prowler

ghndrx/prowler

Fork 0

mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00

8a7344ef86 Extra720 - Support cross account and cross-region cloudtrail @patdowney Toni de la Fuente 2020-04-13 18:33:38 +02:00
4cf66a2f32 Merge pull request #527 from yumminhuang/master Toni de la Fuente 2020-04-13 18:18:55 +02:00
7f2e097205 Merge pull request #518 from bridgecrewio/bugfix/check_23_error_fails Toni de la Fuente 2020-04-13 16:50:30 +02:00
67504e8591 Merge pull request #519 from bridgecrewio/bugfix/check_26_error_fails Toni de la Fuente 2020-04-13 16:50:05 +02:00
958a54e337 Merge pull request #530 from marcjay/aws-security-hub-output-524 Toni de la Fuente 2020-04-13 14:03:50 +02:00
d39bad2ee2 Merge pull request #541 from marcjay/sort-checks-correctly-when-excludes-in-place-492 Toni de la Fuente 2020-04-13 13:40:20 +02:00
3c77130f65 Merge pull request #540 from marcjay/check121-filter-out-password-access-513 Toni de la Fuente 2020-04-13 13:31:33 +02:00
d855432f28 Merge pull request #538 from marcjay/fix-no-information-extra774-501 Toni de la Fuente 2020-04-13 13:30:24 +02:00
3e1d9ea0d3 Merge pull request #539 from marcjay/handle-gnu-date-as-default-on-mac-osx-534 Toni de la Fuente 2020-04-13 13:27:42 +02:00
24e691901e Convert tabs to spaces within modified function Marc Jay 2020-04-12 17:17:46 +01:00
57c15c2cc9 Avoid changing the execution order of checks when some checks are excluded Marc Jay 2020-04-12 17:09:02 +01:00
4f623b4e31 check121 - Filter out users who do not have a console password Marc Jay 2020-04-12 02:18:42 +01:00
d9588f4de0 Detect when GNU coreutils is installed on Mac OS X and use the correct date functions Marc Jay 2020-04-12 01:28:11 +01:00
ce1058dfed Remove the varying number of days in the message so that message stays consistent over time Marc Jay 2020-04-12 01:22:34 +01:00
8d9c7e8ab0 Handle IAM credential report containing 'no_information' for a user's last console login date Marc Jay 2020-04-11 20:07:03 +01:00
c02811f411 Add CHECK_ASFF_RESOURCE_TYPE variables for recently added checks Marc Jay 2020-04-11 03:34:32 +01:00
4bae0ca5f5 Merge branch 'master' into aws-security-hub-output-524 Marc Jay 2020-04-11 03:16:23 +01:00
5bab65c56d - Remove securityhub output mode and replace with '-S' flag to send findings to Security Hub - Move Security Hub related code to a dedicated include/securityhub_integration file - Check that Security Hub is enabled in the target region before beginning checks when -S is specified - Add error handling to the batch-import-findings call - Add CHECK_ASFF_TYPE variables to all CIS checks to override the default - Add support for CHECK_ASFF_RESOURCE_TYPE variables which override the default 'AwsAccount' value for the resource a finding relates to. - Add CHECK_ASFF_RESOURCE_TYPE variables to all checks where there is a suitable value in the schema - Remove json-asff output for info messages as they are not appropriate for possible submission to Security Hub - Update the README to cover Security Hub integration - Add an IAM policy JSON document that provides the necessary BatchImportFindings permission for Security Hub - Remove trailing whitespace and periods in pass/fail messages to be consistent with the majority of messages, to prevent future tidy-up from changing the finding IDs Marc Jay 2020-04-11 03:04:03 +01:00
7982cc462a Remove --output text in CLOUDTRAILBUCKET_LOGENABLED Huang Yaming 2020-04-02 14:15:02 +08:00
8f83da985a PR #511 Toni de la Fuente 2020-04-08 18:00:54 +02:00
b6adfd58ec Support cross-region and cross-account object-level cloudtrail logs for S3 Patrick Downey 2020-04-08 15:38:43 +01:00
78ccc7d953 Remove HomeRegion predicate from describe-trails in extras725 Patrick Downey 2020-04-08 13:28:18 +01:00
fc83a9896c Use TrailARN property to query get-event-selectors in checks_extra725 Patrick Downey 2020-04-08 13:27:09 +01:00
effc3eb14d Added new checks to group extras Toni de la Fuente 2020-04-08 14:06:11 +02:00
6ea37b05ca Improvements and new checks for elasticsearch Toni de la Fuente 2020-04-08 14:00:12 +02:00
