feat(pip): Prepare for PyPI (#1531)

.github/ISSUE_TEMPLATE/bug_report.md

@@ -15,30 +15,30 @@ PROTIP: record your screen and attach it as a gif to showcase the issue.
 - How to record and attach gif: https://bit.ly/2Mi8T6K
 -->
 
-**What happened?**  
+**What happened?**
 A clear and concise description of what the bug is or what is not working as expected
 
 
-**How to reproduce it**  
+**How to reproduce it**
 Steps to reproduce the behavior:
 1. What command are you running?
 2. Environment you have, like single account, multi-account, organizations, etc.
 3. See error
 
 
-**Expected behavior**  
+**Expected behavior**
 A clear and concise description of what you expected to happen.
 
 
-**Screenshots or Logs**  
+**Screenshots or Logs**
 If applicable, add screenshots to help explain your problem.
 Also, you can add logs (anonymize them first!). Here a command that may help to share a log
 `bash -x ./prowler -options > debug.log 2>&1` then attach here `debug.log`
 
 
-**From where are you running Prowler?**  
+**From where are you running Prowler?**
 Please, complete the following information:
- - Resource: [e.g. EC2 instance, Fargate task, Docker container manually, EKS, Cloud9, CodeBuild, workstation, etc.)  
+ - Resource: [e.g. EC2 instance, Fargate task, Docker container manually, EKS, Cloud9, CodeBuild, workstation, etc.)
  - OS: [e.g. Amazon Linux 2, Mac, Alpine, Windows, etc. ]
  - AWS-CLI Version [`aws --version`]:
  - Prowler Version [`./prowler -V`]:

.github/pull_request_template.md

@@ -1,4 +1,4 @@
-### Context 
+### Context
 
 Please include relevant motivation and context for this PR.
 

.github/workflows/build-lint-push-containers.yml

@@ -7,7 +7,7 @@ on:
     paths-ignore:
       - '.github/**'
       - 'README.md'
-      
+
   release:
     types: [published]
 

.github/workflows/pull-request.yml

@@ -3,14 +3,13 @@ name: Lint & Test
 on:
   push:
     branches:
-      - 'prowler-3.0-dev'
+      - "prowler-3.0-dev"
   pull_request:
     branches:
-      - 'prowler-3.0-dev'
+      - "prowler-3.0-dev"
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -36,7 +35,7 @@ jobs:
           pipenv run black --check .
       - name: Lint with pylint
         run: |
-          pipenv run pylint --disable=W,C,R,E -j 0 providers lib util config
+          pipenv run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
       - name: Bandit
         run: |
           pipenv run bandit -q -lll -x '*_test.py,./contrib/' -r .
@@ -48,4 +47,4 @@ jobs:
           pipenv run vulture --exclude "contrib" --min-confidence 100 .
       - name: Test with pytest
         run: |
-          pipenv run pytest -n auto
+          pipenv run pytest tests -n auto

.github/workflows/refresh_aws_services_regions.yml

@@ -44,7 +44,7 @@ jobs:
             ### Description
 
             This PR updates the regions for AWS services.
-            
+
             ### License
 
             By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

.gitignore

@@ -8,6 +8,9 @@
 # Python code
 __pycache__
 venv/
+build/
+dist/
+*.egg-info/
 
 # Session
 Session.vim

.pre-commit-config.yaml

@@ -57,12 +57,12 @@ repos:
     hooks:
       - id: pylint
         name: pylint
-        entry: bash -c 'pylint --disable=W,C,R,E -j 0 -rn -sn providers lib util config'
+        entry: bash -c 'pylint --disable=W,C,R,E -j 0 -rn -sn prowler/'
         language: system
 
       - id: pytest-check
         name: pytest-check
-        entry: bash -c 'pytest -n auto'
+        entry: bash -c 'pytest tests -n auto'
         language: system
 
       - id: bandit

LICENSE

@@ -198,4 +198,4 @@ Copyright 2018 Netflix, Inc.
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

Makefile

@@ -22,6 +22,18 @@ lint: ## Lint Code
 	@echo "Running pylint..."
 	pylint --disable=W,C,R,E -j 0 providers lib util config
 
+##@ PyPI
+pypi-clean: ## Delete the distribution files
+	rm -rf ./dist && rm -rf ./build && rm -rf prowler_cloud.egg-info
+
+pypi-build: ## Build package
+	$(MAKE) pypi-clean && \
+	python3 -m build
+
+pypi-upload: ## Upload package
+	python3 -m twine upload --repository pypi dist/*
+
+
 ##@ Help
 help:     ## Show this help.
 	@echo "Prowler Makefile"

Pipfile

@@ -28,7 +28,7 @@ flake8 = "5.0.4"
 bandit = "1.7.4"
 safety = "2.3.1"
 vulture = "2.6"
-moto = "4.0.9"
+moto = "4.0.11"
 docker = "6.0.0"
 openapi-spec-validator = "0.5.1"
 pytest = "7.1.2"

contrib/cloudshell/README.md

@@ -2,11 +2,11 @@
 
 ### Use Case:
 
-Customers look to use multiple auditing tools in order to provide quick assessments about their AWS environments. These tools allow for reports to be generated for review by the customer and appropriate teams, which in turns helps them begin security remediation efforts. 
+Customers look to use multiple auditing tools in order to provide quick assessments about their AWS environments. These tools allow for reports to be generated for review by the customer and appropriate teams, which in turns helps them begin security remediation efforts.
 
 Prowler and ScoutSuite are two publicly available security auditing tools that provide comprehensive reports for customers using AWS.
 
-ShortCut is a mechanism for customers to use to run both Prowler and ScoutSuite within an AWS account, using AWS CloudShell. When customers use ShortCut, this allows for customers to quickly perform an audit on their environment, without having to provision IAM Access Keys or EC2 instances. 
+ShortCut is a mechanism for customers to use to run both Prowler and ScoutSuite within an AWS account, using AWS CloudShell. When customers use ShortCut, this allows for customers to quickly perform an audit on their environment, without having to provision IAM Access Keys or EC2 instances.
 
 ### Prerequisites:
 
@@ -54,4 +54,4 @@ screen -r scoutsuite
 
 8. In the Download File prompt, use the file path and file name to download the results.
 
-![Alt text](screenshots/download_prompt.png)
+![Alt text](screenshots/download_prompt.png)

contrib/cloudshell/shortcut.sh

@@ -17,7 +17,7 @@ mkdir ${account}-results
 cd ~
 git clone https://github.com/prowler-cloud/prowler
 pip3 install detect-secrets --user
-cd prowler 
+cd prowler
 screen -dmS prowler sh -c "./prowler -M csv,html;cd ~;zip -r ${account}-results/prowler-${account}.zip /home/cloudshell-user/prowler/output"
 
 # ScoutSuite

contrib/codebuild/codebuild-prowler-audit-account-cfn.yaml

@@ -12,14 +12,14 @@ Parameters:
     Type: Number
     Default: 3
     AllowedValues: [1, 3, 5, 7, 14, 30, 60, 90, 180, 365]
-  
+
   ProwlerOptions:
     Description: 'Options to pass to Prowler command, make sure at least -M junit-xml is used for CodeBuild reports. Use -r for the region to send API queries, -f to filter only one region, -M output formats, -c for comma separated checks, for all checks do not use -c or -g, for more options see -h. For a complete assessment use  "-M text,junit-xml,html,csv,json", for SecurityHub integration use "-r region -f region -M text,junit-xml,html,csv,json,json-asff -S -q"'
     Type: String
     # Prowler command below runs a set of checks, configure it base on your needs, no options will run all regions all checks.
     # option -M junit-xml is requirede in order to get the report in CodeBuild.
     Default: -r eu-west-1 -f eu-west-1 -M text,junit-xml,html,csv,json -c check11,check12,check13,check14
-  
+
   ProwlerScheduler:
     Description: The time when Prowler will run in cron format. Default is daily at 22:00h or 10PM 'cron(0 22 * * ? *)', for every 5 hours also works 'rate(5 hours)'. More info here https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html.
     Type: String
@@ -297,14 +297,14 @@ Resources:
                 python: 3.9
               commands:
                 - echo "Installing Prowler and dependencies..."
-                - pip3 install detect-secrets 
+                - pip3 install detect-secrets
             build:
               commands:
                 - echo "Running Prowler as ./prowler $PROWLER_OPTIONS"
-                - ./prowler $PROWLER_OPTIONS 
+                - ./prowler $PROWLER_OPTIONS
             post_build:
               commands:
-                - echo "Uploading reports to S3..." 
+                - echo "Uploading reports to S3..."
                 - aws s3 cp --sse AES256 output/ s3://$BUCKET_REPORT/ --recursive
                 - echo "Done!"
           reports:

contrib/html/generate-html-from-csv.sh

@@ -12,15 +12,15 @@
 # specific language governing permissions and limitations under the License.
 
 
-## This script helps to generate a single html report from a single or multiple csv 
+## This script helps to generate a single html report from a single or multiple csv
 # output reports.
 # I use it when I want to visualize multiple accounts reports in a single view.
-# Report information and Assessment Summary will be empty due to the variables 
+# Report information and Assessment Summary will be empty due to the variables
 # that are not set here.
 
 ## First: Remove the CSV header from each output report.
 
-## Second: If you want to aggretate all csv files in you can do like this: 
+## Second: If you want to aggretate all csv files in you can do like this:
 # find . -type f -name '*.csv' -exec cat {} + > prowler-output-unified-csv.file
 # use .file instead of .csv unless you want to get into an infinite loop ;)
 
@@ -30,7 +30,7 @@
 OUTPUT_FILE_NAME="report-unified-csv"
 EXTENSION_HTML="html"
 INPUT=$1
-IFS=',' # used inside the while loop for csv delimiter 
+IFS=',' # used inside the while loop for csv delimiter
 HTML_LOGO_URL="https://github.com/prowler-cloud/prowler/"
 HTML_LOGO_IMG="https://raw.githubusercontent.com/prowler-cloud/prowler/master/util/html/prowler-logo-new.png"
 
@@ -41,7 +41,7 @@ addHtmlHeader() {
   if [[ $PROFILE == "" ]];then
     PROFILE="ENV"
   fi
-  if [[ -z $HTML_REPORT_INIT ]]; then 
+  if [[ -z $HTML_REPORT_INIT ]]; then
   cat <<EOF
 <!DOCTYPE html>
 <html lang="en">
@@ -112,7 +112,7 @@ addHtmlHeader() {
             </li>
           </ul>
         </div>
-        * Sortable columns are CheckID (default) and Result 
+        * Sortable columns are CheckID (default) and Result
       </div>
     </div>
     <div class="row mt-3">
@@ -135,7 +135,7 @@ addHtmlHeader() {
           <tbody>
 EOF
 
-fi 
+fi
 }
 
 addHtmlFooter() {
@@ -170,7 +170,7 @@ unset HTML_REPORT_INIT
 
 addHtmlHeader > ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
 while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL TITLE_TEXT NOTES ASFF_COMPLIANCE_TYPE CHECK_SEVERITY CHECK_SERVICENAME;do
-  if [[ $RESULT == "INFO" ]]; then 
+  if [[ $RESULT == "INFO" ]]; then
     echo '<tr class="table-info">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><i class="fas fa-info-circle"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>INFO</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
@@ -183,8 +183,8 @@ while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL T
       echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi 
+  fi
-  if [[ $RESULT == "PASS" ]]; then 
+  if [[ $RESULT == "PASS" ]]; then
     echo '<tr class="p-3 mb-2 bg-success">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><i class="fas fa-thumbs-up"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>PASS</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
@@ -197,8 +197,8 @@ while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL T
       echo '<td>'$TITLE_TEXT'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-  fi 
+  fi
-  if [[ $RESULT == "FAIL" ]]; then 
+  if [[ $RESULT == "FAIL" ]]; then
     echo '<tr class="table-danger" >' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td> <i class="fas fa-thumbs-down"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>FAIL</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
@@ -212,7 +212,7 @@ while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL T
       echo '<td>'$NOTES'</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
     echo '</tr>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
   fi
-  if [[ $RESULT == "WARNING" ]]; then 
+  if [[ $RESULT == "WARNING" ]]; then
     echo '<tr class="table-warning">' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td><i class="fas fa-exclamation-triangle"></i></td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
       echo '<td>WARN</td>' >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
@@ -228,6 +228,3 @@ while IFS=, read -r PROFILE ACCOUNT_NUM REPREGION TITLE_ID RESULT SCORED LEVEL T
   fi
 done < $INPUT
 addHtmlFooter >> ${OUTPUT_FILE_NAME}.$EXTENSION_HTML
-
-
-

contrib/k8s/README.md

@@ -1,9 +1,9 @@
 ## K8S - Cronjob
 Simple instructions to add a cronjob on K8S to execute a prowler and save the results on AWS S3.
 
