ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
848 Commits 1 Branch 0 Tags
c84190c3d9eb60e84ea51c3f7829a79b75032e96
Commit Graph

848 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
root
c84190c3d9 Add error checking to checks extra77 and extra765 2019-12-30 10:07:14 -05:00
Toni de la Fuente
20b127f516 Added DS IAM actions 2019-12-26 16:34:24 +01:00
Toni de la Fuente
d2b3e5ecdc Added new checks to extras group 2019-12-17 10:44:38 +01:00
Toni de la Fuente
3db94a5a98 Merge pull request #429 from dbellizzi/patch-1 
Add "access-analyzer:ListTagsForResource" to prowler-additions-policy…
 2019-12-17 10:42:04 +01:00
Toni de la Fuente
0d120a4536 Merge pull request #437 from bridgecrewio/feature/check_bucket_policies_public_write 
Check bucket policies public write
 2019-12-17 10:41:35 +01:00
Toni de la Fuente
0ab5d87b8f Merge pull request #433 from kmcquade/check/public-instance-with-instance-profile-attached 
Added check_extra770, which checks for internet facing instances with an instance profile attached
 2019-12-17 10:40:01 +01:00
Toni de la Fuente
39c7ea52c6 Add feature custom checks folder issue #439 2019-12-17 10:37:14 +01:00
Toni de la Fuente
933e4152cc Merge pull request #435 from bridgecrewio/feature/fix_check26 
Fix check26 - get the account ID from sts
 2019-12-17 10:14:11 +01:00
Nimrod Kor
fc3f4e830e Reuse ACCOUNT_NUM 2019-12-17 09:29:06 +02:00
Nimrod Kor
7e803bb6a9 Change to check 771 2019-12-15 18:18:02 +02:00
Nimrod Kor
2d5d551696 Initial commit 2019-12-15 18:18:02 +02:00
Nimrod Kor
8e1aa17a80 Fix check26 - get the account ID from sts 
(cherry picked from commit ae20d9c5b770ac593e64fa399fde55312d97ae1c)
 2019-12-15 15:55:54 +02:00
Toni de la Fuente
dd5bf6c7f8 Merge pull request #432 from bridgecrewio/feature/fix_check21 
Add trail count to check21 and fail if no trail exist
 2019-12-13 14:22:14 +01:00
Dominick Bellizzi
7cb869ad33 use more generic access-analyzer:List* 2019-12-12 09:36:19 -08:00
Kinnaird McQuade
3b264d556b Added check_extra770, which checks for internet facing instances with an Instance Profile attached. 2019-12-12 11:07:14 -05:00
Toni de la Fuente
e4a063f9d1 Merge pull request #430 from JohnVonNeumann/patch-1 
UPDATE README.md - fix incorrect group flag
 2019-12-12 10:19:28 +01:00
Nimrod Kor
559b0585dc Add trail count to check21 and fail if no trail exist 
(cherry picked from commit fcf28dfa70fb93df9f61393b8dff2cc5fc14729e)
 2019-12-12 09:45:06 +02:00
JohnVonNeumann
2da125ff8b UPDATE README.md - fix incorrect group flag 
To run prowler with the cislevelx group you use '-g', not '-c'
 2019-12-12 11:28:52 +11:00
Dominick Bellizzi
53f097c2af Add "access-analyzer:ListTagsForResource" to prowler-additions-policy.json 
check extra769 (Check if IAM Access Analyzer is enabled and its findings) requires this IAM permission
 2019-12-06 14:49:36 -08:00
Toni de la Fuente
b6e34adc24 Fix issue #409 2019-12-05 12:52:19 +01:00
Toni de la Fuente
7b5ece8007 New check IAM Access Analyzer issue #428 2019-12-03 15:58:19 +01:00
Toni de la Fuente
fe65eaf373 New check ECS scan on push issue #427 2019-12-03 15:27:09 +01:00
Toni de la Fuente
4af3dc1254 Fix issue #426 updated base64 function 2019-12-02 15:26:48 +01:00
Toni de la Fuente
923fadbfa9 Merge pull request #425 from zfLQ2qx2/check-3xx-whitespace-tolerance 
Make check3x more tolerant
 2019-11-26 10:18:49 +01:00
Toni de la Fuente
3f68accf6f Added missing file iam/prowler-additions-policy.json 2019-11-26 09:57:29 +01:00
zfLQ2qx2
25d1aa9126 Make check3x more tolerant 2019-11-26 00:56:52 -05:00
Toni de la Fuente
dce9d5c96d Merge pull request #423 from barnhartguy/master 
Update check_extra768
 2019-11-25 10:03:27 +01:00
Toni de la Fuente
80c6900193 Merge pull request #424 from willthames/extra764_fix 
Fix extra764 check
 2019-11-25 10:01:51 +01:00
Will Thames
2e11e0a3f2 Fix extra764 check 
Add missing bracket to prevent:

```
jq: error: syntax error, unexpected INVALID_CHARACTER, expecting $end (Unix shell quoting issues?) at <top-level>, line 1:
.Statement[]|select(((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and
.Principal == "*")) and .Action=="s3:*" and (.Resource|type == "array") and (.Resource|map({(.):0})[]|has($arn)) and
(.Resource|map({(.):0})[]|has($arn+"/*")) and .Condition.Bool."aws:SecureTransport" == "false")
```