84711d1ef5 Remove HomeRegion predicate from describe-trails to look for cross-region trails too Patrick Downey 2020-04-08 12:38:20 +01:00
4ff685635e Use TrailARN property to query get-event-selectors Patrick Downey 2020-04-08 11:54:15 +01:00
9c4e629647 Fixed typo in extra786 Toni de la Fuente 2020-04-07 20:28:38 +02:00
92e1f17a80 Adds 'json-asff' and 'securityhub' output modes Marc Jay 2020-04-07 16:08:07 +01:00
bd432fed92 New check for Metadata Service Version 2 #413 Toni de la Fuente 2020-04-07 16:46:46 +02:00
b5e1c9002a Improved policy handling on extra716 Toni de la Fuente 2020-04-03 17:54:55 +02:00
afb908f190 Improved policy handling on extra716 Toni de la Fuente 2020-04-03 17:54:25 +02:00
e567ccb828 v2.2.1 with new function and Improved extra779 and extra716 Toni de la Fuente 2020-04-02 15:31:43 +02:00
2c580dd750 Fix issue #488 only works if CloudWatchLog configuration Toni de la Fuente 2020-04-02 00:19:43 +02:00
9dec4e6eb3 Fix issue #488 only works if IsMultiRegionTrail Toni de la Fuente 2020-04-02 00:02:42 +02:00
2e2fe96ff5 Improved extra716 filters and auth check Toni de la Fuente 2020-04-01 21:57:20 +02:00
2e2e9b85af Merge branch 'master' of https://github.com/toniblyx/prowler Toni de la Fuente 2020-04-01 16:53:04 +02:00
1ae5d5d725 Added custom ports variable to extra779 Toni de la Fuente 2020-04-01 16:52:52 +02:00
71c9d12184 Merge pull request #526 from dhirajdatar/change-in-usage Toni de la Fuente 2020-03-31 13:24:23 +02:00
059c701923 Update README.md dhirajdatar 2020-03-31 16:46:38 +05:30
d24e824735 Merge pull request #522 from yumminhuang/master Toni de la Fuente 2020-03-27 15:03:45 +01:00
1419d4887a Ignore imported ACM Certificate in check_extra724 Huang Yaming 2020-03-27 14:49:52 +08:00
ba75d89911 Added connection test for port 9300 in both linux and macosx on extra779 Toni de la Fuente 2020-03-25 18:20:20 +01:00
8faf1f45c4 Added connection test for port 9300 in both linux and macosx on extra779 Toni de la Fuente 2020-03-25 18:19:41 +01:00
eae4722499 Updated ES check titles and results Toni de la Fuente 2020-03-25 17:25:38 +01:00
8c18533752 Updated check titles Toni de la Fuente 2020-03-25 17:18:43 +01:00
ee82424869 Enhanced extra779 with better authentication test and TEST_ES_AUTHENTICATION disabled Toni de la Fuente 2020-03-25 12:44:10 +01:00
b4aaf0b81e Added initial PCI group without checks yet, issue #296 Toni de la Fuente 2020-03-25 10:53:55 +01:00
f809f2fa1d Modify group names header to clarify what is CIS only Toni de la Fuente 2020-03-25 10:53:05 +01:00
1615478444 Fixed query on extra779 Toni de la Fuente 2020-03-25 09:40:03 +01:00
568bba4c38 Add Elasticsearch checks issue #521 Toni de la Fuente 2020-03-24 23:46:11 +01:00
705d75606d Merge pull request #520 from bridgecrewio/bugfix/extra774_fixes Toni de la Fuente 2020-03-23 15:50:08 +01:00
3ff4acf648 Merge branch 'lanhhuyet510-patch-2' Toni de la Fuente 2020-03-23 15:09:45 +01:00
e082ef05f0 Merge branch 'patch-2' of https://github.com/lanhhuyet510/prowler into lanhhuyet510-patch-2 Toni de la Fuente 2020-03-23 15:09:15 +01:00
2db9151939 Merge pull request #508 from renuez/checks/find_security_groups_with_wide_open_non_RFC1918_IPv4 Toni de la Fuente 2020-03-23 14:50:05 +01:00
db3ac2361c Merge branch 'master' into checks/find_security_groups_with_wide_open_non_RFC1918_IPv4 Toni de la Fuente 2020-03-23 14:48:05 +01:00
30941c355c Added extra777 - Security Groups with too many rules @renuez Toni de la Fuente 2020-03-23 14:39:23 +01:00
25bc8699b3 check_extra774 - revert changes Nimrod Kor 2020-03-22 11:14:03 +02:00
d62027440d extra774 - check correct date, consolidate files and fix report generation Nimrod Kor 2020-03-22 11:00:02 +02:00
b704568b23 check26 - on failure, output info and not failure Nimrod Kor 2020-03-22 10:53:47 +02:00
259f24ee06 check23 - on failure, output info and not failure Nimrod Kor 2020-03-22 10:53:33 +02:00
56a4fd813c Support whitelists per check Urjit Singh Bhatia 2020-03-10 18:54:32 -07:00
0979f421c3 Update check21 Ngọ Anh Đức 2020-03-09 13:00:43 +07:00
