ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da0f26694418b1d9fae2c2b76d08a20a8ddabed6
prowler/checks/check_extra723
Toni de la Fuente da0f266944 first semi functional v2
2018-03-23 19:26:10 -04:00

41 lines
2.1 KiB
Plaintext
Raw Blame History

CHECK_ID_extra723="7.23"
CHECK_TITLE_extra723="Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"
CHECK_SCORED_extra723="NOT_SCORED"
CHECK_ALTERNATE_check723="extra723"
CHECK_ALTERNATE_extra723="extra723"
extra723(){
# "Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)"
textTitle "$ID723" "$TITLE723" "NOT_SCORED" "EXTRA"
for regx in $REGIONS; do
# RDS snapshots
LIST_OF_RDS_SNAPSHOTS=$($AWSCLI rds describe-db-snapshots $PROFILE_OPT --region $regx --query DBSnapshots[*].DBSnapshotIdentifier --output text)
if [[ $LIST_OF_RDS_SNAPSHOTS ]]; then
for rdssnapshot in $LIST_OF_RDS_SNAPSHOTS;do
SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-snapshot-attributes $PROFILE_OPT --region $regx --db-snapshot-identifier $rdssnapshot --query DBSnapshotAttributesResult.DBSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
if [[ $SNAPSHOT_IS_PUBLIC ]];then
textWarn "$regx: RDS Snapshot $rdssnapshot is public!" "$regx"
else
textOK "$regx: RDS Snapshot $rdssnapshot is not shared" "$regx"
fi
done
else
textNotice "$regx: No RDS Snapshots found" "$regx"
fi
# RDS cluster snapshots
LIST_OF_RDS_CLUSTER_SNAPSHOTS=$($AWSCLI rds describe-db-cluster-snapshots $PROFILE_OPT --region $regx --query DBClusterSnapshots[*].DBClusterSnapshotIdentifier --output text)
if [[ $LIST_OF_RDS_CLUSTER_SNAPSHOTS ]]; then
for rdsclustersnapshot in $LIST_OF_RDS_CLUSTER_SNAPSHOTS;do
CLUSTER_SNAPSHOT_IS_PUBLIC=$($AWSCLI rds describe-db-cluster-snapshot-attributes $PROFILE_OPT --region $regx --db-cluster-snapshot-identifier $rdsclustersnapshot --query DBClusterSnapshotAttributesResult.DBClusterSnapshotAttributes[*] --output text|grep ^ATTRIBUTEVALUES|cut -f2|grep all)
if [[ $CLUSTER_SNAPSHOT_IS_PUBLIC ]];then
textWarn "$regx: RDS Cluster Snapshot $rdsclustersnapshot is public!" "$regx"
else
textOK "$regx: RDS Cluster Snapshot $rdsclustersnapshot is not shared" "$regx"
fi
done
else
textNotice "$regx: No RDS Cluster Snapshots found" "$regx"
fi
done
}
Reference in New Issue View Git Blame Copy Permalink