ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,238 Commits 1 Branch 0 Tags
e3ecee83af84bb3a002cc04f2ff4498b5d14d6da
Commit Graph

1238 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marc Jay
e3ecee83af Ensure that checks are sorted numerically when listing checks 
Sort first by section, then by check within each section
Fix group IDs in documentation

Relates to #545 and #561
 2020-09-01 00:21:48 +01:00
Toni de la Fuente
7f03ef0e7e Adding back extra798 2020-08-27 16:50:48 +02:00
Toni de la Fuente
1496e3ab60 New check 7.98 [extra798] Ensure that no custom policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) @nickmalcolm 
New check 7.98 [extra798] Ensure that no custom policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) @nickmalcolm
 2020-08-27 16:31:18 +02:00
Toni de la Fuente
36a291c4a9 Rename check_extra798 to check_extra7100 2020-08-27 16:30:20 +02:00
Toni de la Fuente
0b9d3e39d4 Merge branch 'master' into master 2020-08-27 16:28:35 +02:00
Toni de la Fuente
1d4563f60d Added extra799 and extra7100 to group extras 
Added extra799 and extra7100 to group extras
 2020-08-27 16:23:08 +02:00
Toni de la Fuente
565edf7b4b Change check ID to extra7100 
Change check ID to extra7100
 2020-08-27 16:21:56 +02:00
Toni de la Fuente
5552ea1eb6 Fix getops OPTARG for custom checks @xeroxnir 
Fix getops OPTARG for custom checks @xeroxnir
 2020-08-27 16:12:59 +02:00
Joaquin Rinaudo
7868904c3b Fix getops OPTARG for custom checks 
Custom checks in folder are not being sourced. `./prowler -c extra800 -x custom` results in empty EXTERNAL_CHECKS_PATH variables due to missing colon.

The fix was tested in both OSX and toniblyx/prowler:latest Docker.

