#!/usr/bin/env bash

# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
CHECK_ID_extra713="7.13"
CHECK_TITLE_extra713="[extra713] Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
CHECK_SCORED_extra713="NOT_SCORED"
CHECK_TYPE_extra713="EXTRA"
CHECK_ALTERNATE_check713="extra713"

extra713(){
  # "Check if GuardDuty is enabled (Not Scored) (Not part of CIS benchmark)"
  for regx in $REGIONS; do
    LIST_OF_GUARDDUTY_DETECTORS=$($AWSCLI guardduty list-detectors $PROFILE_OPT --region $regx --output text 2> /dev/null | cut -f2)
    if [[ $LIST_OF_GUARDDUTY_DETECTORS ]];then
      while read -r detector;do
        DETECTOR_ENABLED=$($AWSCLI guardduty get-detector --detector-id $detector $PROFILE_OPT --region $regx --query "Status" --output text|grep ENABLED)
        if [[ $DETECTOR_ENABLED ]]; then
          textPass "$regx: GuardDuty detector $detector enabled" "$regx"
        else
          textFail "$regx: GuardDuty detector $detector configured but suspended" "$regx"
        fi
      done <<< "$LIST_OF_GUARDDUTY_DETECTORS"
      else
        textFail "$regx: GuardDuty detector not configured!" "$regx"
    fi
  done
}