-### Files: 
+### Files:
 cronjob.yml ---> is a **cronjob** for K8S, you must set the frequency and probes from yours scans \
-secret.yml -----> is a **secret** file with AWS ID/Secret and the name of bucket 
+secret.yml -----> is a **secret** file with AWS ID/Secret and the name of bucket
 
 ### To apply:
 

contrib/k8s/cronjob.yml

@@ -16,7 +16,7 @@ spec:
           - name: prowler
             image: toniblyx/prowler:latest
             imagePullPolicy: Always
-            command: 
+            command:
             - "./prowler"
             args: [ "-g", "hipaa", "-M", "csv,json,html", "-B", "$(awsS3Bucket)" ]
             env:
@@ -30,11 +30,11 @@ spec:
                 secretKeyRef:
                   name:  devsecops-prowler-cronjob-secret
                   key: awsSecretKey
-            - name: awsS3Bucket 
+            - name: awsS3Bucket
               valueFrom:
                 secretKeyRef:
                   name:  devsecops-prowler-cronjob-secret
-                  key: awsS3Bucket 
+                  key: awsS3Bucket
             imagePullPolicy: IfNotPresent
           restartPolicy: OnFailure
       backoffLimit: 3

contrib/multi-account-securityhub/.awsvariables

@@ -1,3 +1,3 @@
 export ROLE=ProwlerXA-Role
 export PARALLEL_ACCOUNTS=1
-export REGION=us-east-1
+export REGION=us-east-1

contrib/multi-account-securityhub/Dockerfile

@@ -42,4 +42,4 @@ RUN \
 USER ${USERNAME}
 
 # Run script
-ENTRYPOINT ["/run-prowler-securityhub.sh"]
+ENTRYPOINT ["/run-prowler-securityhub.sh"]

contrib/multi-account-securityhub/README.md

@@ -15,7 +15,7 @@ Originally based on [org-multi-account](https://github.com/prowler-cloud/prowler
  The solution is designed to be very simple. Prowler is run via an ECS Task definition that launches a single Fargate container. This Task Definition is executed on a schedule using an EventBridge Rule.
 
 ## CloudFormation Templates
- 
+
  ### CF-Prowler-IAM.yml
 Creates the following IAM Roles:
 
@@ -33,7 +33,7 @@ Creates the following resources:
  5. **ProwlerTaskScheduler**: EventBridge Rule that schedules the execution of the Task Definition. The cron expression is specified as a CloudFormation template parameter.
 
 ### CF-Prowler-CrossAccountRole.yml
-Creates the cross account IAM Role required for Prowler to run. Deploy it as StackSet in every account in the AWS Organization.  
+Creates the cross account IAM Role required for Prowler to run. Deploy it as StackSet in every account in the AWS Organization.
 
 ## Docker Container
 
@@ -42,7 +42,7 @@ The Dockerfile does the following:
  1. Uses amazonlinux:2022 as a base.
  2. Downloads required dependencies.
  3. Copies the .awsvariables and run-prowler-securityhub.sh files into the root.
- 4. Downloads the specified version of Prowler as recommended in the release notes. 
+ 4. Downloads the specified version of Prowler as recommended in the release notes.
  5. Assigns permissions to a lower privileged user and then drops to it.
  6. Runs the script.
 
@@ -58,10 +58,10 @@ The script gets the list of accounts in AWS Organizations, and then executes Pro
 The logs that are generated and sent to Cloudwatch are error logs, and assessment start and finish logs.
 
 ## Instructions
- 1. Create a Private ECR Repository in the account that will host the Prowler container. The Audit account is recommended, but any account can be used. 
+ 1. Create a Private ECR Repository in the account that will host the Prowler container. The Audit account is recommended, but any account can be used.
  2.  Configure the .awsvariables file. Note the ROLE name chosen as it will be the CrossAccountRole.
  3. Follow the steps from "View Push Commands" to build and upload the container image. You need to have Docker and AWS CLI installed, and use the cli to login to the account first.  After upload note the Image URI, as it is required for the CF-Prowler-ECS template.
- 4.  Make sure SecurityHub is enabled in every account in AWS Organizations, and that the SecurityHub integration is enabled as explained in [Prowler - Security Hub Integration](https://github.com/prowler-cloud/prowler#security-hub-integration) 
+ 4.  Make sure SecurityHub is enabled in every account in AWS Organizations, and that the SecurityHub integration is enabled as explained in [Prowler - Security Hub Integration](https://github.com/prowler-cloud/prowler#security-hub-integration)
  5. Deploy **CF-Prowler-CrossAccountRole.yml** in the Master Account as a single stack. You will have to choose the CrossAccountRole name (ProwlerXA-Role by default) and the ProwlerTaskRoleName (ProwlerECSTask-Role by default)
  6. Deploy **CF-Prowler-CrossAccountRole.yml** in every Member Account as a StackSet. Choose the same CrossAccountName and ProwlerTaskRoleName as the previous step.
  7. Deploy **CF-Prowler-IAM.yml** in the account that will host the Prowler container (the same from step 1).  The following template parameters must be provided:
@@ -72,7 +72,7 @@ The logs that are generated and sent to Cloudwatch are error logs, and assessmen
  8. Deploy **CF-Prowler-ECS.yml** in the account that will host the Prowler container (the same from step 1).  The following template parameters must be provided:
 	- **ProwlerClusterName**: Name for the ECS Cluster (default ProwlerCluster)
 	- **ProwlerContainerName**: Name for the Prowler container (default prowler)
-	- **ProwlerContainerInfo**: ECR URI from step 1. 
+	- **ProwlerContainerInfo**: ECR URI from step 1.
 	- **ProwlerECSLogGroupName**: CloudWatch Log Group name (default /aws/ecs/SecurityHub-Prowler)
 	- **SecurityGroupVPCId**: VPC ID for the VPC where the container will run.
 	- **ProwlerScheduledSubnet1 and 2**: Subnets IDs from the VPC specified. Choose private subnets if possible.
@@ -90,5 +90,5 @@ If you permission find errors in the CloudWatch logs, the culprit might be a [Se
 ---
 ## Upgrading Prowler
 
-Prowler version is controlled by the PROWLERVER argument in the Dockerfile, change it to the desired version and follow the ECR Push Commands to update the container image. 
+Prowler version is controlled by the PROWLERVER argument in the Dockerfile, change it to the desired version and follow the ECR Push Commands to update the container image.
-Old images can be deleted from the ECR Repository after the new image is confirmed to work. They will show as "untagged" as only one image can hold the "latest" tag.
+Old images can be deleted from the ECR Repository after the new image is confirmed to work. They will show as "untagged" as only one image can hold the "latest" tag.

contrib/multi-account-securityhub/templates/CF-Prowler-CrossAccountRole.yml

@@ -94,4 +94,4 @@ Resources:
 Outputs:
   ProwlerCrossAccountRole:
     Description: CrossAccount Role to be used by Prowler to assess AWS Accounts in the AWS Organization.
-    Value: !Ref ProwlerCrossAccountRole
+    Value: !Ref ProwlerCrossAccountRole

contrib/multi-account-securityhub/templates/CF-Prowler-ECS.yml

@@ -5,14 +5,14 @@ Parameters:
     Type: String
     Description: Name of the ECS Cluster that the Prowler Fargate Task will run in
     Default: ProwlerCluster
-  ProwlerContainerName: 
+  ProwlerContainerName:
     Type: String
     Description: Name of the Prowler Container Definition within the ECS Task
     Default: prowler
-  ProwlerContainerInfo: 
+  ProwlerContainerInfo:
     Type: String
     Description: ECR URI of the Prowler container
-  ProwlerECSLogGroupName: 
+  ProwlerECSLogGroupName:
     Type: String
     Description: Name for the log group to be created
     Default: /aws/ecs/SecurityHub-Prowler
@@ -41,17 +41,17 @@ Parameters:
 Resources:
   ProwlerECSCloudWatchLogsGroup:
     Type: AWS::Logs::LogGroup
-    Properties: 
+    Properties:
       LogGroupName: !Ref ProwlerECSLogGroupName
       RetentionInDays: 90
   ProwlerECSCluster:
     Type: AWS::ECS::Cluster
-    Properties: 
+    Properties:
       ClusterName: !Ref ProwlerClusterName
   ProwlerECSTaskDefinition:
     Type: AWS::ECS::TaskDefinition
-    Properties: 
+    Properties:
-      ContainerDefinitions: 
+      ContainerDefinitions:
         - Image: !Ref ProwlerContainerInfo
           Name: !Ref ProwlerContainerName
           LogConfiguration:
@@ -99,4 +99,4 @@ Resources:
                   - !Ref ProwlerSecurityGroup
                 Subnets:
                   - !Ref ProwlerScheduledSubnet1
-                  - !Ref ProwlerScheduledSubnet2
+                  - !Ref ProwlerScheduledSubnet2

contrib/multi-account-securityhub/templates/CF-Prowler-IAM.yml

@@ -102,4 +102,4 @@ Outputs:
     Value: !GetAtt ProwlerTaskRole.Arn
   ECSEventRoleARN:
     Description: ARN of the Eventbridge Task Role
-    Value: !GetAtt ECSEventRole.Arn
+    Value: !GetAtt ECSEventRole.Arn

contrib/org-multi-account/serverless_codebuild/README.md

@@ -32,7 +32,7 @@ For more information on how to use prowler, see [here](https://github.com/prowle
       - Specify regions : Region to deploy
 3. **Audit Account**
    1. Go to S3 console, create a bucket, upload [run-prowler-reports.sh.zip](src/run-prowler-reports.sh.zip)
-      - bucket name : prowler-util-*[Account ID]*-*[region]*  
+      - bucket name : prowler-util-*[Account ID]*-*[region]*
      ![Untitled](docs/images/s3_screenshot.png)
 
    1. Deploy  [ProwlerCodeBuildStack.yaml](templates/ProwlerCodeBuildStack.yaml) which creates CloudWatch Rule to trigger CodeBuild every fixed time, allowing prowler to audit multi-accounts.
@@ -45,4 +45,4 @@ For more information on how to use prowler, see [here](https://github.com/prowle
       - ProwlerReportS3Account : The account where the report S3 bucket resides.
    1. If you'd like to change the scheduled time,
       1. You can change the cron expression of ScheduleExpression within [ProwlerCodeBuildStack.yaml](templates/ProwlerCodeBuildStack.yaml).
-      2. Alternatively, you can make changes directrly from Events > Rules > ProwlerExecuteRule > Actions > Edit in CloudWatch console.
+      2. Alternatively, you can make changes directrly from Events > Rules > ProwlerExecuteRule > Actions > Edit in CloudWatch console.

contrib/org-multi-account/serverless_codebuild/README_kr.md

@@ -4,7 +4,7 @@ Langage: [English](README.md)
 
 이 문서는 AWS Organization 내의 multi account 환경에서 prowler 를 적용하기 위해 작성된 문서입니다.
 일정 시간마다 CloudWatch는 CodeBuild 를 트리거합니다.
-CodeBuild 는 최신의 [prowler](https://github.com/prowler-cloud/prowler) 소스를 클론받고, 
+CodeBuild 는 최신의 [prowler](https://github.com/prowler-cloud/prowler) 소스를 클론받고,
 Organization 내의 모든 Account 에 대해 security assessment 를 수행합니다.
 prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud/prowler#usagee) 을 참고합니다.
 