89514a1fa8 Update check21 Ngọ Anh Đức 2020-03-09 12:59:47 +07:00
ba13f25c9e Update check21 Ngọ Anh Đức 2020-03-09 12:57:49 +07:00
53ee538e0f add $PROFILE_OPT to the CLI Ngọ Anh Đức 2020-03-09 12:57:00 +07:00
3116adf86e Update check21 Ngọ Anh Đức 2020-03-09 12:46:16 +07:00
263926a53b Improve check21 Ngọ Anh Đức 2020-03-09 12:44:23 +07:00
cb5858d08a Updated check_extra778 to use PROFILE_OPT and AWSCLI Philipp Zeuner 2020-03-08 09:56:52 +01:00
1b2b52e6a7 Fixed check_extra778 reference CHECK_ID Philipp Zeuner 2020-03-08 09:22:11 +01:00
f5d083f781 Updated check_extra778 to exclude 0.0.0.0/0 edge case Philipp Zeuner 2020-03-08 09:21:17 +01:00
f585ca54d1 Fixed check_extra788 logic bug related to SECURITY_GROUP and improved check_cidr() isolation Philipp Zeuner 2020-03-08 09:20:05 +01:00
f149fb7535 Refactored check name to check_extra778 Philipp Zeuner 2020-03-08 08:15:20 +01:00
530bacac5b Merge pull request #510 from jonjozwiak/master Toni de la Fuente 2020-03-05 21:33:26 +01:00
0b2c3c9f4f Merge pull request #509 from nexeck/new_check_ecr_findings Toni de la Fuente 2020-03-05 21:26:34 +01:00
8173c20941 Improve performance of check_extra742 by limiting to one AWS CLI call jonjozwiak 2020-03-04 16:46:28 +02:00
95cb26fb2b fix: Enable check extra776 in extra group Marcel Beck 2020-03-04 07:27:40 +01:00
c0d8258283 [new check] Check if ECR image scan found vulnerabilities in the newest image version Toni de la Fuente 2020-03-03 23:06:44 +01:00
4646dbcd0b Updated check_extra776 title Toni de la Fuente 2020-03-03 23:04:09 +01:00
db260da8b0 feat: New check for ecr image scan findings Marcel Beck 2020-02-28 17:58:38 +01:00
162ff05e42 Updated check_extra777 to fix CHECK_ALTERNATE variable Philipp Zeuner 2020-03-02 22:53:32 +01:00
6ea863ac3b Initial commit Philipp Zeuner 2020-03-01 20:26:51 +01:00
655aae7014 Merge pull request #499 from nexeck/check119_ignore_terminated Toni de la Fuente 2020-02-28 18:51:52 +01:00
5257ce6c0b docs: Fix typo Marcel Beck 2020-02-28 17:58:10 +01:00
c9508c28b3 fix: check119 needs to ignore terminated instances Marcel Beck 2020-02-25 09:23:55 +01:00
50b10c4018 Minor fixes for checks 774 and 775 Toni de la Fuente 2020-02-24 18:53:20 +01:00
2321655503 fixed check numbers for 774,775 Faraz Angabini 2020-02-22 22:16:59 -08:00
7358e9cd75 added .gitignore for .DS_Store Faraz Angabini 2020-02-22 22:12:44 -08:00
020374b6f9 deleted .DS_Store Faraz Angabini 2020-02-22 22:10:52 -08:00
24cccf64d6 Merge branch 'fredski-github-master' Toni de la Fuente 2020-02-21 15:32:47 +01:00
77f07cccf8 Merge branch 'master' of https://github.com/fredski-github/prowler into fredski-github-master Toni de la Fuente 2020-02-21 15:31:23 +01:00
40985212ab check_extra775 added | group7_extras and group11_secrets updated Kasprzykowski 2020-02-21 09:24:13 -05:00
e461714226 Merge branch 'master' of https://github.com/toniblyx/prowler Toni de la Fuente 2020-02-21 15:06:24 +01:00
11e5d44d9b version 2.2.0 Toni de la Fuente 2020-02-21 15:06:13 +01:00
a1d26b44c3 check_extra999 added and group7_extras updated Kasprzykowski 2020-02-21 09:05:33 -05:00
42af217524 Merge pull request #489 from TopherIsSwell/master Toni de la Fuente 2020-02-21 14:44:21 +01:00
4a1d4060ec Check Extra 774 - Fixed bug - was checking account creation time instead of last logon date. Christopher Morrow 2020-02-20 15:11:13 -08:00
0210c43b60 Merge branch 'bridgecrewio-bugfix/check_11_check_access_keys_usage' t push origin master:wq Toni de la Fuente 2020-02-19 18:19:37 +01:00
ca34590da0 Merge branch 'bugfix/check_11_check_access_keys_usage' of https://github.com/bridgecrewio/prowler into bridgecrewio-bugfix/check_11_check_access_keys_usage Toni de la Fuente 2020-02-19 18:14:37 +01:00
44716cfab2 Merge pull request #486 from bridgecrewio/bugfix/mark_only_available_rds_instances_as_violating Toni de la Fuente 2020-02-19 18:11:43 +01:00

... 25 26 27 28 29 ...

Commit Graph Select branches Hide Pull Requests master Mono Color

Commit Graph

Select branches

Hide Pull Requests

master