fix(contrib): Update contrib folder (#1635)

contrib/cloud9/cloud9-installation.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Install system dependencies
+sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc
+# Upgrade to Python 3.9
+cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz
+tar zxf Python-3.9.13.tgz
+cd Python-3.9.13/ || exit
+./configure --enable-optimizations
+sudo make altinstall
+python3.9 --version
+# Install Prowler
+cd ~ || exit
+python3.9 -m pip install prowler-cloud
+prowler -v
+# Run Prowler
+prowler

contrib/cloudshell/README.md

@@ -1,57 +0,0 @@
-# ShortCut script: run Prowler and ScoutSuite in Customer's environment using AWS CloudShell
-
-### Use Case:
-
-Customers look to use multiple auditing tools in order to provide quick assessments about their AWS environments. These tools allow for reports to be generated for review by the customer and appropriate teams, which in turns helps them begin security remediation efforts.
-
-Prowler and ScoutSuite are two publicly available security auditing tools that provide comprehensive reports for customers using AWS.
-
-ShortCut is a mechanism for customers to use to run both Prowler and ScoutSuite within an AWS account, using AWS CloudShell. When customers use ShortCut, this allows for customers to quickly perform an audit on their environment, without having to provision IAM Access Keys or EC2 instances.
-
-### Prerequisites:
-
-Note: The current version of this script is ran in a single account.
-
-In order to use CloudShell, the customer will need the following permissions within their AWS Account:
-```
-cloudshell:*
-```
-
-In addition, the following IAM Policies are needed in order to run ScoutSuite & Prowler:
-```
-arn:aws:iam::aws:policy/SecurityAudit
-arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
-```
-
-### Instructions
-1. Log into the AWS Console
-2. Go to AWS CloudShell. There's a screenshot of the AWS CloudShell icon below, or if you're logged into AWS already, you can click this link: console.aws.amazon.com/cloudshell
-
-![Alt text](screenshots/cloudshell_icon.png)
-
-3. Once the session begins, upload the shortcut.sh file into the AWS CloudShell session by selecting Actions -> Upload File.
-
-![Alt text](screenshots/action_upload_icon.png)
-
-4. Once the file is uploaded, run the following command within your AWS CloudShell session:
-```
-bash shortcut.sh
-```
-5. The results for Prowler and ScoutSuite will be located in the following directory:
-```
-/home/cloudshell-user/<account number>-results
-```
-6. You can check the status of each screen session by typing the following commands:
-```
-# Prowler:
-screen -r prowler
-# ScoutSuite
-screen -r scoutsuite
-```
-7. To download the results from AWS CloudShell, select Actions -> Download File.
-
-![Alt text](screenshots/action_download_icon.png)
-
-8. In the Download File prompt, use the file path and file name to download the results.
-
-![Alt text](screenshots/download_prompt.png)

contrib/cloudshell/cloudshell-installation.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Install system dependencies
+sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc
+# Upgrade to Python 3.9
+cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz
+tar zxf Python-3.9.13.tgz
+cd Python-3.9.13/ || exit
+./configure --enable-optimizations
+sudo make altinstall
+python3.9 --version
+# Install Prowler
+cd ~ || exit
+python3.9 -m pip install prowler-cloud
+prowler -v
+# Run Prowler
+prowler

contrib/cloudshell/shortcut.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# ShortCut - Run Prowler and ScoutSuite in Customer's environment using AWS CloudShell
-# DozerCat - Team DragonCat - AWS
-
-# Package Prerequisites
-sudo yum update -y
-sudo yum install python3 -y
-sudo yum install screen -y
-sudo yum install zip -y
-
-# Variable and Environment Prerequisites
-account=$(aws sts get-caller-identity | jq --raw-output '.Account')
-mkdir ${account}-results
-
-# Prowler
-cd ~
-git clone https://github.com/prowler-cloud/prowler
-pip3 install detect-secrets --user
-cd prowler
-screen -dmS prowler sh -c "./prowler -M csv,html;cd ~;zip -r ${account}-results/prowler-${account}.zip /home/cloudshell-user/prowler/output"
-
-# ScoutSuite
-cd ~
-git clone https://github.com/nccgroup/ScoutSuite
-cd ScoutSuite
-sudo yum install python-pip -y
-sudo pip install virtualenv
-virtualenv -p python3 venv
-source venv/bin/activate
-pip install -r requirements.txt
-sleep 2
-screen -dmS scoutsuite sh -c "python scout.py aws;cd ~;zip -r ${account}-results/scoutsuite-${account}.zip /home/cloudshell-user/ScoutSuite/scoutsuite-report"
-
-# Check on screen sessions
-screen -ls

