mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
23 lines
1.1 KiB
Plaintext
23 lines
1.1 KiB
Plaintext
CHECK_ID_check_extra72=""
|
|
CHECK_TITLE_check_extra72=""
|
|
CHECK_SCORED_check_extra72=""
|
|
CHECK_TYPE_check_extra72=""
|
|
CHECK_ALTERNATE_check_extra72="check_extra72"
|
|
|
|
extra72(){
|
|
# "Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
|
|
textTitle "$ID72" "$TITLE72" "NOT_SCORED" "EXTRA"
|
|
textNotice "Looking for EBS Snapshots in all regions... "
|
|
for regx in $REGIONS; do
|
|
LIST_OF_EBS_SNAPSHOTS=$($AWSCLI ec2 describe-snapshots $PROFILE_OPT --region $regx --owner-ids $ACCOUNT_NUM --output text --query 'Snapshots[*].{ID:SnapshotId}' --max-items $MAXITEMS | grep -v None 2> /dev/null)
|
|
for snapshot in $LIST_OF_EBS_SNAPSHOTS; do
|
|
SNAPSHOT_IS_PUBLIC=$($AWSCLI ec2 describe-snapshot-attribute $PROFILE_OPT --region $regx --output text --snapshot-id $snapshot --attribute createVolumePermission --query "CreateVolumePermissions[?Group=='all']")
|
|
if [[ $SNAPSHOT_IS_PUBLIC ]];then
|
|
textWarn "$regx: $snapshot is currently Public!" "$regx"
|
|
else
|
|
textOK "$regx: $snapshot is not Public" "$regx"
|
|
fi
|
|
done
|
|
done
|
|
}
|