@@ -59,4 +59,4 @@ prowler 의 자세한 사용방법은 [이 곳](https://github.com/prowler-cloud
       - ProwlerReportS3Account : report 가 저장될 S3 bucket이 위치한 Account
    3. 스케줄 된 시간을 변경하고 싶은 경우
       1. [ProwlerCodeBuildStack.yaml](templates/ProwlerCodeBuildStack.yaml) 내에서 ScheduleExpression의 크론 표현식을 변경할 수 있습니다.
-      2. 또는 CloudWatch console 에서 Events > Rules > ProwlerExecuteRule > Actions > Edit 에서 직접 변경할 수 있습니다.
+      2. 또는 CloudWatch console 에서 Events > Rules > ProwlerExecuteRule > Actions > Edit 에서 직접 변경할 수 있습니다.

contrib/terraform-kickstarter/data.tf

@@ -209,4 +209,4 @@ data "aws_iam_policy" "SecurityAudit" {
 data "aws_caller_identity" "current" {
 }
 data "aws_region" "current" {
-}
+}

contrib/terraform-kickstarter/main.tf

@@ -256,7 +256,7 @@ resource "aws_iam_role" "prowler_event_trigger_role" {
                                 }
                               ]
                             })
-    
+
 }
 resource "aws_iam_policy" "prowler_event_trigger_policy" {
   depends_on        = [aws_codebuild_project.prowler_codebuild]
@@ -328,7 +328,7 @@ resource "aws_iam_policy" "prowler_kickstarter_iam_policy" {
                   ]
         Effect   = "Allow"
         Resource = "arn:aws:glue:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:catalog"
-                                    
+
       },
       {
         Action =  [
@@ -340,19 +340,19 @@ resource "aws_iam_policy" "prowler_kickstarter_iam_policy" {
                                     ]
         Effect   = "Allow"
         Resource = "arn:aws:codebuild:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:report-group/*"
-                                    
+
       },
        {
         Action =  [ "securityhub:BatchImportFindings"]
         Effect   = "Allow"
-        Resource = "*"                      
+        Resource = "*"
       },
              {
         Action =  [ "securityhub:GetFindings"]
         Effect   = "Allow"
-        Resource = "*"                      
+        Resource = "*"
       },
-      { 
+      {
             "Action": "codebuild:StartBuild",
             "Resource": "arn:aws:codebuild:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:project/*",
             "Effect": "Allow"
@@ -416,7 +416,7 @@ resource "aws_s3_bucket_policy" "prowler_report_storage_bucket_policy" {
                                     }
                                 }
                             }
-                            
+
                             ]
                         })
                         }
@@ -474,7 +474,7 @@ resource "aws_codebuild_project" "prowler_codebuild" {
 
 
 
-resource "aws_securityhub_account" "securityhub_resource" { 
+resource "aws_securityhub_account" "securityhub_resource" {
     }
 
 resource "aws_securityhub_product_subscription" "security_hub_enable_prowler_findings" {
@@ -496,4 +496,4 @@ resource "aws_cloudwatch_event_target" "run_prowler_scan" {
   rule      = aws_cloudwatch_event_rule.prowler_check_scheduler_event.name
   role_arn  = aws_iam_role.prowler_event_trigger_role.arn
 
-    }
+    }

contrib/terraform-kickstarter/outputs.tf

@@ -206,4 +206,4 @@
 
 output "account_id" {
   value = data.aws_caller_identity.current.account_id
-}
+}

contrib/terraform-kickstarter/prowler_build_spec.yml

@@ -5,20 +5,20 @@ phases:
       python: 3.8
     commands:
       - echo "Installing Prowler and dependencies..."
-      - pip3 install detect-secrets 
+      - pip3 install detect-secrets
       - yum -y install jq
       - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
       - unzip awscliv2.zip
       - ./aws/install
       - git clone https://github.com/prowler-cloud/prowler
       - cd prowler
-      
+
   build:
     commands:
       - echo "Running Prowler as ./prowler $PROWLER_OPTIONS"
       - ./prowler $PROWLER_OPTIONS || true
   post_build:
     commands:
-      - echo "Scan Complete" 
+      - echo "Scan Complete"
       - aws s3 cp --sse AES256 output/ s3://$BUCKET_REPORT/ --recursive
       - echo "Done!"

contrib/terraform-kickstarter/tf_install.sh

@@ -6,4 +6,4 @@ cd prowler
 git checkout -t origin/terraform-kickstart
 sudo yum install -y yum-utils
 sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
-sudo yum -y install terraform
+sudo yum -y install terraform

