#!/usr/bin/env bash

# Prowler - the handy cloud security tool (c) by Toni de la Fuente
#
# This Prowler check is licensed under a
# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
#
# You should have received a copy of the license along with this
# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.

CHECK_ID_check11="1.1,1.01"
CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
CHECK_SCORED_check11="SCORED"
CHECK_TYPE_check11="LEVEL1"
CHECK_ALTERNATE_check101="check11"

check11(){
  # "Avoid the use of the root account (Scored)."
  MAX_DAYS=-1
  last_login_date=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep '<root_account>' | awk '{ print $2 }')
  arn=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$2 }' |grep '<root_account>' | awk '{ print $2 }')

  #check if last_login_date date is a valid date, if not, its a pass.
  if [[ ${last_login_date%T*} =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ ]];then
    days_not_in_use=$(how_many_days_from_today ${last_login_date%T*})
    if [ "$days_not_in_use" -gt "$MAX_DAYS" ];then
        textFail "Root Account $arn last accessed was less then ${MAX_DAYS#-} day ago"
    else
        textPass "Root Account $arn last accessed was more then ${MAX_DAYS#-} day ago"
    fi
  else
    textPass "Root Account $arn last accessed was more then ${MAX_DAYS#-} day ago"
  fi

}