ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,415 Commits 1 Branch 0 Tags
d77f1ea65182a479cb0522a6e60b26afd6356d7c
Commit Graph

1415 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Toni de la Fuente
d77f1ea651 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:58:23 +01:00
Toni de la Fuente
2bc3fcf7ee Add new check extra7131 RDS minor version upgrade 2021-01-13 12:57:08 +01:00
Toni de la Fuente
bcdd12bf84 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:51:49 +01:00
Toni de la Fuente
eac59cade8 Add new check extra_7130 to check encryption of a SNS topic @mpratsch 
Add new check extra_7130 to check encryption of a SNS topic @mpratsch
 2021-01-08 13:54:55 +01:00
Martina Rath
994abe8fa3 Add check7130 to group7_extras and fix some issues 2021-01-08 13:43:46 +01:00
Toni de la Fuente
6ad1816e37 Fix EKS related checks regarding us-west-1 @njgibbon 
Fix EKS related checks regarding us-west-1 @njgibbon
 2021-01-07 19:29:22 +01:00
Toni de la Fuente
20b8b1eb1f Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner 
Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner
 2021-01-07 19:22:20 +01:00
Martina Rath
9a060a3c43 Add new extras check (7130) to check encryption of a SNS topic 2020-12-30 08:46:13 +01:00
Barrie Bremner
75e5de9c37 Accept current most restrictive TLSv1.2-only ALB security policy as secure 
The `ELBSecurityPolicy-FS-1-2-Res-2020-10` policy is the most
restrictive TLS v1.2 only SSL/TLS security policy available, and is a
subset of the already accepted `ELBSecurityPolicy-FS-1-2-Res-2019-08`
policy - this commit adds `ELBSecurityPolicy-FS-1-2-Res-2020-10` to
the list of acceptable "secure" security policies.

`ELBSecurityPolicy-FS-1-2-Res-2020-10` has a very limited set of
ciphers, is TLS v1.2 only and supports Forward Secrecy.

Current SSL Labs tests gives it an "A" rating for another source of
confirmation.
 2020-12-24 16:52:01 +00:00
njgibbon
4adc7f5864 feat - fix - taking out eks check condition because california region 2020-12-24 00:00:06 +00:00
Toni de la Fuente
0ddb045ca2 Update README.md 2020-12-18 15:27:59 +01:00
Toni de la Fuente
297eeea783 Label version 2.3.0-18122020 2020-12-18 13:09:47 +01:00
Toni de la Fuente
d540cefc23 Fix FreeBSD $OSTYPE check @ring-pete 
Fix FreeBSD $OSTYPE check @ring-pete
 2020-12-18 10:24:48 +01:00
Toni de la Fuente
953bdf3034 Merge branch 'master' into master 2020-12-18 10:24:25 +01:00
Toni de la Fuente
823c7d4b61 Enhanced check extra740: reworked to consider all snapshots, use JMESPath query @pacohope 
Enhanced check extra740: reworked to consider all snapshots, use JMESPath query
 2020-12-18 10:17:52 +01:00
Toni de la Fuente
e298158bcd Enhanced error handling without credentials 2020-12-17 17:15:17 +01:00
Toni de la Fuente
810801fb3d Fix error handling for SubscriptionRequiredException in extra77 2020-12-17 16:52:18 +01:00
Toni de la Fuente
91ce905a5a Fix issue assuming role in regions with STS disabled 2020-12-17 16:34:10 +01:00
Toni de la Fuente
6ed6a47f8f Add sleep to extra7102 to avoid Shodan API limits 2020-12-17 15:27:00 +01:00
Toni de la Fuente
347872a6de Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys 
Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys
 2020-12-17 15:24:06 +01:00
Toni de la Fuente
8c19583ac7 Update prowler 
Adapted execute_check to renew creds
 2020-12-17 15:21:50 +01:00
Toni de la Fuente
5c620949f0 Update os_detector 
Change above is because epoch time generator in BSD is 1h less than in Linux
 2020-12-17 15:20:20 +01:00
Toni de la Fuente
5be38a15d9 Update os_detector bsd_convert_date_to_timestamp 2020-12-17 10:24:25 +01:00
Toni de la Fuente
5e38c61286 Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys 
Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys
 2020-12-16 20:04:21 +00:00
Toni de la Fuente
de3e2c3a2b Added support to run inside AWS CloudShell 2020-12-16 13:41:54 +01:00
Toni de la Fuente
687cfd0a34 Merge pull request #709 from toniblyx/revert-694-master 
Revert "Refresh assumed role credentials to avoid role chaining limitations"
 2020-12-15 17:38:00 +01:00
Toni de la Fuente
aa0440e426 Revert "Refresh assumed role credentials to avoid role chaining limitations" 2020-12-15 17:37:42 +01:00
Toni de la Fuente
31182059e4 Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys 
Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys
 2020-12-15 17:29:11 +01:00
Toni de la Fuente
e047dc8764 Added latest checks to extras group 2020-12-15 15:10:33 +01:00
Toni de la Fuente
7f1df739c4 Added -N <shodan_api_key> support for extra7102 2020-12-15 12:25:47 +01:00
Toni de la Fuente
9ed576b09d Fix issue in extra776 when ECR Scanning imageDigest @adamcanzuk 
Fix issue in extra776 when ECR Scanning imageDigest @adamcanzuk
 2020-12-14 12:59:19 +01:00
Paco Hope
f3dbecbe89 reworked check740 to consider all snapshots, use JMESPath query, and to limit its output according to max-items 2020-12-10 09:27:43 -05:00
Toni de la Fuente
3d62aedf29 New RC6 including ENS as a new compliance type all formats 2020-12-01 10:03:59 +01:00
Toni de la Fuente
30937c3275 Updated ENS group with new checks 2020-12-01 09:56:08 +01:00
Toni de la Fuente
63040e1c07 New 7 checks required for ENS 2020-12-01 09:55:20 +01:00
Michael Dickinson
30eb447919 docs: Update Organizations command to only incude active accounts 2020-11-23 21:05:27 +00:00
Michael Dickinson
5da54467b5 fix: Refresh assumed role credentials if session is nearing expiration 2020-11-23 21:05:20 +00:00
Michael Dickinson
8ab91e9f8e fix: Store assumed role expiry time for later checking 2020-11-23 21:05:11 +00:00
Pete Wright
65bbdfdd83 Fix FreeBSD $OSTYPE check 
As per this bug report:
https://github.com/toniblyx/prowler/issues/693

