mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-11 15:25:10 +00:00
23 lines
1.1 KiB
Plaintext
23 lines
1.1 KiB
Plaintext
CHECK_ID_extra72="7.2,7.02"
|
|
CHECK_TITLE_extra72="Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
|
|
CHECK_SCORED_extra72="NOT_SCORED"
|
|
CHECK_ALTERNATE_extra702="extra72"
|
|
CHECK_ALTERNATE_check72="extra72"
|
|
CHECK_ALTERNATE_check702="extra72"
|
|
|
|
extra72(){
|
|
# "Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
|
|
textInfo "Looking for EBS Snapshots in all regions... "
|
|
for regx in $REGIONS; do
|
|
LIST_OF_EBS_SNAPSHOTS=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --owner-ids $ACCOUNT_NUM --output text --query 'Snapshots[*].{ID:SnapshotId}' --max-items $MAXITEMS | grep -v None 2> /dev/null)
|
|
for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
|
|
SNAPSHOT_IS_PUBLIC=$($AWSCLI ec2 describe-snapshot-attribute $PROFILE_OPT --region $regx --output text --snapshot-id $snapshot --attribute createVolumePermission --query "CreateVolumePermissions[?Group=='all']")
|
|
if [[ $SNAPSHOT_IS_PUBLIC ]];then
|
|
textFail "$regx: $snapshot is currently Public!" "$regx"
|
|
else
|
|
textPass "$regx: $snapshot is not Public" "$regx"
|
|
fi
|
|
done
|
|
done
|
|
}
|