mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-11 15:25:10 +00:00
33 lines
1.7 KiB
Bash
33 lines
1.7 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Prowler - the handy cloud security tool (c) by Toni de la Fuente
|
|
#
|
|
# This Prowler check is licensed under a
|
|
# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
|
|
#
|
|
# You should have received a copy of the license along with this
|
|
# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
|
|
|
|
CHECK_ID_check19="1.9"
|
|
CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
|
|
CHECK_SCORED_check19="SCORED"
|
|
CHECK_TYPE_check19="LEVEL1"
|
|
CHECK_SEVERITY_check19="Medium"
|
|
CHECK_ASFF_TYPE_check19="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
|
|
CHECK_ALTERNATE_check109="check19"
|
|
CHECK_SERVICENAME_check19="iam"
|
|
CHECK_RISK_check19='Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.'
|
|
CHECK_REMEDIATION_check19='Ensure "Minimum password length" is set to 14 or greater.'
|
|
CHECK_DOC_check19='https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html'
|
|
CHECK_CAF_EPIC_check19='IAM'
|
|
|
|
check19(){
|
|
# "Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
|
|
COMMAND19=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --output json --query 'PasswordPolicy.MinimumPasswordLength' 2> /dev/null)
|
|
if [[ $COMMAND19 -gt "13" ]];then
|
|
textPass "Password Policy requires more than 13 characters"
|
|
else
|
|
textFail "Password Policy missing or weak length requirement"
|
|
fi
|
|
}
|