contrib/wazuh/README.md

@@ -55,7 +55,7 @@ cp /var/ossec/integrations/prowler/integrations/prowler_rules.xml /var/ossec/etc
 ```
 
 Edit `/var/ossec/etc/ossec.conf` and add the following wodle configuration. Remember that here `timeout 21600 seconds` is 6 hours, just to allow Prowler runs completely in case of a large account. The interval recommended is 1d:
-```xml 
+```xml
   <wodle name="command">
     <disabled>no</disabled>
     <tag>aws-prowler: account1</tag>

contrib/wazuh/prowler-wrapper.py

@@ -19,15 +19,15 @@
 #   6 - Error sending to socket
 
 
-import signal
-import sys
-import socket
 import argparse
-import subprocess
 import json
-from datetime import datetime
 import os
 import re
+import signal
+import socket
+import subprocess
+import sys
+from datetime import datetime
 
 ################################################################################
 # Constants

groups/group10_hipaa

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[10]='hipaa'
-GROUP_NUMBER[10]='10.0'
-GROUP_TITLE[10]='HIPAA Compliance - ONLY AS REFERENCE - [hipaa] ****************'
-GROUP_RUN_BY_DEFAULT[10]='N' # run it when execute_all is called
-GROUP_CHECKS[10]='check12,check113,check23,check26,check27,check29,extra718,extra725,extra72,extra75,extra717,extra729,extra734,check38,extra73,extra740,extra735,check112,check13,check15,check16,check17,check18,check19,check21,check24,check28,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check39,extra792'
-
-# Resources:
-# https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf
-# https://www.slideshare.net/AmazonWebServices/wps301navigating-hipaa-and-hitrustquickstart-guide-to-account-gov-stratpdf

groups/group11_secrets

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[11]='secrets'
-GROUP_NUMBER[11]='11.0'
-GROUP_TITLE[11]='Look for keys secrets or passwords around resources - [secrets]'
-GROUP_RUN_BY_DEFAULT[11]='N' # but it runs when execute_all is called (default)
-GROUP_CHECKS[11]='extra741,extra742,extra759,extra760,extra768,extra775,extra7141'
-
-# requires https://github.com/Yelp/detect-secrets
-# `pip install detect-secrets` 
-

groups/group12_apigateway

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[12]='apigateway'
-GROUP_NUMBER[12]='12.0'
-GROUP_TITLE[12]='API Gateway security checks - [apigateway] ********************'
-GROUP_RUN_BY_DEFAULT[12]='N' # run it when execute_all is called
-GROUP_CHECKS[12]='extra722,extra743,extra744,extra745,extra746'
-

groups/group13_rds

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[13]='rds'
-GROUP_NUMBER[13]='13.0'
-GROUP_TITLE[13]='RDS security checks - [rds] ***********************************'
-GROUP_RUN_BY_DEFAULT[13]='N' # run it when execute_all is called
-GROUP_CHECKS[13]='extra78,extra723,extra735,extra739,extra747,extra7113,extra7131,extra7132,extra7133'

groups/group14_elasticsearch

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[14]='elasticsearch'
-GROUP_NUMBER[14]='14.0'
-GROUP_TITLE[14]='Elasticsearch related security checks - [elasticsearch] *******'
-GROUP_RUN_BY_DEFAULT[14]='N' # run it when execute_all is called
-GROUP_CHECKS[14]='extra715,extra716,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra787,extra788,extra7101'

groups/group15_pci

@@ -1,133 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[15]='pci'
-GROUP_NUMBER[15]='15.0'
-GROUP_TITLE[15]='PCI-DSS v3.2.1 Readiness - ONLY AS REFERENCE - [pci] **********'
-GROUP_RUN_BY_DEFAULT[15]='N' # run it when execute_all is called
-GROUP_CHECKS[15]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check112,check113,check114,check116,check21,check23,check25,check26,check27,check28,check29,check314,check36,check38,check43,extra711,extra713,extra717,extra718,extra72,extra729,extra735,extra738,extra740,extra744,extra748,extra75,extra750,extra751,extra753,extra754,extra755,extra773,extra78,extra780,extra781,extra782,extra783,extra784,extra785,extra787,extra788,extra798'
-
-# Resources:
-# https://github.com/toniblyx/prowler/issues/296
-
-# List of checks based on PCI v3.2.1
-# 3.1 Requirement: Install and Maintain a Firewall Configuration to Protect Cardholder Data
-
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to all ports and protocols extra748
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to RDP (TCP 3389) check42
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to SSH (TCP 22) check41
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Oracle (TCP 1521) extra749
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Oracle (TCP and UDP 2483) extra749
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Oracle (UDP 2483) extra749
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to MySQL (TCP 3306) extra750
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Postgres (TCP 5432) extra751
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Redis (TCP 6379)extra752
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to MongoDB (TCP 27017 and 27018) extra753
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Cassandra (TCP 7199, 9160 and 8888) extra754
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Memcached (TCP and UDP 11211) extra755
-#     Ensure no security groups allow ingress from 0.0.0.0/0 to Elasticsearch ports (TCP 9200/9300/5601) extra779
-#     Ensure the default security group restricts all traffic check43
-#     Remove unused security groups extra75
-#     RDS should not have Public interface open to a public scope extra78
-#     Check for Publicly Accessible Redshift Clusters extra711
-#     Ensure Lambda Functions are not publicly accessible   extra798
-
-# 3.2 Requirement 2: Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters
-
-#     Instance with administrative service: SSH (TCP:22) is exposed to the public Internet check41
-#     Instance with administrative service: RDP (TCP:3389) is exposed to the public Internet check42
-#     Instance with unencrypted Redis: (TCP:6379) is exposed to the public Internet extra752
-
-# 3.3 Requirement 3: Protect Stored Cardholder Data
-
-#     S3 Buckets Server Side encryption at rest extra734
-#     Ensure ECS Cluster At-rest encryption TODO
-#     Ensure DynamoDB -Server Side Encryption DONE (default behavior)
-#     Check if RDS instances storage is encrypted extra735
-#     Ensure there are no EBS Volumes unencrypted extra729
-#     Ensure CloudTrail logs are encrypted at rest using KMS CMKs check27
-#     Ensure rotation for customer created CMKs is enabled check28
-#     Check if EBS snapshots are encrypted extra740
-#     Ensure there are no EBS Snapshots set as Public extra72
-#     Ensure there is no Fargate containers in use (/aws/containers-roadmap/issues/314) TODO
-
-# 3.4 Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks
-
-#     Use encrypted connections between CloudFront and origin server extra738 and TODO
-#     Ensure that S3 Buckets only allow data transfer using SSL/TLS extra734
-#     ELB is setup with SSL for secure communications TODO
-#     Ensure the access keys are rotated every 90 days or less check14
-#     Network Load Balancer with unencrypted service: ElasticSearch (TCP:9200) is exposed to the public Internet TODO? ELB on SSL should be enough extra779 and extra716
-#     Network Load Balancer with unencrypted service: ElasticSearch (TCP:9300) is exposed to the public Internet TODO? ELB on SSL should be enough extra779 and extra716
-#     Network Load Balancer with unencrypted service: LDAP (UDP:389) is exposed to the public Internet TODO? ELB on SSL should be enough
-#     Network Load Balancer with unencrypted service: LDAP (TCP:389) is exposed to the public Internet TODO? ELB on SSL should be enough
-#     Instance with unencrypted service: ElasticSearch (TCP:9200) is exposed to the public Internet extra779 and extra716
-#     Instance with unencrypted service: ElasticSearch (TCP:9300) is exposed to the public Internet extra779 and extra716
-#     Instance with unencrypted service: LDAP (UDP:389) is exposed to the public Internet
-#     Instance with unencrypted service: LDAP (TCP:389) is exposed to the public Internet
-#     Instance with unencrypted Redis: (TCP:6379) is exposed to the public Internet
-
-# 3.5. Requirement 5: Protect All Systems Against Malware and Regularly Update Anti-Virus Software or Programs
-
-# N/A
-# 3.6. Requirement 6: Develop and Maintain Secure Systems and Applications
-
-#     Ensure Inspector has Assessment Targets TODO
-#     Ensure Inspector has a Scheduled Assessment Template TODO
-#     Check for WAF IPSet TODO
-#     Check for WAF Constraint Sets TODO
-#     Check for WAF Web ACL extra744,extra773
-
-# 3.7. Requirement 7: Restrict Access to Cardholder Data By Business Need To Know
-
-#     Credentials (access keys) unused for 90 days or more should be disabled check13
-#     Credentials (password enabled) unused for 90 days or more should be disabled check111
-#     Ensure IAM policies are attached only to groups or roles check116
-
-# 3.8. Requirement 8: Identify and Authenticate Access to System Components
-
-#     Enforce password policy: IAM (check15, check16, check17, check18, check19, check110, check111)
-#     Ensure that MFA is enabled for root account check113
-#     Ensure MFA is enabled for all IAM users that have a console password check12
-#     Ensure no root account access key exist check112
-#     Ensure hardware MFA is enabled for the root account check114
-#     Avoid the use of root account. check11
-
-# 3.9 Requirement 9: Restrict Physical Access to Cardholder Data
-
-# N/A
-# 3.10. Requirement 10: Track and Monitor All Access to Network Resources and Cardholder Data
-
-#     Ensure CloudTrail is enabled in all regions check21
-#     Ensure VPC Flow Logging is enabled in all the applicable Regions check29
-#     Ensure S3 Buckets access logging is enabled on the CloudTrail S3 bucket check26
-#     ELB is created with access logs enabled extra717
-#     S3 bucket should have server access logging enabled extra718
-#     Ensure AWS Config in all regions check25
-#     S3 bucket CloudTrail logs should not have public accessible check23
-#     S3 buckets should not be world-listable extra73
-#     S3 buckets should not be world-writable extra73
-#     S3 buckets should not be world-readable extra73
-#     Ensure a log metric filter and alarm exist for S3 bucket policy changes check38
-#     Ensure a log metric exist for AWS Management console authentication failures check36
-#     Ensure a log metric exist for VPC changes check314
-
-# 3.11. Requirement 11: Regularly Test Security Systems and Processes
-
-#     Ensure AWS GuarDduty is enabled extra713
-#     Ensure Inspector has Assessment Targets
-#     Ensure Inspector has a Scheduled Assessment Template
-
-# Requirement 12: Maintain a Policy That Addresses Information Security For All Personnel
-
-# N/A

groups/group16_trustboundaries

@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[16]='trustboundaries'
-GROUP_NUMBER[16]='16.0'
-GROUP_TITLE[16]='Find cross-account trust boundaries - [trustboundaries] *******'
-GROUP_RUN_BY_DEFAULT[16]='N' # run it when execute_all is called
-GROUP_CHECKS[16]='extra789,extra790'
-
-# Single account environment: No action required. The AWS account number will be automatically added by the checks.
-# Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
-# GROUP_TRUSTBOUNDARIES_TRUSTED_ACCOUNT_IDS="1234567890 0987654321 6789012345"
-GROUP_TRUSTBOUNDARIES_TRUSTED_ACCOUNT_IDS=''

groups/group17_internetexposed

@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[17]='internet-exposed'
-GROUP_NUMBER[17]='17.0'
-GROUP_TITLE[17]='Find resources exposed to the internet - [internet-exposed] ***'
-GROUP_RUN_BY_DEFAULT[17]='N' # run it when execute_all is called
-GROUP_CHECKS[17]='check41,check42,check45,check46,extra72,extra73,extra74,extra76,extra77,extra78,extra79,extra710,extra711,extra716,extra723,extra727,extra731,extra736,extra738,extra745,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra770,extra771,extra778,extra779,extra787,extra788,extra795,extra796,extra798,extra7102,extra7134,extra7135,extra7136,extra7137,extra7138'
-
-# 4.1 [check41] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 22 (Scored)  [group4, cislevel1, cislevel2]
-# 4.2 [check42] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389 (Scored)  [group4, cislevel1, cislevel2]
-# 7.2 [extra72] Ensure there are no EBS Snapshots set as Public    [extras, forensics-ready, gdpr, hipaa, apigateway, rds]
