Commit Graph

847 Commits

Author SHA1 Message Date
Nimrod Kor fcf28dfa70 Add trail count to check21 and fail if no trail exist 2019-12-12 09:42:42 +02:00
Nimrod Kor 2e543b4f50 Merge branch 'master' of https://github.com/toniblyx/prowler 2019-12-05 23:09:21 +02:00
Toni de la Fuente b6e34adc24 Fix issue #409 2019-12-05 12:52:19 +01:00
Nimrod Kor 405f4033c2 Merge branch 'feature/dockerized_prowler' 2019-12-04 15:48:16 +02:00
Toni de la Fuente 7b5ece8007 New check IAM Access Analyzer issue #428 2019-12-03 15:58:19 +01:00
Toni de la Fuente fe65eaf373 New check ECS scan on push issue #427 2019-12-03 15:27:09 +01:00
Toni de la Fuente 4af3dc1254 Fix issue #426 updated base64 function 2019-12-02 15:26:48 +01:00
Nimrod Kor 9d07391a61 Fix unnecessary `` 2019-11-26 17:14:07 +02:00
Toni de la Fuente 923fadbfa9 Merge pull request #425 from zfLQ2qx2/check-3xx-whitespace-tolerance
Make check3x more tolerant
2019-11-26 10:18:49 +01:00
Toni de la Fuente 3f68accf6f Added missing file iam/prowler-additions-policy.json 2019-11-26 09:57:29 +01:00
zfLQ2qx2 25d1aa9126 Make check3x more tolerant 2019-11-26 00:56:52 -05:00
Toni de la Fuente dce9d5c96d Merge pull request #423 from barnhartguy/master
Update check_extra768
2019-11-25 10:03:27 +01:00
Toni de la Fuente 80c6900193 Merge pull request #424 from willthames/extra764_fix
Fix extra764 check
2019-11-25 10:01:51 +01:00
Nimrod Kor 79b62e0a91 Merge remote-tracking branch 'tony/master'
# Conflicts:
#	.gitignore
#	groups/group11_secrets
2019-11-25 09:35:16 +02:00
Nimrod Kor 302b856804 Merge remote-tracking branch 'tony/master'
# Conflicts:
#	checks/check_extra742
#	checks/check_extra763
2019-11-25 09:34:08 +02:00
Will Thames 2e11e0a3f2 Fix extra764 check
Add missing bracket to prevent:

```
jq: error: syntax error, unexpected INVALID_CHARACTER, expecting $end (Unix shell quoting issues?) at <top-level>, line 1:
.Statement[]|select(((.Principal|type == "object") and .Principal.AWS == "*") or ((.Principal|type == "string") and
.Principal == "*")) and .Action=="s3:*" and (.Resource|type == "array") and (.Resource|map({(.):0})[]|has($arn)) and
(.Resource|map({(.):0})[]|has($arn+"/*")) and .Condition.Bool."aws:SecureTransport" == "false")
```

