mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-11 07:15:15 +00:00
0c213ce566
The previous check didnt accept lower password expiration time. Updated to accept less than or equal to 90 days. Also edited printed statement to include set value.
30 lines
1.1 KiB
Bash
30 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Prowler - the handy cloud security tool (c) by Toni de la Fuente
|
|
#
|
|
# This Prowler check is licensed under a
|
|
# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
|
|
#
|
|
# You should have received a copy of the license along with this
|
|
# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
|
|
|
|
CHECK_ID_check111="1.11"
|
|
CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)"
|
|
CHECK_SCORED_check111="SCORED"
|
|
CHECK_TYPE_check111="LEVEL1"
|
|
CHECK_ALTERNATE_check111="check111"
|
|
|
|
check111(){
|
|
# "Ensure IAM password policy expires passwords within 90 days or less (Scored)"
|
|
COMMAND111=$($AWSCLI iam get-account-password-policy $PROFILE_OPT --region $REGION --query PasswordPolicy.MaxPasswordAge --output text 2> /dev/null)
|
|
if [[ $COMMAND111 ]];then
|
|
if [ "$COMMAND111" -le "90" ];then
|
|
textPass "Password Policy includes expiration (Value: $COMMAND111)"
|
|
else
|
|
textFail "Password expiration is set greater than 90 days"
|
|
fi
|
|
else
|
|
textFail "Password expiration is not set"
|
|
fi
|
|
}
|