ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
92e1f17a8049f7d21b8f0d8ff8542c7d2ebf3ab3
prowler/checks/check13
Marc Jay 92e1f17a80 Adds 'json-asff' and 'securityhub' output modes 
json-asff mode outputs JSON, similar to the standard 'json' mode with one check per line, but in AWS Security Finding Format - used by AWS Security Hub
Currently uses a generic Type, Resources and ProductArn value, but sets the Id to a unique value that includes the details of the message, in order to separate out checks that run against multiple resources and output one result per resource per check. This ensures that findings can be updated, should the resource move in or out of compliance

securityhub mode generates the ASFF JSON and then passes it to an 'aws securityhub batch-import-findings' call, once per resource per check. Output to the screen is similar to the standard mode, but prints whether or not the finding was submitted successfully

Fixes #524
2020-04-07 16:08:07 +01:00

40 lines
1.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Prowler - the handy cloud security tool (c) by Toni de la Fuente
#
# This Prowler check is licensed under a
# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
#
# You should have received a copy of the license along with this
# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
CHECK_ID_check13="1.3,1.03"
CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
CHECK_SCORED_check13="SCORED"
CHECK_TYPE_check13="LEVEL1"
CHECK_ALTERNATE_check103="check13"
check13(){
# "Ensure credentials unused for 90 days or greater are disabled (Scored)"
COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
# Only check Password last used for users with password enabled
if [[ $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED ]]; then
for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
DATEUSED=$($AWSCLI iam list-users --query "Users[?UserName=='$i'].PasswordLastUsed" --output text $PROFILE_OPT --region $REGION | cut -d'T' -f1)
if [ "$DATEUSED" == "" ]
then
textFail "User \"$i\" has not logged in during the last 90 days"
else
HOWOLDER=$(how_older_from_today $DATEUSED)
if [ $HOWOLDER -gt "90" ];then
textFail "User \"$i\" has not logged in during the last 90 days"
else
textPass "User \"$i\" found with credentials used in the last 90 days"
fi
fi
done
else
textPass "No users found with password enabled"
fi
}
Reference in New Issue View Git Blame Copy Permalink