Merge branch 'marcjay-simplify-check-id-variables'

checks/check11

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check11="1.1,1.01"
+CHECK_ID_check11="1.1"
 CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)"
 CHECK_SCORED_check11="SCORED"
 CHECK_TYPE_check11="LEVEL1"

checks/check12

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check12="1.2,1.02"
+CHECK_ID_check12="1.2"
 CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
 CHECK_SCORED_check12="SCORED"
 CHECK_TYPE_check12="LEVEL1"

checks/check13

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check13="1.3,1.03"
+CHECK_ID_check13="1.3"
 CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
 CHECK_SCORED_check13="SCORED"
 CHECK_TYPE_check13="LEVEL1"

checks/check14

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check14="1.4,1.04"
+CHECK_ID_check14="1.4"
 CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)"
 CHECK_SCORED_check14="SCORED"
 CHECK_TYPE_check14="LEVEL1"

checks/check15

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check15="1.5,1.05"
+CHECK_ID_check15="1.5"
 CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)"
 CHECK_SCORED_check15="SCORED"
 CHECK_TYPE_check15="LEVEL1"

checks/check16

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check16="1.6,1.06"
+CHECK_ID_check16="1.6"
 CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)"
 CHECK_SCORED_check16="SCORED"
 CHECK_TYPE_check16="LEVEL1"

checks/check17

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check17="1.7,1.07"
+CHECK_ID_check17="1.7"
 CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)"
 CHECK_SCORED_check17="SCORED"
 CHECK_TYPE_check17="LEVEL1"

checks/check18

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check18="1.8,1.08"
+CHECK_ID_check18="1.8"
 CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)"
 CHECK_SCORED_check18="SCORED"
 CHECK_TYPE_check18="LEVEL1"

checks/check19

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check19="1.9,1.09"
+CHECK_ID_check19="1.9"
 CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)"
 CHECK_SCORED_check19="SCORED"
 CHECK_TYPE_check19="LEVEL1"

checks/check21

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check21="2.1,2.01"
+CHECK_ID_check21="2.1"
 CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)"
 CHECK_SCORED_check21="SCORED"
 CHECK_TYPE_check21="LEVEL1"

checks/check22

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check22="2.2,2.02"
+CHECK_ID_check22="2.2"
 CHECK_TITLE_check22="[check22] Ensure CloudTrail log file validation is enabled (Scored)"
 CHECK_SCORED_check22="SCORED"
 CHECK_TYPE_check22="LEVEL2"

checks/check23

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check23="2.3,2.03"
+CHECK_ID_check23="2.3"
 CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"
 CHECK_SCORED_check23="SCORED"
 CHECK_TYPE_check23="LEVEL1"

checks/check24

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check24="2.4,2.04"
+CHECK_ID_check24="2.4"
 CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"
 CHECK_SCORED_check24="SCORED"
 CHECK_TYPE_check24="LEVEL1"

checks/check25

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check25="2.5,2.05"
+CHECK_ID_check25="2.5"
 CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)"
 CHECK_SCORED_check25="SCORED"
 CHECK_TYPE_check25="LEVEL1"

checks/check26

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check26="2.6,2.06"
+CHECK_ID_check26="2.6"
 CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"
 CHECK_SCORED_check26="SCORED"
 CHECK_TYPE_check26="LEVEL1"

checks/check27

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check27="2.7,2.07"
+CHECK_ID_check27="2.7"
 CHECK_TITLE_check27="[check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"
 CHECK_SCORED_check27="SCORED"
 CHECK_TYPE_check27="LEVEL2"

checks/check28

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check28="2.8,2.08"
+CHECK_ID_check28="2.8"
 CHECK_TITLE_check28="[check28] Ensure rotation for customer created CMKs is enabled (Scored)"
 CHECK_SCORED_check28="SCORED"
 CHECK_TYPE_check28="LEVEL2"

checks/check29

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check29="2.9,2.09"
+CHECK_ID_check29="2.9"
 CHECK_TITLE_check29="[check29] Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
 CHECK_SCORED_check29="SCORED"
 CHECK_TYPE_check29="LEVEL2"