contrib/codebuild/codebuild-prowlerv2-audit-account-cfn.yaml

@@ -1,6 +1,6 @@
 ---
 AWSTemplateFormatVersion: 2010-09-09
-Description: Creates a CodeBuild project to audit an AWS account with Prowler and stores the html report in a S3 bucket. This will run onece at the beginning and on a schedule afterwards. Partial contribution from https://github.com/stevecjones
+Description: Creates a CodeBuild project to audit an AWS account with Prowler Version 2 and stores the html report in a S3 bucket. This will run onece at the beginning and on a schedule afterwards. Partial contribution from https://github.com/stevecjones
 Parameters:
   ServiceName:
     Description: 'Specifies the service name used within component naming'
@@ -17,7 +17,7 @@ Parameters:
     Description: 'Options to pass to Prowler command, make sure at least -M junit-xml is used for CodeBuild reports. Use -r for the region to send API queries, -f to filter only one region, -M output formats, -c for comma separated checks, for all checks do not use -c or -g, for more options see -h. For a complete assessment use  "-M text,junit-xml,html,csv,json", for SecurityHub integration use "-r region -f region -M text,junit-xml,html,csv,json,json-asff -S -q"'
     Type: String
     # Prowler command below runs a set of checks, configure it base on your needs, no options will run all regions all checks.
-    # option -M junit-xml is requirede in order to get the report in CodeBuild.
+    # option -M junit-xml is required in order to get the report in CodeBuild.
     Default: -r eu-west-1 -f eu-west-1 -M text,junit-xml,html,csv,json -c check11,check12,check13,check14
 
   ProwlerScheduler:
@@ -284,6 +284,7 @@ Resources:
       Artifacts:
         Type: NO_ARTIFACTS
       ConcurrentBuildLimit: 1
+      SourceVersion: prowler-2
       Source:
         GitCloneDepth: 1
         Location: https://github.com/prowler-cloud/prowler