-# 7.3 [extra73] Ensure there are no S3 buckets open to the Everyone or Any AWS user    [extras, gdpr, hipaa, rds]
-# 7.4 [extra74] Ensure there are no Security Groups without ingress filtering being used    [extras, gdpr, hipaa, secrets, apigateway, rds]
-# 7.6 [extra76] Ensure there are no EC2 AMIs set as Public    [extras, gdpr, secrets]
-# 7.7 [extra77] Ensure there are no ECR repositories set as Public    [group1, extras, secrets, elasticsearch]
-# 7.8 [extra78] Ensure there are no Public Accessible RDS instances    [extras, rds, elasticsearch, trustboundaries]
-# 7.9 [extra79] Check for internet facing Elastic Load Balancers    [extras, trustboundaries]
-# 7.10 [extra710] Check for internet facing EC2 Instances    [extras]
-# 7.11 [extra711] Check for Publicly Accessible Redshift Clusters    [extras]
-# 7.16 [extra716] Check if Amazon Elasticsearch Service (ES) domains are set as Public or if it has open policy access   [extras, elasticsearch]
-# 7.23 [extra723] Check if RDS Snapshots and Cluster Snapshots are public    [extras, rds]
-# 7.27 [extra727] Check if SQS queues have policy set as Public    [extras, gdpr]
-# 7.31 [extra731] Check if SNS topics have policy set as Public    [extras, gdpr]
-# 7.38 [extra738] Check if CloudFront distributions are set to HTTPS    [extras, gdpr]
-# 7.45 [extra745] Check if API Gateway endpoint is public or private    [extras, apigateway]
-# 7.48 [extra748] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port    [extras]
-# 7.49 [extra749] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483    [extras]
-# 7.50 [extra750] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306    [extras]
-# 7.51 [extra751] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432    [extras]
-# 7.52 [extra752] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379    [extras]
-# 7.53 [extra753] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018    [extras]
-# 7.54 [extra754] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888    [extras]
-# 7.55 [extra755] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211    [extras]
-# 7.70 [extra770] Check for internet facing EC2 instances with Instance Profiles attached    [extras]
-# 7.78 [extra778] Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918)    [extras]
-# 7.79 [extra779] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports   [extras, elasticsearch]
-# 7.87 [extra787] Check connection and authentication for Internet exposed Elasticsearch/Kibana ports   [extras, elasticsearch]
-# 7.88 [extra788] Check connection and authentication for Internet exposed Amazon Elasticsearch Service (ES) domains   [extras, elasticsearch]
-# 7.71 [extra771] Check if S3 buckets have policies which allow WRITE access    [extras]

groups/group18_iso27001

@@ -1,174 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[18]='iso27001'
-GROUP_NUMBER[18]='18.0'
-GROUP_TITLE[18]='ISO 27001:2013 Readiness - ONLY AS REFERENCE - [iso27001] *****'
-GROUP_RUN_BY_DEFAULT[18]='N' # run it when execute_all is called
-GROUP_CHECKS[18]='check11,check110,check111,check112,check113,check114,check115,check116,check119,check12,check122,check13,check14,check15,check16,check17,check18,check19,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,check44,extra71,extra710,extra7100,extra711,extra7113,extra7123,extra7125,extra7126,extra7128,extra7129,extra713,extra714,extra7130,extra718,extra719,extra72,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra731,extra73,extra731,extra735,extra739,extra74,extra741,extra747,extra748,extra75,extra757,extra758,extra759,extra76,extra760,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra77,extra771,extra772,extra774,extra776,extra777,extra778,extra78,extra789,extra79,extra790,extra792,extra793,extra794,extra795,extra796,extra798'
-
-# #	Category	Objective ID	Objective Name	Prowler check ID	Check Summary
-# 1		A.9 Access Control	A.9.2	User Access Management	check122	Ensure IAM policies that allow full "*:*" administrative privileges are not created.
-# 2		A.9 Access Control	A.9.2	User Access Management	check111	Ensure IAM password policy expires passwords within 90 days or less
-# 3		A.9 Access Control	A.9.2	User Access Management	check110	Ensure IAM password policy prevents password reuse
-# 4		A.9 Access Control	A.9.2	User Access Management	check19	Ensure IAM password policy requires minimum length of 14 or greater
-# 5		A.9 Access Control	A.9.2	User Access Management	check18	Ensure IAM password policy require at least one number
-# 6		A.9 Access Control	A.9.2	User Access Management	check17	Ensure IAM password policy require at least one symbol
-# 7		A.9 Access Control	A.9.2	User Access Management	check16	Ensure IAM password policy require at least one lowercase letter
-# 8		A.9 Access Control	A.9.2	User Access Management	check15	Ensure IAM password policy requires at least one uppercase letter
-# 9		A.9 Access Control	A.9.2	User Access Management	check11	Avoid the use of the 'root' account
-# 10	A.9 Access Control	A.9.2	User Access Management	check116	Ensure IAM policies are attached only to groups or roles
-# 11	A.9 Access Control	A.9.2	User Access Management	check12	Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
-# 12	A.9 Access Control	A.9.2	User Access Management	check114	Ensure MFA is enabled for the 'root' account
-# 13	A.9 Access Control	A.9.2	User Access Management	check115	 Ensure security questions are registered in the AWS account
-# 14	A.9 Access Control	A.9.2	User Access Management	check14	Ensure access keys are rotated every 90 days or less
-# 15	A.9 Access Control	A.9.2	User Access Management	check13	Ensure credentials unused for 90 days or greater are disabled
-# 16	A.9 Access Control	A.9.2	User Access Management	check112	Ensure no root account access key exists
-# 17	A.9 Access Control	A.9.2	User Access Management	check119	Ensure IAM instance roles are used for AWS resource access from instances
-# 18	A.9 Access Control	A.9.2	User Access Management	extra71	Ensure users of groups with AdministratorAccess policy have MFA tokens enabled
-# 19	A.9 Access Control	A.9.2	User Access Management	extra7100	Ensure that no custom policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *)
-# 20	A.9 Access Control	A.9.2	User Access Management	extra7123	Check if IAM users have two active access keys
-# 21	A.9 Access Control	A.9.2	User Access Management	extra7125	Check if IAM users have Hardware MFA enabled.
-# 22	A.9 Access Control	A.9.2	User Access Management	extra769	Check if IAM Access Analyzer is enabled and its findings
-# 23	A.9 Access Control	A.9.2	User Access Management	extra774	Ensure credentials unused for 30 days or greater are disabled.
-# 24	A.9 Access Control	A.9.3	User Responsibilities	check111	Ensure IAM password policy expires passwords within 90 days or less
-# 25	A.9 Access Control	A.9.3	User Responsibilities	check110	Ensure IAM password policy prevents password reuse
-# 26	A.9 Access Control	A.9.3	User Responsibilities	check19	Ensure IAM password policy requires minimum length of 14 or greater
-# 27	A.9 Access Control	A.9.3	User Responsibilities	check18	Ensure IAM password policy require at least one number
-# 28	A.9 Access Control	A.9.3	User Responsibilities	check17	Ensure IAM password policy require at least one symbol
-# 29	A.9 Access Control	A.9.3	User Responsibilities	check16	Ensure IAM password policy require at least one lowercase letter
-# 30	A.9 Access Control	A.9.3	User Responsibilities	check15	Ensure IAM password policy requires at least one uppercase letter
-# 31	A.9 Access Control	A.9.3	User Responsibilities	check12	Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
-# 32	A.9 Access Control	A.9.3	User Responsibilities	check14	Ensure access keys are rotated every 90 days or less
-# 33	A.9 Access Control	A.9.3	User Responsibilities	check13	Ensure credentials unused for 90 days or greater are disabled
-# 34	A.9 Access Control	A.9.4	System and Application Access Control	check122	Ensure IAM policies that allow full "*:*" administrative privileges are not created.
-# 35	A.9 Access Control	A.9.4	System and Application Access Control	check111	Ensure IAM password policy expires passwords within 90 days or less
-# 36	A.9 Access Control	A.9.4	System and Application Access Control	check110	Ensure IAM password policy prevents password reuse
-# 37	A.9 Access Control	A.9.4	System and Application Access Control	check19	Ensure IAM password policy requires minimum length of 14 or greater
-# 38	A.9 Access Control	A.9.4	System and Application Access Control	check18	Ensure IAM password policy require at least one number
-# 39	A.9 Access Control	A.9.4	System and Application Access Control	check17	Ensure IAM password policy require at least one symbol
-# 40	A.9 Access Control	A.9.4	System and Application Access Control	check16	Ensure IAM password policy require at least one lowercase letter
-# 41	A.9 Access Control	A.9.4	System and Application Access Control	check15	Ensure IAM password policy requires at least one uppercase letter
-# 42	A.9 Access Control	A.9.4	System and Application Access Control	check11	Avoid the use of the 'root' account
-# 43	A.9 Access Control	A.9.4	System and Application Access Control	check116	Ensure IAM policies are attached only to groups or roles
-# 44	A.9 Access Control	A.9.4	System and Application Access Control	check12	Ensure multi-factor authentication (MFA) is enabled for all IAM users that have console access
-# 45	A.9 Access Control	A.9.4	System and Application Access Control	check113	Ensure MFA is enabled for the 'root' account
-# 46	A.9 Access Control	A.9.4	System and Application Access Control	check14	Ensure access keys are rotated every 90 days or less
-# 47	A.9 Access Control	A.9.4	System and Application Access Control	check13	Ensure credentials unused for 90 days or greater are disabled
-# 48	A.9 Access Control	A.9.4	System and Application Access Control	check112	Ensure no root account access key exists
-# 55    A.9 Access Control	A.9.4	System and Application Access Control	extra711	Check if Redshift cluster is Public Accessible
-# 49	A.9 Access Control	A.9.4	System and Application Access Control	extra7113	Check if RDS instances have deletion protection enabled
-# 50	A.9 Access Control	A.9.4	System and Application Access Control	extra72	Ensure there are no EBS Snapshots set as Public
-# 51	A.9 Access Control	A.9.4	System and Application Access Control	extra723	Check if RDS Snapshots and Cluster Snapshots are public
-# 52    A.9 Access Control	A.9.4	System and Application Access Control	extra727	Check if SQS queues have policy set as Public
-# 53    A.9 Access Control	A.9.4	System and Application Access Control	extra73	Ensure there are no S3 buckets open to Everyone or Any AWS user
-# 54    A.9 Access Control	A.9.4	System and Application Access Control	extra731	Check if SNS topics have policy set as Public
-# 56    A.9 Access Control	A.9.4	System and Application Access Control	extra76	Ensure there are no EC2 AMIs set as Public
-# 57    A.9 Access Control	A.9.4	System and Application Access Control	extra77 Ensure there are no ECR repositories set as Public
-# 58    A.9 Access Control	A.9.4	System and Application Access Control	extra771 Check if S3 buckets have policies which allow WRITE access
-# 59    A.9 Access Control	A.9.4	System and Application Access Control	extra795 Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled
-# 60    A.9 Access Control	A.9.4	System and Application Access Control	extra796 Restrict Access to the EKS Control Plane Endpoint
-# 61	A.10 Cryptography	A.10.1	Cryptographic Controls	extra735	Setup Encryption at rest for RDS instances
-# 62	A.10 Cryptography	A.10.1	Cryptographic Controls	extra792	Check if Elastic Load Balancers have insecure SSL ciphers
-# 63	A.10 Cryptography	A.10.1	Cryptographic Controls	check37	Detect Customer Master Keys (CMKs) scheduled for deletion
-# 64	A.10 Cryptography	A.10.1	Cryptographic Controls	check27	Ensure CloudTrail logs are encrypted at rest using KMS CMKs
-# 65	A.10 Cryptography	A.10.1	Cryptographic Controls	check28	Ensure rotation for customer created KMS CMKs is enabled
-# 66	A.10 Cryptography	A.10.1	Cryptographic Controls	extra7126	Check if there are CMK KMS keys not used
-# 67	A.10 Cryptography	A.10.1	Cryptographic Controls	extra7128	Check if DynamoDB table has encryption at rest enabled using CMK KMS
-# 68	A.10 Cryptography	A.10.1	Cryptographic Controls	extra7130	Ensure there are no SNS Topics unencrypted
-# 69	A.10 Cryptography	A.10.1	Cryptographic Controls	extra724	Check if ACM certificates have Certificate Transparency logging enabled