(line breaks added to reduce commit width)
 2019-11-25 16:01:26 +10:00
barnhartguy
c630c02a26 Update check_extra768 
fixed typo
 2019-11-24 14:37:09 +02:00
Toni de la Fuente
e18cea213b consolidated ProwlerReadOnlyPolicy and available json 2019-11-22 12:42:57 +01:00
Toni de la Fuente
8f91bfee24 clean up documentation and added info to check_sample 2019-11-22 11:59:03 +01:00
Toni de la Fuente
a191a4eae6 consolidated ProwlerReadOnlyPolicy and available json 2019-11-22 11:41:13 +01:00
Toni de la Fuente
ce7e07d66d consolidated ProwlerReadOnlyPolicy and available json 2019-11-22 11:29:16 +01:00
Toni de la Fuente
ab5ed2c527 Merge pull request #421 from jonrau-at-aws/master 
Update HIPAA language
 2019-11-22 09:49:57 +01:00
Toni de la Fuente
c513e7af6c Merge pull request #420 from bridgecrewio/feature/ecs_task_definition_secrets_check_contribute 
Add ECS task definition environment variables check
 2019-11-22 00:18:00 +01:00
Toni de la Fuente
2e1cead3a2 Merge pull request #419 from zfLQ2qx2/prowler-extra719 
Filter out private zones in check extra719
 2019-11-22 00:12:36 +01:00
Toni de la Fuente
5c8b0aa942 Merge pull request #418 from zfLQ2qx2/prowler-check726 
Handle Trusted Advisor entitlement issue gracefully
 2019-11-22 00:10:39 +01:00
Toni de la Fuente
15dda01842 Merge pull request #417 from zfLQ2qx2/prowler-misc-updates 
Update extra764 and extra734, add .gitignore rules for vim
 2019-11-22 00:09:35 +01:00
Nimrod Kor
d19ae27f7c Fix merge issue 2019-11-21 12:48:17 -08:00
Nimrod Kor
b61af3a9eb Add ECS task definition environment variables check 
(cherry picked from commit 662f287dd6739cd6d8e5e0d95537f4ca4b7b6493)
 2019-11-21 12:44:09 -08:00
zfLQ2qx2
687686c929 Filter out private zones in check extra719 2019-11-21 15:36:38 -05:00
zfLQ2qx2
94a90599bd Handle Trusted Advisor entitlement issue gracefully 2019-11-21 15:17:03 -05:00
zfLQ2qx2
669469e618 Update extra764 and extra734, add .gitignore rules for vim 2019-11-21 14:56:13 -05:00
Jonathan Rau
73a5ee1bac Update README.md 2019-11-21 12:38:31 -05:00
Jonathan Rau
0ff9806d70 Update README.md 2019-11-21 12:33:38 -05:00
Toni de la Fuente
961b79a4aa Added extra767 for CloudFront field level encryption issue #425 2019-11-21 17:48:34 +01:00
Toni de la Fuente
264b84ae2a Added check_extra765 ECR scanning issue #406 2019-11-21 00:52:18 +01:00
Toni de la Fuente
031b68adde fixed typo in iam policy 2019-11-20 23:20:17 +01:00
Toni de la Fuente
d737193b98 Merge pull request #407 from zfLQ2qx2/prowler_misc_fixes 
Misc prowler fixes


    Add GetEbsEncryptionByDefault wherever Prowler policies are mentioned
    Update Extra718 check to be aware of access denied responses
    Update Extra726 check to be more verbose for non-failure items
    Update Extra73 check to be aware of access denied responses
    Update Extra734 check to be aware of access denied responses and parse policies with jq for better accuracy
    Update Extra742 check for verbiage
    Update Extra756 check for verbiage and parameter order
    Update Extra761 check for failure scenarios (requires most recent awscli and addition to Prowler IAM policy)
    Added Extra763 check to verify that object versioning is enabled on S3 buckets
    Added Extra764 check to verify that S3 buckets enforce a secure transport policy
 2019-11-20 22:03:02 +00:00