contrib/html/generate-html-from-csv.sh

@@ -1,230 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-
-## This script helps to generate a single html report from a single or multiple csv
-# output reports.
-# I use it when I want to visualize multiple accounts reports in a single view.
-# Report information and Assessment Summary will be empty due to the variables
-# that are not set here.
-
-## First: Remove the CSV header from each output report.
-
-## Second: If you want to aggretate all csv files in you can do like this:
-# find . -type f -name '*.csv' -exec cat {} + > prowler-output-unified-csv.file
-# use .file instead of .csv unless you want to get into an infinite loop ;)
-
-## Third: Usage ./generate-html-from-csv.sh aggregated-reports-csv.file
-
-
-OUTPUT_FILE_NAME="report-unified-csv"
-EXTENSION_HTML="html"
-INPUT=$1
-IFS=',' # used inside the while loop for csv delimiter
-HTML_LOGO_URL="https://github.com/prowler-cloud/prowler/"
-HTML_LOGO_IMG="https://raw.githubusercontent.com/prowler-cloud/prowler/master/util/html/prowler-logo-new.png"
-
-
-[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
-
-addHtmlHeader() {
-  if [[ $PROFILE == "" ]];then
-    PROFILE="ENV"
-  fi
-  if [[ -z $HTML_REPORT_INIT ]]; then
-  cat <<EOF
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-  <!-- Required meta tags -->
-  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-  <!-- Bootstrap CSS -->
-  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
-  <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.css"/>
-  <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>
-  <script type="text/javascript" src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
-  <script type="text/javascript" src="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.21/b-1.6.2/sl-1.3.1/datatables.min.js"></script>
-  <title>Prowler - AWS Security Assesments</title>
-</head>
-<body>
-  <nav class="navbar navbar-expand-xl sticky-top navbar-dark bg-dark">
-      <a class="navbar-brand" href="#">Prowler - Security Assesments in AWS</a>
-  </nav>
-  <div class="container-fluid">
-    <div class="row mt-3">
-      <div class="col-md-4">
-        <div class="card">
-          <div class="card-header">
-            Report Information
-          </div>
-          <ul class="list-group list-group-flush">
-            <li class="list-group-item">
-              <div class="row">
-                <div class="col-md-auto">
-                  <b>Version:</b> $PROWLER_VERSION
-                </div>
-              </div>
-            </li>
-            <li class="list-group-item">
-              <b>Parameters used:</b> $PROWLER_PARAMETERS
-            </li>
-            <li class="list-group-item">
-              <b>Date:</b> $TIMESTAMP
-            </li>
-            <li class="list-group-item">
-              <a href="$HTML_LOGO_URL"><img src="$HTML_LOGO_IMG"
-                  alt="prowler-logo"></a>
-            </li>
-          </ul>
-        </div>
-      </div>
-      <div class="col-md-8">
-        <div class="card">
-          <div class="card-header">
-            Assesment Summary
-          </div>
-          <ul class="list-group list-group-flush">
-            <li class="list-group-item">
-              <b>AWS Account:</b> $ACCOUNT_NUM
-            </li>
-            <li class="list-group-item">
-              <b>AWS-CLI Profile:</b> $PROFILE
-            </li>
-            <li class="list-group-item">
-              <b>API Region:</b> $REGION
-            </li>
-            <li class="list-group-item">
-              <b>User Id:</b> $USER_ID
-            </li>
-            <li class="list-group-item">
-              <b>Caller Identity ARN:</b> $CALLER_ARN
-            </li>
-          </ul>
-        </div>
-        * Sortable columns are CheckID (default) and Result
-      </div>
-    </div>
-    <div class="row mt-3">
-      <div class="col-md-12">
-        <table class="table compact stripe row-border ordering" id="findingsTable" data-order='[[ 5, "asc" ]]' data-page-length='100'>
-          <thead class="thead-light">
-            <tr>
-              <th style="align-content:center" scope="col">Status</th>
-              <th scope="col">Result</th>
-              <th scope="col">Severity</th>
-              <th scope="col">AccountID</th>
-              <th scope="col">Region</th>
-              <th scope="col">Compliance</th>
-              <th scope="col">Service</th>
-              <th scope="col">CheckID</th>
-              <th style="width:40%" scope="col">Check Title</th>
-              <th style="width:40%" scope="col">Check Output</th>
-            </tr>
-          </thead>
-          <tbody>
-EOF
-
-fi
-}
-
-addHtmlFooter() {
-  cat <<EOF
-
-</tbody>
-        </table>
-      </div>
-    </div>
-  </div>
-  </div>
-  <!-- Table search and paginator -->
-  <!-- Optional JavaScript -->
-  <!-- jQuery first, then Popper.js, then Bootstrap JS -->
-  <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
-  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
-  <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.bundle.min.js" integrity="sha384-1CmrxMRARb6aLqgBO7yyAxTOQE2AKb9GfXnEo760AUcUmFx3ibVJJAzGytlQcNXd" crossorigin="anonymous"></script>
-  <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
-  <!-- JQuery-->
-  <script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
-  <!-- dataTables-->
-  <script src="https://cdn.datatables.net/1.10.21/js/jquery.dataTables.min.js"></script>
-  <script>
-    \$(document).ready(function(){ \$('#findingsTable').dataTable( { "lengthMenu": [ [50, 100, -1], [50, 100, "All"] ], "ordering": true } ); });
-  </script>
-</body>
-</html>
-EOF
-
-unset HTML_REPORT_INIT
-}
-
-addHtmlHeader > ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL TITLE_TEXT NOTES ASFF_COMPLIANCE_TYPE CHECK_SEVERITY CHECK_SERVICENAME;do
-  if [[ $RESULT == "INFO" ]]; then
-    echo '<tr class="table-info">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><i class="fas fa-info-circle"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>INFO</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi
-  if [[ $RESULT == "PASS" ]]; then
-    echo '<tr class="p-3 mb-2 bg-success">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><i class="fas fa-thumbs-up"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>PASS</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi
-  if [[ $RESULT == "FAIL" ]]; then
-    echo '<tr class="table-danger" >' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td> <i class="fas fa-thumbs-down"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>FAIL</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi
-  if [[ $RESULT == "WARNING" ]]; then
-    echo '<tr class="table-warning">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td><i class="fas fa-exclamation-triangle"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>WARN</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SEVERITY'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ACCOUNT_NUM'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$REPREGION'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$ASFF_COMPLIANCE_TYPE'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$CHECK_SERVICENAME'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_ID'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-      echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-    echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi
-done < $INPUT
-addHtmlFooter >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML

contrib/k8s/cronjob.yml

@@ -17,8 +17,8 @@ spec:
             image: toniblyx/prowler:latest
             imagePullPolicy: Always
             command:
-            - "./prowler"
-            args: [ "-g", "hipaa", "-M", "csv,json,html", "-B", "$(awsS3Bucket)" ]
+            - "./prowler.py"
+            args: [ "-B", "$(awsS3Bucket)" ]
             env:
             - name: AWS_ACCESS_KEY_ID
               valueFrom:

contrib/org-multi-account/ProwlerEC2.yaml

@@ -198,10 +198,18 @@ Resources:
           commands:
             01-install-prowler-prereqs-yum:
               command: |
-                yum install python-pip git jq -y
-            02-install-prowler-prereqs-pip:
+                sudo yum -y install openssl-devel bzip2-devel libffi-devel gcc
+            02-upgrade-python3.9:
               command: |
-                sudo -u ec2-user pip install --user boto3 awscli detect-secrets
+                cd /tmp && wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz
+                tar zxf Python-3.9.13.tgz
+                cd Python-3.9.13/
+                ./configure --enable-optimizations
+                sudo make altinstall
+            03-install-prowler:
+              command: |
+                cd ~
+                python3.9 -m pip install prowler-cloud
         prowler-reports:
           files:
             /home/ec2-user/run-prowler-reports.sh:

contrib/org-multi-account/src/run-prowler-reports.sh

@@ -89,7 +89,7 @@ for accountId in $ACCOUNTS_IN_ORGS; do
         # Run Prowler
         echo -e "Assessing AWS Account: $accountId, using Role: $ROLE on $(date)"
         # remove -g cislevel for a full report and add other formats if needed
-        ./prowler/prowler -R "$ROLE" -A "$accountId" -g cislevel1 -M html -z
+        ./prowler/prowler.py --role arn:"$PARTITION":iam::"$accountId":role/"$ROLE" --compliance cis_1.5_aws -M html
         echo "Report stored locally at: prowler/output/ directory"
         TOTAL_SEC=$((SECONDS - START_TIME))
         echo -e "Completed AWS Account: $accountId, using Role: $ROLE on $(date)"

util/allowlist_example.txt

@@ -1,29 +0,0 @@
-# Each line is a (checkid:item) tuple
-
-# Example: Will not consider a myignoredbucket failures as full failure. (Still printed as a warning)
-check26:myignoredbucket
-
-# Note that by default, this searches for the string appearing *anywhere* in the resource name.
-# For example:
-#   extra718:ci-logs  # Will block bucket "ci-logs" AND ALSO bucket "ci-logs-replica"
-#   extra718:logs     # Will block EVERY BUCKET containing the string "logs"
-
-# line starting with # are ignored as comments
-# add a line per resource as here:
-#<checkid1>:<resource to ignore 1>
-#<checkid1>:<resource to ignore 2>
-# checkid2
-#<checkid2>:<resource to ignore 1>
-
-# REGEXES
-# This allowlist works with regexes (ERE, the same style of regex as grep -E and bash's =~ use)
-# therefore:
-# extra718:[[:alnum:]]+-logs # will ignore all buckets containing the terms ci-logs, qa-logs, etc.
-
-# EXAMPLE: CONTROL TOWER
-# When using Control Tower, guardrails prevent access to certain protected resources. The allowlist
-# below ensures that warnings instead of errors are reported for the affected resources.
-#extra734:aws-controltower-logs-[[:digit:]]+-[[:alpha:]\-]+
-#extra734:aws-controltower-s3-access-logs-[[:digit:]]+-[[:alpha:]\-]+
-#extra764:aws-controltower-logs-[[:digit:]]+-[[:alpha:]\-]+
-#extra764:aws-controltower-s3-access-logs-[[:digit:]]+-[[:alpha:]\-]+

util/cloud9-installation.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Upgrade AWS CLI to v2
-sudo yum update -y
-sudo yum remove -y awscli
-cd /opt || exit
-sudo curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-sudo  unzip awscliv2.zip
-sudo ./aws/install
-# shellcheck disable=SC1090
-. ~/.profile # to load the new path for AWS CLI v2
-sudo rm -fr /opt/aws/
-cd ~/environment/ || exit
-# Prepare Prowler 3.0
-git clone https://github.com/prowler-cloud/prowler
-cd prowler || exit
-pipenv install && pipenv shell