mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-11 15:25:10 +00:00
29 lines
1.5 KiB
Plaintext
29 lines
1.5 KiB
Plaintext
CHECK_ID_extra715="7.15"
|
|
CHECK_TITLE_extra715="Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)"
|
|
CHECK_SCORED_extra715="NOT_SCORED"
|
|
CHECK_ALTERNATE_check715="extra715"
|
|
|
|
extra715(){
|
|
for regx in $REGIONS; do
|
|
LIST_OF_DOMAINS=$($AWSCLI es list-domain-names $PROFILE_OPT --region $regx --query DomainNames --output text)
|
|
if [[ $LIST_OF_DOMAINS ]]; then
|
|
for domain in $LIST_OF_DOMAINS;do
|
|
SEARCH_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.SEARCH_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
|
|
if [[ $SEARCH_SLOWLOG_ENABLED ]];then
|
|
textOK "$regx: ElasticSearch Service domain $domain SEARCH_SLOW_LOGS enabled" "$regx"
|
|
else
|
|
textWarn "$regx: ElasticSearch Service domain $domain SEARCH_SLOW_LOGS disabled!" "$regx"
|
|
fi
|
|
INDEX_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.INDEX_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
|
|
if [[ $INDEX_SLOWLOG_ENABLED ]];then
|
|
textOK "$regx: ElasticSearch Service domain $domain INDEX_SLOW_LOGS enabled" "$regx"
|
|
else
|
|
textWarn "$regx: ElasticSearch Service domain $domain INDEX_SLOW_LOGS disabled!" "$regx"
|
|
fi
|
|
done
|
|
else
|
|
textNotice "$regx: No Elasticsearch Service domain found" "$regx"
|
|
fi
|
|
done
|
|
}
|