-# 70	A.10 Cryptography	A.10.1	Cryptographic Controls	extra728	Check if SQS queues have Server Side Encryption enabled
-# 71	A.10 Cryptography	A.10.1	Cryptographic Controls	extra729	Ensure there are no EBS Volumes unencrypted
-# 72	A.10 Cryptography	A.10.1	Cryptographic Controls	extra761	Check if EBS Default Encryption is activated
-# 73	A.10 Cryptography	A.10.1	Cryptographic Controls	extra764	Check if S3 buckets have secure transport policy
-# 74	A.10 Cryptography	A.10.1	Cryptographic Controls	extra767	Check if CloudFront distributions have Field Level Encryption enabled
-# 75	A.10 Cryptography	A.10.1	Cryptographic Controls	extra791	Check if CloudFront distributions are using deprecated SSL protocols
-# 76	A.10 Cryptography	A.10.1	Cryptographic Controls	extra793	Check if Elastic Load Balancers have SSL listeners
-# 77	A.12 Operations Security	A.12.3	Information Backup	extra739	Check if RDS instances have backup enabled
-# 78	A.12 Operations Security	A.12.4	Logging and Monitoring	check314	Ensure a log metric filter and alarm exist for VPC changes
-# 79	A.12 Operations Security	A.12.4	Logging and Monitoring	check313	Ensure a log metric filter and alarm exist for route table changes
-# 80	A.12 Operations Security	A.12.4	Logging and Monitoring	check312	Ensure a log metric filter and alarm exist for changes to network gateways
-# 81	A.12 Operations Security	A.12.4	Logging and Monitoring	check311	Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)
-# 82	A.12 Operations Security	A.12.4	Logging and Monitoring	check310	Ensure a log metric filter and alarm exist for security group changes
-# 83	A.12 Operations Security	A.12.4	Logging and Monitoring	check39	Ensure a log metric filter and alarm exist for AWS Config configuration changes
-# 84	A.12 Operations Security	A.12.4	Logging and Monitoring	check39	Check if CloudFront distributions have logging enabled
-# 85	A.12 Operations Security	A.12.4	Logging and Monitoring	extra719	Check if Route53 public hosted zones are logging queries to CloudWatch Logs
-# 86	A.12 Operations Security	A.12.4	Logging and Monitoring	extra720	 Check if Lambda functions invoke API operations are being recorded by CloudTrail 
-# 87	A.12 Operations Security	A.12.4	Logging and Monitoring	extra722	 Check if API Gateway has logging enabled
-# 88	A.12 Operations Security	A.12.4	Logging and Monitoring	check38	Ensure a log metric filter and alarm exist for S3 bucket policy changes
-# 89	A.12 Operations Security	A.12.4	Logging and Monitoring	check37	Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
-# 90	A.12 Operations Security	A.12.4	Logging and Monitoring	check36	Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
-# 91	A.12 Operations Security	A.12.4	Logging and Monitoring	check35	Ensure a log metric filter and alarm exist for CloudTrail configuration changes
-# 92	A.12 Operations Security	A.12.4	Logging and Monitoring	check34	Ensure a log metric filter and alarm exist for IAM policy changes
-# 93	A.12 Operations Security	A.12.4	Logging and Monitoring	check33	Ensure a log metric filter and alarm exist for usage of "root" account
-# 94	A.12 Operations Security	A.12.4	Logging and Monitoring	check32	Ensure a log metric filter and alarm exist for Management Console sign-in without MFA
-# 95	A.12 Operations Security	A.12.4	Logging and Monitoring	check31	Ensure a log metric filter and alarm exist for unauthorized API calls
-# 96	A.12 Operations Security	A.12.4	Logging and Monitoring	check26	Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
-# 97	A.12 Operations Security	A.12.4	Logging and Monitoring	check25	Ensure AWS Config is enabled in all regions
-# 98	A.12 Operations Security	A.12.4	Logging and Monitoring	check24	Ensure CloudTrail trails are integrated with CloudWatch Logs
-# 99	A.12 Operations Security	A.12.4	Logging and Monitoring	check29	Ensure VPC flow logging is enabled in all VPCs
-#100 	A.12 Operations Security	A.12.4	Logging and Monitoring	check23	Ensure the S3 bucket CloudTrail logs to is not publicly accessible
-#101	A.12 Operations Security	A.12.4	Logging and Monitoring	check21	Ensure CloudTrail is enabled in all regions
-#102	A.12 Operations Security	A.12.4	Logging and Monitoring	check21	Ensure CloudTrail is enabled in all regions
-#103	A.12 Operations Security	A.12.4	Logging and Monitoring	extra725	Check if S3 buckets have Object-level logging enabled in CloudTrail
-#104	A.12 Operations Security	A.12.4	Logging and Monitoring	extra794	Ensure EKS Control Plane Audit Logging is enabled for all log types
-#105	A.12 Operations Security	A.12.4	Logging and Monitoring	extra747	Check if RDS instances is integrated with CloudWatch Logs
-#106	A.12 Operations Security	A.12.4	Logging and Monitoring	extra718	Check if S3 buckets have server access logging enabled
-#107	A.12 Operations Security	A.12.6	Technical Vulnerability Management	check43	Ensure the default security group of every VPC restricts all traffic
-#108	A.12 Operations Security	A.12.6	Technical Vulnerability Management	check42	Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
-#109	A.12 Operations Security	A.12.6	Technical Vulnerability Management	check41	Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
-#110	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra76	Check for publicly shared AMIs
-#111	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra72	Ensure EBS snapshots are not publicly accessible
-#112	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra731	Ensure SNS topics do not allow global send or subscribe
-#113	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra711	Ensure Redshift clusters do not have a public endpoint
-#114	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra723	Ensure RDS snapshots are not publicly accessible
-#115	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra78	Ensure RDS instances are not accessible to the world.
-#116	A.12 Operations Security	A.12.6	Technical Vulnerability Management	check23	Ensure the S3 bucket CloudTrail logs to is not publicly accessible
-#117	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra713	Check if GuardDuty is enabled
-#118	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra726	Check Trusted Advisor for errors and warnings
-#119	A.12 Operations Security	A.12.6	Technical Vulnerability Management	extra776	Check if ECR image scan found vulnerabilities in the newest image version 
-#120	A.13 Communications Security	A.13.1	Network Security Management	check43	Ensure the default security group of every VPC restricts all traffic
-#121	A.13 Communications Security	A.13.1	Network Security Management	check42	Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
-#122	A.13 Communications Security	A.13.1	Network Security Management	check41	Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
-#123	A.13 Communications Security	A.13.1	Network Security Management	extra72	Ensure EBS snapshots are not publicly accessible
-#124	A.13 Communications Security	A.13.1	Network Security Management	extra731	Ensure SNS topics do not allow global send or subscribe
-#125	A.13 Communications Security	A.13.1	Network Security Management	extra711	Ensure Redshift clusters do not have a public endpoint
-#126	A.13 Communications Security	A.13.1	Network Security Management	extra723	Ensure RDS snapshots are not publicly accessible
-#127	A.13 Communications Security	A.13.1	Network Security Management	extra78	Ensure RDS instances are not accessible to the world.
-#128	A.13 Communications Security	A.13.1	Network Security Management	extra798	Ensure Lambda Functions are not publicly accessible
-#129	A.13 Communications Security	A.13.1	Network Security Management	check44	Ensure routing tables for VPC peering are \"least access\"
-#130	A.13 Communications Security	A.13.1	Network Security Management	extra710	Check for internet facing EC2 Instances
-#131	A.13 Communications Security	A.13.1	Network Security Management	extra711	Check for Publicly Accessible Redshift Clusters
-#132	A.13 Communications Security	A.13.1	Network Security Management	extra748	Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port
-#133	A.13 Communications Security	A.13.1	Network Security Management	extra7129	Check if Application Load Balancer has a WAF ACL attached
-#134	A.13 Communications Security	A.13.1	Network Security Management	extra74	Ensure there are no Security Groups without ingress filtering being used
-#135	A.13 Communications Security	A.13.1	Network Security Management	extra777	Find VPC security groups with many ingress or egress rules
-#136	A.13 Communications Security	A.13.1	Network Security Management	extra778	Find VPC security groups with wide-open public IPv4 CIDR ranges (non-RFC1918)
-#137	A.13 Communications Security	A.13.1	Network Security Management	extra789	Find trust boundaries in VPC endpoint services connections
-#138	A.13 Communications Security	A.13.1	Network Security Management	extra79	Check for internet facing Elastic Load Balancers
-#139	A.13 Communications Security	A.13.1	Network Security Management	extra790	Find trust boundaries in VPC endpoint services allowlisted principles
-#140	A.13 Communications Security	A.13.1	Network Security Management	extra78	Ensure there are no Public Accessible RDS instances
-#141    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra731 Check if SNS topics have policy set as Public
-#142    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra741 Find secrets in EC2 User Data
-#143    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra75 Ensure there are no Security Groups not being used
-#144    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra757 Check EC2 Instances older than 6 months
-#145    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra758 Check EC2 Instances older than 12 months
-#146    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra759 Find secrets in Lambda functions variables
-#147    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra760 Find secrets in Lambda functions code
-#148    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra762 Find obsolete Lambda runtimes
-#149    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra765 Check if ECR image scan on push is enabled
-#150    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra768 Find secrets in ECS task definitions variables
-#151    A.14 System acquisition, dev & maintenance A.14.2 Security in Dev & Support	extra772 Check if elastic IPs are unused
-#152    A.18 Compliance	A.18.1	Compliance with Legal and Regulatory Reqs	check22 Ensure CloudTrail log file validation is enabled
-#153    A.18 Compliance	A.18.1	Compliance with Legal and Regulatory Reqs	extra721 Check if Redshift cluster has audit logging enabled
-#154    A.18 Compliance	A.18.1	Compliance with Legal and Regulatory Reqs	extra763 Check if S3 buckets have object versioning enabled

groups/group19_eks-cis

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[19]='eks-cis'
-GROUP_NUMBER[19]='19.0'
-GROUP_TITLE[19]='CIS EKS Benchmark - [eks-cis] *********************************'
-GROUP_RUN_BY_DEFAULT[19]='N' # run it when execute_all is called
-GROUP_CHECKS[19]='extra765,extra794,extra795,extra796,extra797'

groups/group1_iam

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[1]='group1'
-GROUP_NUMBER[1]='1.0'
-GROUP_TITLE[1]='Identity and Access Management - CIS only - [group1] ***********'
-GROUP_RUN_BY_DEFAULT[1]='Y' # run it when execute_all is called
-GROUP_CHECKS[1]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check111,check112,check113,check114,check115,check116,check117,check118,check119,check120,check121,check122'

groups/group20_ffiec

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[20]='ffiec'
-GROUP_NUMBER[20]='20.0'
-GROUP_TITLE[20]='FFIEC Cybersecurity Readiness - ONLY AS REFERENCE - [ffiec] ***'
-GROUP_RUN_BY_DEFAULT[20]='N' # run it when execute_all is called
-GROUP_CHECKS[20]='check11,check12,check13,check14,check16,check18,check19,check21,check23,check25,check29,check29,check31,check32,check33,check34,check35,check36,check37,check37,check38,check39,check41,check42,check43,check110,check112,check113,check116,check310,check311,check312,check313,check314,extra72,extra76,extra78,extra711,extra723,extra729,extra731,extra734,extra735,extra763,extra792'
-
-# References:
-# 1. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017.pdf
-# 2. https://ithandbook.ffiec.gov/media/274793/ffiec_itbooklet_informationsecurity.pdf

groups/group21_soc2

@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[21]='soc2'
