10-02 12:20:42 +02:00
Toni de la Fuente
843a762e44 Fixed issue #247 2018-09-24 22:27:34 -04:00
Toni de la Fuente
fe44298e4e fixed checkID in check_extra76 2018-09-21 09:45:22 -04:00
Michael Schubert
c7b913fff4 Take age of access key 2 from correct column 2018-09-20 16:18:19 +02:00
Gary Patterson
5aad05b0ae Added managed to output 2018-09-11 23:06:00 -05:00
Gary Patterson
c575b5c243 Update Check 1.16 based on CIS v1.2 05-23-2018 to include list-user-policies for Inline Polices 2018-09-11 22:56:06 -05:00
Toni de la Fuente
62ea9135b6 Improved username filtering for check12 2018-09-05 11:09:03 +01:00
Toni de la Fuente
7f53b6d3ce Merge pull request #239 from martinusnel/hotfix/check_extra725 
Fixed test for no S3 buckets and moved code.
 2018-09-02 19:17:08 +02:00
Martinus Nel
3bffbe2ca4 Fixed test for no S3 buckets and moved code. Changed method to run through the trails list file. 2018-08-28 16:52:31 +01:00
Toni de la Fuente
68675ac365 PR 235 2018-08-15 16:09:17 -04:00
Toni de la Fuente
1516c4ea15 Fixed as SCORED 2018-08-15 15:48:58 -04:00
Toni de la Fuente
7a474aa335 Fixed as SCORED 2018-08-15 15:48:39 -04:00
Keith Rhea
97da9c2122 Modified checks and documentation to reflect changes in CIS_Benchmark_v1.2.0(05-23-2018) 2018-08-15 09:16:27 -06:00
Toni de la Fuente
ebceebbc75 Merge pull request #232 from rheak/master 
Update Scored Value for 115 and 315. Update 13 to only check users with enabled console password.
 2018-08-14 10:18:39 -04:00
Toni de la Fuente
b59aaf40d4 Issue #230 2018-08-14 10:11:44 -04:00
Toni de la Fuente
302dbb5e9d Merge pull request #228 from martinusnel/hotfix/check111 
Fixed Bash test.
 2018-08-10 19:07:49 -04:00
Keith Rhea
3ef5a42b73 Updated check13 to only check users that have console password enabled 2018-08-10 15:21:39 -06:00
Keith Rhea
b98d337478 Updated check315 variable CHECK_SCORED_check315=NOT_SCORED 2018-08-10 15:20:03 -06:00
Keith Rhea
3f90a33a13 Updated check115 variable CHECK_SCORED_check115=NOT_SCORED 2018-08-10 15:19:20 -06:00
Martinus Nel
39276a90ff Sorted output to have a fixed list for diff. 2018-08-10 11:36:58 +01:00
Martinus Nel
350d784414 Fixed Bash test. 2018-08-10 11:21:51 +01:00
Toni de la Fuente
665ca9fda3 fixed issue #226 2018-08-01 23:05:54 -04:00