(line breaks added to reduce commit width)
2019-11-25 16:01:26 +10:00
barnhartguy c630c02a26 Update check_extra768
fixed typo
2019-11-24 14:37:09 +02:00
Toni de la Fuente e18cea213b consolidated ProwlerReadOnlyPolicy and available json 2019-11-22 12:42:57 +01:00
Toni de la Fuente 8f91bfee24 clean up documentation and added info to check_sample 2019-11-22 11:59:03 +01:00
Toni de la Fuente a191a4eae6 consolidated ProwlerReadOnlyPolicy and available json 2019-11-22 11:41:13 +01:00
Toni de la Fuente ce7e07d66d consolidated ProwlerReadOnlyPolicy and available json 2019-11-22 11:29:16 +01:00
Toni de la Fuente ab5ed2c527 Merge pull request #421 from jonrau-at-aws/master
Update HIPAA language
2019-11-22 09:49:57 +01:00
Toni de la Fuente c513e7af6c Merge pull request #420 from bridgecrewio/feature/ecs_task_definition_secrets_check_contribute
Add ECS task definition environment variables check
2019-11-22 00:18:00 +01:00
Toni de la Fuente 2e1cead3a2 Merge pull request #419 from zfLQ2qx2/prowler-extra719
Filter out private zones in check extra719
2019-11-22 00:12:36 +01:00
Toni de la Fuente 5c8b0aa942 Merge pull request #418 from zfLQ2qx2/prowler-check726
Handle Trusted Advisor entitlement issue gracefully
2019-11-22 00:10:39 +01:00
Toni de la Fuente 15dda01842 Merge pull request #417 from zfLQ2qx2/prowler-misc-updates
Update extra764 and extra734, add .gitignore rules for vim
2019-11-22 00:09:35 +01:00
Nimrod Kor d19ae27f7c Fix merge issue 2019-11-21 12:48:17 -08:00
Nimrod Kor b61af3a9eb Add ECS task definition environment variables check
(cherry picked from commit 662f287dd6)
2019-11-21 12:44:09 -08:00
Nimrod Kor 662f287dd6 Add ECS task definition environment variables check 2019-11-21 12:39:22 -08:00
zfLQ2qx2 687686c929 Filter out private zones in check extra719 2019-11-21 15:36:38 -05:00
zfLQ2qx2 94a90599bd Handle Trusted Advisor entitlement issue gracefully 2019-11-21 15:17:03 -05:00
zfLQ2qx2 669469e618 Update extra764 and extra734, add .gitignore rules for vim 2019-11-21 14:56:13 -05:00
Nimrod Kor d6c2f3c78b Expose checks parameter 2019-11-21 11:14:24 -08:00
Jonathan Rau 73a5ee1bac Update README.md 2019-11-21 12:38:31 -05:00
Jonathan Rau 0ff9806d70 Update README.md 2019-11-21 12:33:38 -05:00
Toni de la Fuente 961b79a4aa Added extra767 for CloudFront field level encryption issue #425 2019-11-21 17:48:34 +01:00
Toni de la Fuente 264b84ae2a Added check_extra765 ECR scanning issue #406 2019-11-21 00:52:18 +01:00
Toni de la Fuente 031b68adde fixed typo in iam policy 2019-11-20 23:20:17 +01:00
Toni de la Fuente d737193b98 Merge pull request #407 from zfLQ2qx2/prowler_misc_fixes
Misc prowler fixes


    Add GetEbsEncryptionByDefault wherever Prowler policies are mentioned
    Update Extra718 check to be aware of access denied responses
    Update Extra726 check to be more verbose for non-failure items
    Update Extra73 check to be aware of access denied responses
    Update Extra734 check to be aware of access denied responses and parse policies with jq for better accuracy
    Update Extra742 check for verbiage
    Update Extra756 check for verbiage and parameter order
    Update Extra761 check for failure scenarios (requires most recent awscli and addition to Prowler IAM policy)
    Added Extra763 check to verify that object versioning is enabled on S3 buckets
    Added Extra764 check to verify that S3 buckets enforce a secure transport policy
2019-11-20 22:03:02 +00:00
Toni de la Fuente 649192eb41 Merge pull request #411 from zfLQ2qx2/prowler-extra75-enhancement
Update extra75 to be aware of default security groups
2019-11-20 21:46:21 +00:00
Toni de la Fuente f83ce78e8f Merge pull request #410 from zfLQ2qx2/prowler-3x-checks
Update log metric filter checks to latest AWS CIS Foundations Benchmarks
2019-11-20 21:44:23 +00:00
Nimrod Kor fd99343530 Create a script which assumes the role, runs prowler, and uploads to s3 2019-11-19 22:22:15 -08:00
zfLQ2qx2 054043d78e Update extra75 to aware of default security groups 2019-11-20 00:09:35 -05:00
zfLQ2qx2 603ed0b16f Update log metric filter checks to latest AWS CIS Foundations Benchmark and provide hints on how to remediate 2019-11-19 01:37:42 -05:00
Nimrod Kor 592af2b5b5 Make image smaller 2019-11-16 21:01:23 -08:00
Nimrod Kor ef26086330 Update dockerfile and scripts 2019-11-16 20:46:30 -08:00
Nimrod Kor 70a98ec21d Create credentials file & run.sh 2019-11-16 20:12:58 -08:00
zfLQ2qx2 3a893889b6 Misc prowler fixes 2019-11-13 22:49:32 -05:00
Toni de la Fuente 2e181920ab Added pull request template 2019-11-05 11:07:09 +01:00
Nimrod Kor 15f1c1a236 Fix the check extra760 to not delete the secrets folder 2019-11-05 09:38:39 +02:00