-GROUP_NUMBER[21]='21.0'
-GROUP_TITLE[21]='SOC2 Readiness - ONLY AS REFERENCE - [soc2] *******************'
-GROUP_RUN_BY_DEFAULT[21]='N' # run it when execute_all is called
-GROUP_CHECKS[21]='check110,check111,check113,check12,check122,check13,check15,check16,check17,check18,check19,check21,check31,check310,check32,check33,check34,check35,check36,check37,check38,check39,check41,check42,check43,extra711,extra72,extra723,extra729,extra731,extra734,extra735,extra739,extra76,extra78,extra792'
-
-# References:
-# 1. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf
-# 2. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/mappingsrelevanttothesocsuiteofservices.html
-# 3. https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/mapping-final-2017-tsc-to-extant-2016-tspc.xlsx

groups/group22_sagemaker

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2222) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[22]='sagemaker'
-GROUP_NUMBER[22]='22.0'
-GROUP_TITLE[22]='Amazon SageMaker related security checks - [sagemaker] ********'
-GROUP_RUN_BY_DEFAULT[22]='N' # run it when execute_all is called
-GROUP_CHECKS[22]='extra7103,extra7104,extra7111,extra7112,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110'
-

groups/group23_ens

@@ -1,83 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[23]='ens'
-GROUP_NUMBER[23]='23.0'
-GROUP_TITLE[23]='ENS Esquema Nacional de Seguridad security checks - [ens] *****'
-GROUP_RUN_BY_DEFAULT[23]='N' # run it when execute_all is called
-GROUP_CHECKS[23]='extra733,extra7123,check13,check14,check121,extra7100,check120,check116,extra7124,check12,extra7125,check14,check13,check21,check25,extra7127,check35,check24,check31,check36,check32,check33,check34,check22,extra71,check23,check23,check27,check37,extra736,check28,extra713,check21,check29,extra793,extra792,extra764,extra738,check43,extra74,extra710,extra75,check41,check42,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra7128,extra729,extra761,extra740,extra735,extra734,extra728,extra781,extra773,extra744,extra7126,extra7129'
-
-# ENS Control ID for AWS;Prowler checks that apply
-# ens-op.acc.1.aws.iam.1;extra733
-# ens-op.acc.1.aws.iam.2;extra7123
-# ens-op.acc.1.aws.iam.3;check13
-# ens-op.acc.1.aws.iam.4;check14
-# ens-op.acc.1.aws.iam.5;check121
-# ens-op.acc.2.aws.iam.1;extra7100
-# ens-op.acc.1.aws.iam.4;check120
-# ens-op.acc.3.aws.iam.1;check116
-# ens-op.acc.4.aws.sys.1;extra7124
-# ens-op.acc.5.aws.iam.1;check12
-# ens-op.acc.5.aws.iam.2;extra7125
-# ens-op.acc.5.aws.iam.3;check14
-# ens-op.acc.5.aws.iam.4;check13
-# ens-op.acc.7.aws.iam.1;check21
-# ens-op.exp.1.aws.cfg.1;check25
-# ens-op.exp.1.aws.sys.1;extra7127
-# ens-op.exp.4.aws.sys.1;extra7127
-# ens-op.exp.8.aws.trail.1;check35
-# ens-op.exp.8.aws.cw.1;check24
-# ens-op.exp.8.aws.trail.2;check31
-# ens-op.exp.8.aws.trail.3;check36
-# ens-op.exp.8.aws.trail.4;check32
-# ens-op.exp.8.aws.trail.5;check33
-# ens-op.exp.8.aws.trail.6;check34
-# ens-op.exp.10.aws.trail.1;check22
-# ens-op.exp.10.aws.trail.2;extra71
-# ens-op.exp.10.aws.trail.3;check23
-# ens-op.exp.10.aws.trail.4;check23
-# ens-op.exp.10.aws.trail.5;check27
-# ens-op.exp.11.aws.kms.1;check37
-# ens-op.exp.11.aws.kms.2;extra736*
-# ens-op.exp.11.aws.kms.3;check28
-# ens-op.mon.1.aws.duty.1;extra713
-# ens-op.mon.1.aws.trail.1;check21
-# ens-op.mon.1.aws.flow.1;check29
-# ens-mp.com.2.aws.elb.1;extra793
-# ens-mp.com.2.aws.elb.2;extra792
-# ens-mp.com.2.aws.s3.1;extra764
-# ens-mp.com.2.aws.front.1;extra738
-# ens-mp.com.4.aws.sg.1;check43
-# ens-mp.com.4.aws.sg.2;extra74
-# ens-mp.com.4.aws.vpc.1;extra710
-# ens-mp.com.4.aws.sg.3;extra75
-# ens-mp.com.4.aws.sg.4;check41
-# ens-mp.com.4.aws.sg.5;check42
-# ens-mp.com.4.aws.sg.6;extra749
-# ens-mp.com.4.aws.sg.7;extra750
-# ens-mp.com.4.aws.sg.8;extra751
-# ens-mp.com.4.aws.sg.9;extra752
-# ens-mp.com.4.aws.sg.10;extra753
-# ens-mp.com.4.aws.sg.11;extra754
-# ens-mp.com.4.aws.sg.12;extra755
-# ens-mp.info.3.aws.dyndb.1;extra7128
-# ens-mp.info.3.aws.ebs.1;extra729
-# ens-mp.info.3.aws.ebs.2;extra761
-# ens-mp.info.3.aws.ebs.3;extra740
-# ens-mp.info.3.aws.rds.1;extra735
-# ens-mp.info.3.s3.1;extra734
-# ens-mp.info.3.sns.1;extra728
-# ens-mp.info.3.aws.au.1;extra781
-# ens-mp.s.2.aws.waf.1;extra773
-# ens-mp.s.2.aws.waf.2;extra744
-# ens-mp.s.2.aws.waf.3;extra7129

groups/group24_glue

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2020) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[24]='glue'
-GROUP_NUMBER[24]='24.0'
-GROUP_TITLE[24]='Amazon Glue related security checks - [glue] ******************'
-GROUP_RUN_BY_DEFAULT[24]='N' # run it when execute_all is called
-GROUP_CHECKS[24]='extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122'

groups/group25_FTR

@@ -1,46 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[25]='ftr'
-GROUP_NUMBER[25]='25.0'
-GROUP_TITLE[25]='Amazon FTR related security checks - [ftr] ********************'
-GROUP_RUN_BY_DEFAULT[25]='N' # run it when execute_all is called
-GROUP_CHECKS[25]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check111,check111,check112,check113,check117,check118,check122,check21,check22,extra759,extra760,extra768,extra775,extra797,extra7141,extra73'
-
-# Checks from AWS FTR https://apn-checklists.s3.amazonaws.com/foundational/partner-hosted/partner-hosted/CVLHEC5X7.html
-# 1.1 [check11] Avoid the use of the root account - iam [High]
-# 1.2 [check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - iam [High]
-# 1.3 [check13] Ensure credentials unused for 90 days or greater are disabled - iam [Medium]
-# 1.4 [check14] Ensure access keys are rotated every 90 days or less - iam [Medium]
-# 1.5 [check15] Ensure IAM password policy requires at least one uppercase letter - iam [Medium]
-# 1.6 [check16] Ensure IAM password policy require at least one lowercase letter - iam [Medium]
-# 1.7 [check17] Ensure IAM password policy require at least one symbol - iam [Medium]
-# 1.8 [check18] Ensure IAM password policy require at least one number - iam [Medium]
-# 1.9 [check19] Ensure IAM password policy requires minimum length of 14 or greater - iam [Medium]
-# 1.10 [check110] Ensure IAM password policy prevents password reuse: 24 or greater - iam [Medium]
-# 1.11 [check111] Ensure IAM password policy expires passwords within 90 days or less - iam [Medium]
-# 1.12 [check112] Ensure no root account access key exists - iam [Critical]
-# 1.13 [check113] Ensure MFA is enabled for the root account - iam [Critical]
-# 1.17 [check117] Maintain current contact details - support [Medium]
-# 1.18 [check118] Ensure security contact information is registered - support [Medium]
-# 1.22 [check122] Ensure IAM policies that allow full "*:*" administrative privileges are not created - iam [Medium]
-# 2.1 [check21] Ensure CloudTrail is enabled in all regions - cloudtrail [High]
-# 2.2 [check22] Ensure CloudTrail log file validation is enabled - cloudtrail [Medium]
-# 7.59 [extra759] Find secrets in Lambda functions variables  - lambda [Critical]
-# 7.60 [extra760] Find secrets in Lambda functions code  - lambda [Critical]
-# 7.68 [extra768] Find secrets in ECS task definitions variables  - ecs [Critical]
-# 7.75 [extra775] Find secrets in EC2 Auto Scaling Launch Configuration  - autoscaling [Critical]
-# 7.97 [extra797] Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) - eks [Medium]
-# 7.141 [extra7141] Find secrets in SSM Documents - ssm [Critical]
-# 7.3 [extra73] Ensure there are no S3 buckets open to Everyone or Any AWS user - s3 [Critical]
-

groups/group2_logging

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[2]='group2'
-GROUP_NUMBER[2]='2.0'
-GROUP_TITLE[2]='Logging - CIS only - [group2] **********************************'
-GROUP_RUN_BY_DEFAULT[2]='Y' # run it when execute_all is called
-GROUP_CHECKS[2]='check21,check22,check23,check24,check25,check26,check27,check28,check29'

groups/group3_monitoring

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[3]='group3'
-GROUP_NUMBER[3]='3.0'
-GROUP_TITLE[3]='Monitoring - CIS only - [group3] *******************************'
-GROUP_RUN_BY_DEFAULT[3]='Y' # run it when execute_all is called
-GROUP_CHECKS[3]='check31,check32,check33,check34,check35,check36,check37,check38,check39,check310,check311,check312,check313,check314'

groups/group4_networking

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[4]='group4'
-GROUP_NUMBER[4]='4.0'
-GROUP_TITLE[4]='Networking - CIS only - [group4] *******************************'
-GROUP_RUN_BY_DEFAULT[4]='Y' # run it when execute_all is called
-GROUP_CHECKS[4]='check41,check42,check43,check44,check45,check46'

groups/group5_cislevel1

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[5]='cislevel1'
-GROUP_NUMBER[5]='5.0'
-GROUP_TITLE[5]='CIS Level 1 - CIS only - [cislevel1] ***************************'
-GROUP_RUN_BY_DEFAULT[5]='N' # run it when execute_all is called
-GROUP_CHECKS[5]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check111,check112,check113,check115,check116,check117,check118,check119,check120,check122,check21,check23,check24,check25,check26,check31,check32,check33,check34,check35,check38,check312,check313,check314,check41,check42'

groups/group6_cislevel2

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (c) by Toni de la Fuente
-#
-# This Prowler check is licensed under a
-# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-#
-# You should have received a copy of the license along with this
-# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
-
-GROUP_ID[6]='cislevel2'
-GROUP_NUMBER[6]='6.0'
-GROUP_TITLE[6]='CIS Level 2 - CIS only - [cislevel2] ***************************'
-GROUP_RUN_BY_DEFAULT[6]='N' # run it when execute_all is called
-GROUP_CHECKS[6]='check11,check12,check13,check14,check15,check16,check17,check18,check19,check110,check111,check112,check113,check114,check115,check116,check117,check118,check119,check120,check121,check122,check21,check22,check23,check24,check25,check26,check27,check28,check29,check31,check32,check33,check34,check35,check36,check37,check38,check39,check310,check311,check312,check313,check314,check41,check42,check43,check44'

groups/group7_extras

@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[7]='extras'
-GROUP_NUMBER[7]='7.0'
-GROUP_TITLE[7]='Extras - all non CIS specific checks - [extras] ****************'
-GROUP_RUN_BY_DEFAULT[7]='Y' # run it when execute_all is called
-GROUP_CHECKS[7]='extra71,extra72,extra73,extra74,extra75,extra76,extra77,extra78,extra79,extra710,extra711,extra712,extra713,extra714,extra715,extra716,extra717,extra718,extra719,extra720,extra721,extra722,extra723,extra724,extra725,extra726,extra727,extra728,extra729,extra730,extra731,extra732,extra733,extra734,extra735,extra736,extra738,extra739,extra740,extra741,extra742,extra743,extra744,extra745,extra746,extra747,extra748,extra749,extra750,extra751,extra752,extra753,extra754,extra755,extra757,extra758,extra761,extra762,extra763,extra764,extra765,extra767,extra768,extra769,extra770,extra771,extra772,extra773,extra774,extra775,extra776,extra777,extra778,extra779,extra780,extra781,extra782,extra783,extra784,extra785,extra786,extra787,extra788,extra791,extra792,extra793,extra794,extra795,extra796,extra797,extra798,extra799,extra7100,extra7101,extra7102,extra7103,extra7104,extra7105,extra7106,extra7107,extra7108,extra7109,extra7110,extra7111,extra7112,extra7113,extra7114,extra7115,extra7116,extra7117,extra7118,extra7119,extra7120,extra7121,extra7122,extra7123,extra7124,extra7125,extra7126,extra7127,extra7128,extra7129,extra7130,extra7131,extra7132,extra7133,extra7134,extra7135,extra7136,extra7137,extra7138,extra7139,extra7140,extra7141,extra7142,extra7143,extra7144,extra7145,extra7146,extra7147,extra7148,extra7149,extra7150,extra7151,extra7152,extra7153,extra7154,extra7155,extra7156,extra7157,extra7158,extra7159,extra7160,extra7161,extra7162,extra7163,extra7164,extra7165,extra7166,extra7167,extra7168,extra7169,extra7170,extra7171,extra7172,extra7173,extra7174,extra7175,extra7176,extra7177,extra7178,extra7179,extra7180'
-
-# Extras 759 and 760 (lambda variables and code secrets finder are not included)
-# to run detect-secrets use `./prowler -g secrets`
-
-# Extras 789 and 790 VPC trust boundaries are not included by default in Extras
-# to run trust-boundaries use `./prowler -g trustboundaries`
-# read more in https://github.com/toniblyx/prowler/#trust-boundaries-checks

groups/group8_forensics

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[8]='forensics-ready'
-GROUP_NUMBER[8]='8.0'