Regards,
 2020-08-26 23:59:02 +02:00
Toni de la Fuente
9647d80fc1 Fix check12 when MFA is enabled and user contains true in the name @xeroxnir 
Fix check12 when MFA is enabled and user contains true in the name @xeroxnir
 2020-08-26 18:41:51 +02:00
Toni de la Fuente
89db9d4b70 Update check12 2020-08-26 18:40:11 +02:00
Toni de la Fuente
553faf72ec Added [extra736] Check exposed KMS keys to group internet-exposed 2020-08-26 16:57:20 +02:00
Toni de la Fuente
33a53663db Added [extra799] Check if Security Hub is enabled and its standard subscriptions 2020-08-25 19:54:57 +02:00
Toni de la Fuente
ca471700c2 Added [extra798] Check if Lambda functions have resource-based policy set as Public 2020-08-25 19:06:06 +02:00
Toni de la Fuente
03b1d898a6 Added AWS partition variable to the ASFF output format 2020-08-25 16:54:22 +02:00
Toni de la Fuente
97e6a80bdc Added AWS partition variable to the ASFF output format 2020-08-25 16:49:20 +02:00
Joaquin Rinaudo
024190dd8a [Check12] Bugfix: Remove $ from grep 
Check is failing to detect users without MFA, solved by removing `$` sign addresses the issue.
 2020-08-21 10:35:50 +02:00
Nick Malcolm
ba87f437d5 This check will identify IAM Policies which allow an IAM Principal (a Role or User) to escalate their privileges due to insecure STS permissions. It is AWS best practice to only use explicitly defined Resources (Role ARNs) for an sts:AssumeRole action. 
See more: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html#roles-usingrole-createpolicy
 2020-08-20 21:08:00 +12:00
Toni de la Fuente
cd0b5d29dd Added html to -M in usage 2020-08-18 11:59:53 +02:00
Toni de la Fuente
c1992ef2a7 Added html to -M in usage 2020-08-18 11:52:49 +02:00
Toni de la Fuente
7aa0864bd2 Adding EKS checks to eks-cis and extras group @jonjozwiak 
Adding EKS checks to eks-cis and extras group @jonjozwiak
 2020-08-05 19:03:55 +02:00
Jon Jozwiak
022df45ae1 Adding EKS checks to eks-cis and extras group 2020-08-03 08:02:21 -05:00
Toni de la Fuente
f5ec2bceda Adding 4 new EKS checks @jonjozwiak 
Adding 4 new EKS checks @jonjozwiak
 2020-07-31 21:40:38 +02:00
Toni de la Fuente
85efe3e342 Fixed extra737 now doesn't fail for keys scheduled for deletion @QuinnStevens 
Fixed extra737 now doesn't fail for keys scheduled for deletion @QuinnStevens
 2020-07-31 21:33:06 +02:00
Quinn Stevens
93c89530ff Explicitly set output --json for aws call 2020-07-31 20:30:20 +01:00
Toni de la Fuente
4a02d54ec1 Add additional GDPR checks to GDPR group @gchib297 
Add additional GDPR checks to GDPR group @gchib297
 2020-07-31 21:15:30 +02:00
jonjozwiak
a2c92c2e7b Adding 4 EKS checks 2020-07-31 10:42:16 -05:00
gchib
04fae53da5 Add additional GDPR checks 
Added checks:
check11,check110,check111,check112,check116,check120,check122,check13,check14,check15,check16,check17,check18,check19,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check36,check37,check38,check41,check42,extra711,extra72,extra723,extra730,extra739,extra76,extra763,extra778,extra78,extra792
 2020-07-24 22:26:09 +05:30
Toni de la Fuente
43d95ac18c Set version label PROWLER_VERSION=2.3.0RC3 2020-07-24 15:22:28 +02:00
Toni de la Fuente
19c68980fe fix typo on title group18 2020-07-24 15:18:46 +02:00
Toni de la Fuente
19bd281c78 Added group18 for ISO27001 thanks to @gchib297 issue #637 2020-07-24 15:16:35 +02:00
Toni de la Fuente
9eb6a6d1fe Add additional checks to HIPAA group @gchib297 
Add additional checks to HIPAA group @gchib297
 2020-07-24 14:58:29 +02:00
Quinn Stevens
e58d8cbc8d Don't fail check extra737 for keys scheduled for deletion 2020-07-24 12:44:57 +01:00
gchib
a8026ba3c3 Add additional HIPAA checks 
Added checks:
check112,check13,check15,check16,check17,check18,check19,check21,check24,check28,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check39,extra792.
 2020-07-23 19:10:17 +05:30
Toni de la Fuente
9b1c152607 New check extra793 for SSL listeners on load balancers @jonjozwiak 
New check extra793 for SSL listeners on load balancers
 2020-07-21 16:57:20 +02:00
jonjozwiak
6ba9be46fb Adding check for SSL load balancers 2020-07-17 09:59:53 -05:00
Toni de la Fuente
b3a2f850cf extra792 - skip check if no HTTPS/SSL Listener plus add NLB Support @jonjozwiak 
extra792 - skip check if no HTTPS/SSL Listener plus add NLB Support
 2020-07-17 11:48:28 +02:00
jonjozwiak
1c970b0387 extra792 skip check if no HTTPS/SSL Listener and add NLB support 2020-07-16 16:08:33 -05:00
Toni de la Fuente
206b675179 Added group for pci-dss as reference 2020-07-13 17:33:07 +02:00
Toni de la Fuente
c3c5971ff2 Fix listing configurations if default output format is not JSON check119,extra742,extra75 and extra772 @anthirian 
Fix listing configurations if default output format is not JSON
 2020-07-08 15:48:05 +02:00
Toni de la Fuente
1fefc11d8e CFN template helper for role 2020-06-29 15:06:54 +02:00
Toni de la Fuente
9732e5be70 Reduce needed actions in additions policy @ 2020-06-29 13:59:19 +02:00
Geert Smelt
d3553b642e Fix listing Elastic IPs if default output format is not JSON 2020-06-26 12:50:09 +02:00
Geert Smelt
63d06212db Fix listing CloudFormation stacks if default output format is not JSON 2020-06-26 11:55:12 +02:00
Geert Smelt
a0c58e1cb2 Fix listing EC2 Security Groups if default output format is not JSON 2020-06-26 11:25:16 +02:00
Geert Smelt
0878511abf Fix listing EC2 instances if default output format is not JSON 2020-06-26 11:16:59 +02:00
Toni de la Fuente
01be8520b9 Merge branch 'master' of https://github.com/toniblyx/prowler 2020-06-25 15:16:14 +02:00
Toni de la Fuente
9e9535def8 Delete _config.yml 2020-06-25 15:15:59 +02:00
Toni de la Fuente
64a617d26d delete _config.yml 2020-06-25 15:15:14 +02:00
Toni de la Fuente
4a593df142 Merge branch 'master' of https://github.com/toniblyx/prowler 2020-06-25 15:13:47 +02:00