mirror of
https://github.com/prowler-cloud/prowler.git
synced 2025-12-19 05:17:47 +00:00
42 lines
1.8 KiB
Bash
42 lines
1.8 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Prowler - the handy cloud security tool (c) by Toni de la Fuente
|
|
#
|
|
# This Prowler check is licensed under a
|
|
# Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
|
|
#
|
|
# You should have received a copy of the license along with this
|
|
# work. If not, see <http://creativecommons.org/licenses/by-nc-sa/4.0/>.
|
|
|
|
CHECK_ID_check13="1.3,1.03"
|
|
CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)"
|
|
CHECK_SCORED_check13="SCORED"
|
|
CHECK_ALTERNATE_check103="check13"
|
|
|
|
check13(){
|
|
# "Ensure credentials unused for 90 days or greater are disabled (Scored)"
|
|
COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
|
|
if [[ $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED ]]; then
|
|
COMMAND13=$(
|
|
for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
|
|
cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$5 }' |grep $i| awk '{ print $1 }'|tr '\n' ' ';
|
|
done)
|
|
# list of users that have used password
|
|
USERS_PASSWORD_USED=$($AWSCLI iam list-users --query "Users[?PasswordLastUsed].UserName" --output text $PROFILE_OPT --region $REGION)
|
|
if [[ $USERS_PASSWORD_USED ]]; then
|
|
# look for users with a password last used more or equal to 90 days
|
|
for i in $USERS_PASSWORD_USED; do
|
|
DATEUSED=$($AWSCLI iam list-users --query "Users[?UserName=='$i'].PasswordLastUsed" --output text $PROFILE_OPT --region $REGION | cut -d'T' -f1)
|
|
HOWOLDER=$(how_older_from_today $DATEUSED)
|
|
if [ $HOWOLDER -gt "90" ];then
|
|
textFail "User \"$i\" has not logged in during the last 90 days "
|
|
else
|
|
textPass "User \"$i\" found with credentials used in the last 90 days"
|
|
fi
|
|
done
|
|
fi
|
|
else
|
|
textPass "No users found with password enabled"
|
|
fi
|
|
}
|