-GROUP_TITLE[8]='Forensics Readiness - [forensics-ready] ************************'
-GROUP_RUN_BY_DEFAULT[8]='N' # run it when execute_all is called
-GROUP_CHECKS[8]='check21,check22,check23,check24,check25,check26,check27,check29,extra712,extra713,extra714,extra715,extra717,extra718,extra719,extra720,extra721,extra722,extra725,extra7101,extra794'

groups/group9_gdpr

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[9]='gdpr'
-GROUP_NUMBER[9]='9.0'
-GROUP_TITLE[9]='GDPR Readiness - ONLY AS REFERENCE - [gdpr] ********************'
-GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called
-GROUP_CHECKS[9]='extra718,extra725,extra727,check12,check113,check114,extra71,extra731,extra732,extra733,check25,check39,check21,check22,check23,check24,check26,check27,check35,extra726,extra714,extra715,extra717,extra719,extra720,extra721,extra722,check43,check25,extra714,extra729,extra734,extra735,extra736,extra738,extra740,extra761,check11,check110,check111,check112,check116,check120,check122,check13,check14,check15,check16,check17,check18,check19,check28,check29,check31,check310,check311,check312,check313,check314,check32,check33,check34,check36,check37,check38,check41,check42,extra711,extra72,extra723,extra730,extra739,extra76,extra763,extra778,extra78,extra792,extra798'
-
-# Resources:
-# https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf
-# https://www.slideshare.net/AmazonWebServices/sid303-navigating-gdpr-compliance-on-aws
-# https://aws.amazon.com/compliance/gdpr-center/
-# https://eur-lex.europa.eu/eli/reg/2016/679/2016-05-04

groups/groupN_sample

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy
-# of the License at http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software distributed
-# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-# CONDITIONS OF ANY KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations under the License.
-
-GROUP_ID[9]='my-custom-group'
-GROUP_NUMBER[9]='9.0'
-GROUP_TITLE[9]='My Custom Group - [my-custom-group] ****************************'
-GROUP_RUN_BY_DEFAULT[9]='N' # run it when execute_all is called
-GROUP_CHECKS[9]='checkNN,checkMM'

permissions/create_role_to_assume_cfn.yaml

@@ -7,7 +7,7 @@ AWSTemplateFormatVersion: '2010-09-09'
 #  --stack-name "ProwlerExecRole" \
 #  --parameters "ParameterKey=AuthorisedARN,ParameterValue=arn:aws:iam::123456789012:root"
 #
-Description: | 
+Description: |
   This template creates an AWS IAM Role with an inline policy and two AWS managed policies
   attached. It sets the trust policy on that IAM Role to permit a named ARN in another AWS
   account to assume that role. The role name and the ARN of the trusted user can all be passed
@@ -48,7 +48,7 @@ Resources:
         - 'arn:aws:iam::aws:policy/SecurityAudit'
         - 'arn:aws:iam::aws:policy/job-function/ViewOnlyAccess'
       RoleName: !Sub ${ProwlerRoleName}
-      Policies: 
+      Policies:
         - PolicyName: ProwlerExecRoleAdditionalViewPrivileges
           PolicyDocument:
             Version : '2012-10-17'

permissions/prowler-additions-policy.json

@@ -1,26 +1,26 @@
 {
-    "Version": "2012-10-17",
+  "Version": "2012-10-17",
-    "Statement": [
+  "Statement": [
-        {
+    {
-            "Action": [
+      "Action": [
-                "ds:ListAuthorizedApplications",
+        "ds:ListAuthorizedApplications",
-                "ec2:GetEbsEncryptionByDefault",
+        "ec2:GetEbsEncryptionByDefault",
-                "ecr:Describe*",
+        "ecr:Describe*",
-                "elasticfilesystem:DescribeBackupPolicy",
+        "elasticfilesystem:DescribeBackupPolicy",
-                "glue:GetConnections",
+        "glue:GetConnections",
-                "glue:GetSecurityConfiguration",
+        "glue:GetSecurityConfiguration",
-                "glue:SearchTables",
+        "glue:SearchTables",
-                "lambda:GetFunction",
+        "lambda:GetFunction",
-                "s3:GetAccountPublicAccessBlock",
+        "s3:GetAccountPublicAccessBlock",
-                "shield:DescribeProtection",
+        "shield:DescribeProtection",
-                "shield:GetSubscriptionState",
+        "shield:GetSubscriptionState",
-                "ssm:GetDocument",
+        "ssm:GetDocument",
-                "support:Describe*",
+        "support:Describe*",
-                "tag:GetTagKeys"
+        "tag:GetTagKeys"
-            ],
+      ],
-            "Resource": "*",
+      "Resource": "*",
-            "Effect": "Allow",
+      "Effect": "Allow",
-            "Sid": "AllowMoreReadForProwler"
+      "Sid": "AllowMoreReadForProwler"
-        }
+    }
-    ]
+  ]
 }

permissions/prowler-security-hub.json

@@ -1,13 +1,13 @@
 {
-    "Version": "2012-10-17",
+  "Version": "2012-10-17",
-    "Statement": [
+  "Statement": [
-        {
+    {
-            "Action": [
+      "Action": [
-                "securityhub:BatchImportFindings",
+        "securityhub:BatchImportFindings",
-                "securityhub:GetFindings"
+        "securityhub:GetFindings"
-            ],
+      ],
-            "Effect": "Allow",
+      "Effect": "Allow",
-            "Resource": "*"
+      "Resource": "*"
-        }
+    }
-    ]
+  ]
 }

providers/aws/services/accessanalyzer/accessanalyzer_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.accessanalyzer.accessanalyzer_service import AccessAnalyzer
-
-accessanalyzer_client = AccessAnalyzer(current_audit_info)

providers/aws/services/account/account_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.account.account_service import Account
-
-account_client = Account(current_audit_info)

providers/aws/services/acm/acm_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.acm.acm_service import ACM
-
-acm_client = ACM(current_audit_info)

providers/aws/services/apigateway/apigateway_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.apigateway.apigateway_service import APIGateway
-
-apigateway_client = APIGateway(current_audit_info)

providers/aws/services/apigatewayv2/apigatewayv2_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.apigatewayv2.apigatewayv2_service import ApiGatewayV2
-
-apigatewayv2_client = ApiGatewayV2(current_audit_info)

providers/aws/services/appstream/appstream_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.appstream.appstream_service import AppStream
-
-appstream_client = AppStream(current_audit_info)

providers/aws/services/autoscaling/autoscaling_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.autoscaling.autoscaling_service import AutoScaling
-
-autoscaling_client = AutoScaling(current_audit_info)

providers/aws/services/awslambda/awslambda_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.awslambda.awslambda_service import Lambda
-
-awslambda_client = Lambda(current_audit_info)

providers/aws/services/cloudformation/cloudformation_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.cloudformation.cloudformation_service import CloudFormation
-
-cloudformation_client = CloudFormation(current_audit_info)

providers/aws/services/cloudfront/cloudfront_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.cloudfront.cloudfront_service import CloudFront
-
-cloudfront_client = CloudFront(current_audit_info)

providers/aws/services/cloudtrail/cloudtrail_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.cloudtrail.cloudtrail_service import Cloudtrail
-
-cloudtrail_client = Cloudtrail(current_audit_info)

providers/aws/services/cloudwatch/cloudwatch_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.cloudwatch.cloudwatch_service import CloudWatch
-
-cloudwatch_client = CloudWatch(current_audit_info)

providers/aws/services/cloudwatch/logs_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.cloudwatch.cloudwatch_service import Logs
-
-logs_client = Logs(current_audit_info)

providers/aws/services/codeartifact/codeartifact_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.codeartifact.codeartifact_service import CodeArtifact
-
-codeartifact_client = CodeArtifact(current_audit_info)

providers/aws/services/codebuild/codebuild_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.codebuild.codebuild_service import Codebuild
-
-codebuild_client = Codebuild(current_audit_info)

providers/aws/services/config/config_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.config.config_service import Config
-
-config_client = Config(current_audit_info)

providers/aws/services/directoryservice/directoryservice_client.py

@@ -1,6 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.directoryservice.directoryservice_service import (
-    DirectoryService,
-)
-
-directoryservice_client = DirectoryService(current_audit_info)

providers/aws/services/dynamodb/dax_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.dynamodb.dynamodb_service import DAX
-
-dax_client = DAX(current_audit_info)

providers/aws/services/dynamodb/dynamodb_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.dynamodb.dynamodb_service import DynamoDB
-
-dynamodb_client = DynamoDB(current_audit_info)

providers/aws/services/ec2/ec2_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.ec2.ec2_service import EC2
-
-ec2_client = EC2(current_audit_info)

providers/aws/services/ecr/ecr_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.ecr.ecr_service import ECR
-
-ecr_client = ECR(current_audit_info)

providers/aws/services/ecs/ecs_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.ecs.ecs_service import ECS
-
-ecs_client = ECS(current_audit_info)

providers/aws/services/efs/efs_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.efs.efs_service import EFS
-
-efs_client = EFS(current_audit_info)

providers/aws/services/eks/eks_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.eks.eks_service import EKS
-
-eks_client = EKS(current_audit_info)

providers/aws/services/elb/elb_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.elb.elb_service import ELB
-
-elb_client = ELB(current_audit_info)

providers/aws/services/elbv2/elbv2_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.elbv2.elbv2_service import ELBv2
-
-elbv2_client = ELBv2(current_audit_info)

providers/aws/services/emr/emr_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.emr.emr_service import EMR
-
-emr_client = EMR(current_audit_info)

providers/aws/services/glacier/glacier_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.glacier.glacier_service import Glacier
-
-glacier_client = Glacier(current_audit_info)

providers/aws/services/globalaccelerator/globalaccelerator_client.py

@@ -1,6 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.globalaccelerator.globalaccelerator_service import (
-    GlobalAccelerator,
-)
-
-globalaccelerator_client = GlobalAccelerator(current_audit_info)

providers/aws/services/glue/glue_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.glue.glue_service import Glue
-
-glue_client = Glue(current_audit_info)

providers/aws/services/guardduty/guardduty_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.guardduty.guardduty_service import GuardDuty
-
-guardduty_client = GuardDuty(current_audit_info)

providers/aws/services/iam/iam_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.iam.iam_service import IAM
-
-iam_client = IAM(current_audit_info)

providers/aws/services/kms/kms_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.kms.kms_service import KMS
-
-kms_client = KMS(current_audit_info)

providers/aws/services/macie/macie_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.macie.macie_service import Macie
-
-macie_client = Macie(current_audit_info)

providers/aws/services/opensearch/opensearch_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.opensearch.opensearch_service import OpenSearchService
-
-opensearch_client = OpenSearchService(current_audit_info)

providers/aws/services/rds/rds_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.rds.rds_service import RDS
-
-rds_client = RDS(current_audit_info)

providers/aws/services/redshift/redshift_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.redshift.redshift_service import Redshift
-
-redshift_client = Redshift(current_audit_info)

providers/aws/services/route53/route53_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.route53.route53_service import Route53
-
-route53_client = Route53(current_audit_info)

providers/aws/services/route53/route53domains_client.py

@@ -1,4 +0,0 @@
-from providers.aws.lib.audit_info.audit_info import current_audit_info
-from providers.aws.services.route53.route53_service import Route53Domains
-
-route53domains_client = Route53Domains(current_audit_info)