mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
36 lines
1.4 KiB
Bash
36 lines
1.4 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Prowler - the handy cloud security tool (c) by Toni de la Fuente
|
|
#
|
|
# This Prowler check is licensed under a
|
|
# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
|
|
#
|
|
# You should have received a copy of the license along with this
|
|
# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
|
|
|
|
CHECK_ID_check11="1.1,1.01"
|
|
CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
|
|
CHECK_SCORED_check11="SCORED"
|
|
CHECK_TYPE_check11="LEVEL1"
|
|
CHECK_ALTERNATE_check101="check11"
|
|
|
|
check11(){
|
|
# "Avoid the use of the root account (Scored)."
|
|
MAX_DAYS=-1
|
|
last_login_date=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep '<root_account>' | awk '{ print $2 }')
|
|
arn=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$2 }' |grep '<root_account>' | awk '{ print $2 }')
|
|
|
|
#check if last_login_date date is a valid date, if not, its a pass.
|
|
if [[ ${last_login_date%T*} =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ ]];then
|
|
days_not_in_use=$(how_many_days_from_today ${last_login_date%T*})
|
|
if [ "$days_not_in_use" -gt "$MAX_DAYS" ];then
|
|
textFail "Root Account $arn last accessed was less then ${MAX_DAYS#-} day ago"
|
|
else
|
|
textPass "Root Account $arn last accessed was more then ${MAX_DAYS#-} day ago"
|
|
fi
|
|
else
|
|
textPass "Root Account $arn last accessed was more then ${MAX_DAYS#-} day ago"
|
|
fi
|
|
|
|
}
|