Add detection for freebsd releases which should be similar to darwin
in that it will use GNU coreutils for date and base64.
 2020-11-20 13:29:21 -08:00
Toni de la Fuente
25a04cd59e Merge branch 'master' of https://github.com/toniblyx/prowler into master 2020-11-20 15:07:48 +01:00
Toni de la Fuente
72303ea126 Fixed syntax typo 2020-11-20 15:04:47 +01:00
Toni de la Fuente
600a7c9f2f Adapt check119 to exclude instances shutting down @stku1985 
Adapt check119 to exclude instances shutting down @stku1985
 2020-11-18 15:30:57 +01:00
Toni de la Fuente
53e95ac9f3 Improved CodeBuild CFN template with scheduler and documentation 2020-11-18 15:12:44 +01:00
Toni de la Fuente
1f6931a591 Merge branch 'master' of https://github.com/toniblyx/prowler into master 2020-11-18 14:48:47 +01:00
Toni de la Fuente
fdc8c1ce36 Added session durantion option to 12h 2020-11-18 14:48:34 +01:00
Toni de la Fuente
a8fed14cea Fixed extra7116 extra7117 outputs and added to extras @ramondiez 
Fixed extra7116 extra7117 outputs and added to extras @ramondiez
 2020-11-18 13:41:12 +01:00
Toni de la Fuente
f3d4cc8514 Fixed extra7116 extra7117 outputs and added to extras 2020-11-18 13:31:20 +01:00
Stefan Kunkel
7397126794 adapt check119 to exclude instances shutting down 
brain fart: used logical 'or' instead of correct '&&'
 2020-11-18 13:25:28 +01:00
Toni de la Fuente
11bf35d993 Enhancement check119 to exclude instances shutting-down @stku1985 
Enhancement check119 to exclude instances shutting-down in addition to terminated ones
 2020-11-18 13:21:52 +01:00
Stefan Kunkel
147fac0777 adapt check119 to exclude instances shutting down 2020-11-18 13:20:55 +01:00