ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 15:25:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
565200529f3280cdc3e328eac32c80a47b351b81
prowler/checks/check110
Toni de la Fuente 140e96e5e1 Fix issue #848 CIS LEVEL added to CSV and other formats
2021-11-11 13:40:40 +01:00

40 lines
2.1 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
CHECK_ID_check110="1.10"
CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater"
CHECK_SCORED_check110="SCORED"
CHECK_CIS_LEVEL_check110="LEVEL1"
CHECK_SEVERITY_check110="Medium"
CHECK_ASFF_TYPE_check110="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
CHECK_ALTERNATE_check110="check110"
CHECK_SERVICENAME_check110="iam"
CHECK_RISK_check110='Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.'
CHECK_REMEDIATION_check110='Ensure "Number of passwords to remember" is set to 24.'
CHECK_DOC_check110='https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html'
CHECK_CAF_EPIC_check110='IAM'
check110(){
# "Ensure IAM password policy prevents password reuse: 24 or greater (Scored)"
COMMAND110=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query 'PasswordPolicy.PasswordReusePrevention' --output text 2> /dev/null)
if [[ $COMMAND110 ]];then
if [[ $COMMAND110 -gt "23" ]];then
textPass "$REGION: Password Policy limits reuse" "$REGION" "password policy"
else
textFail "$REGION: Password Policy has weak reuse requirement (lower than 24)" "$REGION" "password policy"
fi
else
textFail "$REGION: Password Policy missing reuse requirement" "$REGION" "password policy"
fi
}
Reference in New Issue View Git Blame Copy Permalink