checks/check31

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check31="3.1,3.01"
+CHECK_ID_check31="3.1"
 CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"
 CHECK_SCORED_check31="SCORED"
 CHECK_TYPE_check31="LEVEL1"

checks/check32

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check32="3.2,3.02"
+CHECK_ID_check32="3.2"
 CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"
 CHECK_SCORED_check32="SCORED"
 CHECK_TYPE_check32="LEVEL1"

checks/check33

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check33="3.3,3.03"
+CHECK_ID_check33="3.3"
 CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account (Scored)"
 CHECK_SCORED_check33="SCORED"
 CHECK_TYPE_check33="LEVEL1"

checks/check34

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check34="3.4,3.04"
+CHECK_ID_check34="3.4"
 CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"
 CHECK_SCORED_check34="SCORED"
 CHECK_TYPE_check34="LEVEL1"

checks/check35

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check35="3.5,3.05"
+CHECK_ID_check35="3.5"
 CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"
 CHECK_SCORED_check35="SCORED"
 CHECK_TYPE_check35="LEVEL1"

checks/check36

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check36="3.6,3.06"
+CHECK_ID_check36="3.6"
 CHECK_TITLE_check36="[check36] Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"
 CHECK_SCORED_check36="SCORED"
 CHECK_TYPE_check36="LEVEL2"

checks/check37

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check37="3.7,3.07"
+CHECK_ID_check37="3.7"
 CHECK_TITLE_check37="[check37] Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"
 CHECK_SCORED_check37="SCORED"
 CHECK_TYPE_check37="LEVEL2"

checks/check38

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check38="3.8,3.08"
+CHECK_ID_check38="3.8"
 CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"
 CHECK_SCORED_check38="SCORED"
 CHECK_TYPE_check38="LEVEL1"

checks/check39

@@ -33,7 +33,7 @@
 #     --actions-enabled \
 #     --alarm-actions arn:aws:sns:us-east-1:123456789012:CloudWatchAlarmTopic
 
-CHECK_ID_check39="3.9,3.09"
+CHECK_ID_check39="3.9"
 CHECK_TITLE_check39="[check39] Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"
 CHECK_SCORED_check39="SCORED"
 CHECK_TYPE_check39="LEVEL2"

checks/check41

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check41="4.1,4.01"
+CHECK_ID_check41="4.1"
 CHECK_TITLE_check41="[check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)"
 CHECK_SCORED_check41="SCORED"
 CHECK_TYPE_check41="LEVEL2"

checks/check42

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check42="4.2,4.02"
+CHECK_ID_check42="4.2"
 CHECK_TITLE_check42="[check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)"
 CHECK_SCORED_check42="SCORED"
 CHECK_TYPE_check42="LEVEL2"

checks/check43

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check43="4.3,4.03"
+CHECK_ID_check43="4.3"
 CHECK_TITLE_check43="[check43] Ensure the default security group of every VPC restricts all traffic (Scored)"
 CHECK_SCORED_check43="SCORED"
 CHECK_TYPE_check43="LEVEL2"

checks/check44

@@ -8,7 +8,7 @@
 # You should have received a copy of the license along with this
 # work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
 
-CHECK_ID_check44="4.4,4.04"
+CHECK_ID_check44="4.4"
 CHECK_TITLE_check44="[check44] Ensure routing tables for VPC peering are \"least access\" (Not Scored)"
 CHECK_SCORED_check44="NOT_SCORED"
 CHECK_TYPE_check44="LEVEL2"

checks/check_extra71

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra71="7.1,7.01"
+CHECK_ID_extra71="7.1"
 CHECK_TITLE_extra71="[extra71] Ensure users of groups with AdministratorAccess policy have MFA tokens enabled (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra71="NOT_SCORED"
 CHECK_TYPE_extra71="EXTRA"

