====== AWS Security ====== ====== Security Solutions ====== ===== Prowler ===== * [[https://github.com/toniblyx/prowler|Prowler]], FOSS security assessment tool ==== Example ==== Example of doing just the group 1.0 checks (IAM related) for specific region and producing an HTML report. ❯ ./prowler -p mg -g group1 -r us-east-1 -M csv _ _ __ _ __ _____ _| | ___ _ __ | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__| | |_) | | | (_) \ V V /| | __/ | | .__/|_| \___/ \_/\_/ |_|\___|_|v2.5.0-12August2021 |_| the handy cloud security tool Date: Tue Oct 12 11:01:16 CDT 2021 Generating AWS IAM Credential Report... - [] 1.1 [check11] Avoid the use of the root account - iam [High] PASS! us-east-1: Root user in the account wasn't accessed in the last 1 days 1.2 [check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - iam [High] FAIL! us-east-1: User admin2 has Password enabled but MFA disabled 1.3 [check13] Ensure credentials unused for 90 days or greater are disabled - iam [Medium] FAIL! us-east-1: User admin has not logged into the console in the past 90 days FAIL! us-east-1: User admin2 has never logged into the console since creation and their password not changed in the past 90 days FAIL! us-east-1: User admin has not used access key 1 in the past 90 days FAIL! us-east-1: User admin2 has never used access key 1 since creation and not rotated it in the past 90 days PASS! us-east-1: User admin has used access key 2 in the past 90 days 1.4 [check14] Ensure access keys are rotated every 90 days or less - iam [Medium] FAIL! us-east-1: admin has not rotated access key 1 in over 90 days FAIL! us-east-1: admin2 has not rotated access key 1 in over 90 days FAIL! us-east-1: admin has not rotated access key 2 in over 90 days 1.5 [check15] Ensure IAM password policy requires at least one uppercase letter - iam [Medium] PASS! us-east-1: Password Policy requires upper case 1.6 [check16] Ensure IAM password policy require at least one lowercase letter - iam [Medium] PASS! us-east-1: Password Policy requires lower case 1.7 [check17] Ensure IAM password policy require at least one symbol - iam [Medium] FAIL! us-east-1: Password Policy missing symbol requirement 1.8 [check18] Ensure IAM password policy require at least one number - iam [Medium] PASS! us-east-1: Password Policy requires number 1.9 [check19] Ensure IAM password policy requires minimum length of 14 or greater - iam [Medium] FAIL! us-east-1: Password Policy missing or weak length requirement 1.10 [check110] Ensure IAM password policy prevents password reuse: 24 or greater - iam [Medium] FAIL! us-east-1: Password Policy has weak reuse requirement (lower than 24) 1.11 [check111] Ensure IAM password policy expires passwords within 90 days or less - iam [Medium] FAIL! us-east-1: Password expiration is not set 1.12 [check112] Ensure no root account access key exists - iam [Critical] PASS! us-east-1: No access key 1 found for root PASS! us-east-1: No access key 2 found for root 1.13 [check113] Ensure MFA is enabled for the root account - iam [Critical] PASS! us-east-1: Virtual MFA is enabled for root 1.14 [check114] Ensure hardware MFA is enabled for the root account - iam [Critical] FAIL! us-east-1: Only Virtual MFA is enabled for root 1.15 [check115] Ensure security questions are registered in the AWS account - support [Medium] INFO! No command available for check 1.15. Login to the AWS Console as root & click on the Account. Name -> My Account -> Configure Security Challenge Questions. 1.16 [check116] Ensure IAM policies are attached only to groups or roles - iam [Low] FAIL! us-east-1: admin has managed policy directly attached FAIL! us-east-1: admin2 has managed policy directly attached 1.17 [check117] Maintain current contact details - support [Medium] INFO! No command available for check 1.17. See section 1.17 on the CIS Benchmark guide for details. 1.18 [check118] Ensure security contact information is registered - support [Medium] INFO! No command available for check 1.18. See section 1.18 on the CIS Benchmark guide for details. 1.19 [check119] Ensure IAM instance roles are used for AWS resource access from instances - ec2 [Medium] INFO! eu-north-1: No EC2 instances found INFO! ap-south-1: No EC2 instances found INFO! eu-west-3: No EC2 instances found INFO! eu-west-2: No EC2 instances found INFO! eu-west-1: No EC2 instances found INFO! ap-northeast-3: No EC2 instances found INFO! ap-northeast-2: No EC2 instances found INFO! ap-northeast-1: No EC2 instances found INFO! sa-east-1: No EC2 instances found INFO! ca-central-1: No EC2 instances found INFO! ap-southeast-1: No EC2 instances found INFO! ap-southeast-2: No EC2 instances found INFO! eu-central-1: No EC2 instances found INFO! us-east-1: No EC2 instances found INFO! us-east-2: No EC2 instances found INFO! us-west-1: No EC2 instances found INFO! us-west-2: No EC2 instances found 1.20 [check120] Ensure a support role has been created to manage incidents with AWS Support - iam [Medium] FAIL! us-east-1: Support Policy not applied to any Role 1.21 [check121] Do not setup access keys during initial user setup for all IAM users that have a console password - iam [Medium] FAIL! us-east-1: User admin2 has never used access key 1 PASS! us-east-1: No users found with access key 2 never used 1.22 [check122] Ensure IAM policies that allow full "*:*" administrative privileges are not created - iam [Medium] PASS! us-east-1: No custom policy found that allow full "*:*" administrative privileges 7.74 [extra774] Ensure credentials unused for 30 days or greater are disabled - iam [Medium] FAIL! us-east-1: User admin has not logged into the console in the past 30 days FAIL! us-east-1: User admin2 has never logged into the console since creation and their password not changed in the past 30 days FAIL! us-east-1: User admin has not used access key 1 in the past 30 days FAIL! us-east-1: User admin2 has never used access key 1 since creation and not rotated it in the past 30 days PASS! us-east-1: User admin has used access key 2 in the past 30 days ====== Misc ====== * [[https://github.com/nccgroup/ScoutSuite]]