mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
8a1d7bcd6b
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com> Co-authored-by: Hugo P.Brito <hugopbrit@gmail.com>
98 lines
2.5 KiB
Plaintext
98 lines
2.5 KiB
Plaintext
---
|
|
title: "Linode Authentication in Prowler"
|
|
---
|
|
|
|
import { VersionBadge } from "/snippets/version-badge.mdx"
|
|
|
|
<VersionBadge version="5.31.0" />
|
|
|
|
Prowler for Linode uses a **Personal Access Token** (PAT) for authentication. Prowler reads the token **exclusively** from the `LINODE_TOKEN` environment variable, so the secret is never exposed in shell history or process listings. There are no credential CLI flags.
|
|
|
|
## Required Permissions
|
|
|
|
Prowler requires read-only access to your Linode account. The following OAuth scopes are needed on the Personal Access Token:
|
|
|
|
| Scope | Access | Description |
|
|
|-------|--------|-------------|
|
|
| `account` | `Read Only` | Required to list users and verify account identity |
|
|
| `linodes` | `Read Only` | Required to list instances and their configurations |
|
|
| `firewall` | `Read Only` | Required to list firewalls and their rules |
|
|
|
|
<Warning>
|
|
Ensure the token has all required scopes. Missing permissions will cause some checks to fail or return incomplete results.
|
|
</Warning>
|
|
|
|
---
|
|
|
|
## Personal Access Token
|
|
|
|
### Step 1: Create a Personal Access Token
|
|
|
|
1. Log into the [Linode Cloud Manager](https://cloud.linode.com).
|
|
2. Click on your username in the top-right corner, then select **API Tokens** under the "My Profile" section.
|
|
3. Click **Create a Personal Access Token**.
|
|
4. Configure the token:
|
|
- **Label:** A descriptive name (e.g., "Prowler Security Scanner")
|
|
- **Expiry:** Set an appropriate expiration (e.g., 6 months)
|
|
- **Permissions:** Set the following scopes to **Read Only**:
|
|
- Account
|
|
- Linodes
|
|
- Firewall
|
|
- All other scopes can be set to **No Access**
|
|
5. Click **Create Token**.
|
|
6. Copy the token immediately — it will not be shown again.
|
|
|
|
### Step 2: Configure Authentication
|
|
|
|
Set the `LINODE_TOKEN` environment variable:
|
|
|
|
```bash
|
|
export LINODE_TOKEN="your-personal-access-token"
|
|
```
|
|
|
|
Then run Prowler:
|
|
|
|
```bash
|
|
prowler linode
|
|
```
|
|
|
|
---
|
|
|
|
## Verifying Authentication
|
|
|
|
To verify that Prowler can connect to your Linode account, run:
|
|
|
|
```bash
|
|
prowler linode --list-checks
|
|
```
|
|
|
|
If authentication succeeds, you will see a list of available checks. If it fails, Prowler will display an error message indicating the credentials issue.
|
|
|
|
---
|
|
|
|
## CI/CD Integration
|
|
|
|
For automated pipelines, set the token as a secret environment variable:
|
|
|
|
**GitHub Actions:**
|
|
|
|
```yaml
|
|
env:
|
|
LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }}
|
|
|
|
steps:
|
|
- name: Run Prowler
|
|
run: prowler linode
|
|
```
|
|
|
|
**GitLab CI:**
|
|
|
|
```yaml
|
|
variables:
|
|
LINODE_TOKEN: $LINODE_TOKEN
|
|
|
|
prowler_scan:
|
|
script:
|
|
- prowler linode
|
|
```
|