checks/check_extra72

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra72="7.2,7.02"
+CHECK_ID_extra72="7.2"
 CHECK_TITLE_extra72="[extra72] Ensure there are no EBS Snapshots set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra72="NOT_SCORED"
 CHECK_TYPE_extra72="EXTRA"

checks/check_extra73

@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 
-CHECK_ID_extra73="7.3,7.03"
+CHECK_ID_extra73="7.3"
 CHECK_TITLE_extra73="[extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra73="NOT_SCORED"
 CHECK_TYPE_extra73="EXTRA"

checks/check_extra74

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra74="7.4,7.04"
+CHECK_ID_extra74="7.4"
 CHECK_TITLE_extra74="[extra74] Ensure there are no Security Groups without ingress filtering being used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra74="NOT_SCORED"
 CHECK_TYPE_extra74="EXTRA"

checks/check_extra75

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra75="7.5,7.05"
+CHECK_ID_extra75="7.5"
 CHECK_TITLE_extra75="[extra75] Ensure there are no Security Groups not being used (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra75="NOT_SCORED"
 CHECK_TYPE_extra75="EXTRA"

checks/check_extra76

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra76="7.6,7.06"
+CHECK_ID_extra76="7.6"
 CHECK_TITLE_extra76="[extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra76="NOT_SCORED"
 CHECK_TYPE_extra76="EXTRA"

checks/check_extra77

@@ -11,7 +11,7 @@
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 
-CHECK_ID_extra77="7.7,7.07"
+CHECK_ID_extra77="7.7"
 CHECK_TITLE_extra77="[extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra77="NOT_SCORED"
 CHECK_TYPE_extra77="EXTRA"

checks/check_extra78

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra78="7.8,7.08"
+CHECK_ID_extra78="7.8"
 CHECK_TITLE_extra78="[extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra78="NOT_SCORED"
 CHECK_TYPE_extra78="EXTRA"

checks/check_extra79

@@ -10,7 +10,7 @@
 # under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 # CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
-CHECK_ID_extra79="7.9,7.09"
+CHECK_ID_extra79="7.9"
 CHECK_TITLE_extra79="[extra79] Check for internet facing Elastic Load Balancers (Not Scored) (Not part of CIS benchmark)"
 CHECK_SCORED_extra79="NOT_SCORED"
 CHECK_TYPE_extra79="EXTRA"

include/outputs

@@ -104,9 +104,8 @@ textTitle(){
   CHECKS_COUNTER=$((CHECKS_COUNTER+1))
   TITLE_ID=$1
   if [[ $NUMERAL ]]; then
-    TITLE_ID=$(echo $TITLE_ID | cut -d, -f2)
-  else
-    TITLE_ID=$(echo $TITLE_ID | cut -d, -f1)
+    # Left-pad the check ID with zeros to simplify sorting, e.g. 1.1 -> 1.01
+    TITLE_ID=$(awk -F'.' '{ printf "%d.%02d", $1, $2 }' <<< "$TITLE_ID")
   fi
 
   TITLE_TEXT=$2

prowler

@@ -244,7 +244,7 @@ show_check_title() {
 
 # Function to show the title of a group, by numeric id
 show_group_title() {
-	# when csv mode is used, no group tittle is shown
+	# when csv mode is used, no group title is shown
   if [[ "$MODE" != "csv" ]]; then
       textTitle "${GROUP_NUMBER[$1]}" "${GROUP_TITLE[$1]}" "NOT_SCORED" "SUPPORT"
   fi
@@ -280,7 +280,7 @@ execute_check() {
     local check_id_var=CHECK_ID_$1
     local check_id=${!check_id_var}
     if [ ${check_id} ]; then
-      if [[ ${check_id} == 1* || ${check_id} == 7.1,7.01 || ${check_id} == 7.74 ]];then
+      if [[ ${check_id} == 1* || ${check_id} == 7.1 || ${check_id} == 7.74 ]];then
         if [ ! -s $TEMP_REPORT_FILE ];then
           genCredReport
           saveReport