qnd:aws_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
qnd:aws_security [2021/10/12 14:52] mguptonqnd:aws_security [2021/10/12 18:44] (current) mgupton
Line 6: Line 6:
  
 ==== Example ==== ==== Example ====
 +Example of doing just the group 1.0 checks (IAM related) for specific region and producing an HTML report.
  
-<code bash+<code> 
-./prowler -g group1 -r us-east-1 -M html+❯ ./prowler -p mg -g group1 -r us-east-1 -M csv 
 +                          _ 
 +  _ __  _ __ _____      _| | ___ _ __ 
 + | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__| 
 + | |_) | | | (_) \ V  V /| |  __/ | 
 + | .__/|_|  \___/ \_/\_/ |_|\___|_|v2.5.0-12August2021 
 + |_| the handy cloud security tool 
 + 
 + Date: Tue Oct 12 11:01:16 CDT 2021 
 + Generating AWS IAM Credential Report... -  [] 
 +1.1 [check11] Avoid the use of the root account - iam [High] 
 +       PASS! us-east-1: Root user in the account wasn't accessed in the last 1 days 
 +1.2 [check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - iam [High] 
 +       FAIL! us-east-1: User admin2 has Password enabled but MFA disabled 
 +1.3 [check13] Ensure credentials unused for 90 days or greater are disabled - iam [Medium] 
 +       FAIL! us-east-1: User admin has not logged into the console in the past 90 days 
 +       FAIL! us-east-1: User admin2 has never logged into the console since creation and their password not changed in the past 90 days 
 +       FAIL! us-east-1: User admin has not used access key 1 in the past 90 days 
 +       FAIL! us-east-1: User admin2 has never used access key 1 since creation and not rotated it in the past 90 days 
 +       PASS! us-east-1: User admin has used access key 2 in the past 90 days 
 +1.4 [check14] Ensure access keys are rotated every 90 days or less - iam [Medium] 
 +       FAIL! us-east-1: admin has not rotated access key 1 in over 90 days 
 +       FAIL! us-east-1: admin2 has not rotated access key 1 in over 90 days 
 +       FAIL! us-east-1: admin has not rotated access key 2 in over 90 days 
 +1.5 [check15] Ensure IAM password policy requires at least one uppercase letter - iam [Medium] 
 +       PASS! us-east-1: Password Policy requires upper case 
 +1.6 [check16] Ensure IAM password policy require at least one lowercase letter - iam [Medium] 
 +       PASS! us-east-1: Password Policy requires lower case 
 +1.7 [check17] Ensure IAM password policy require at least one symbol - iam [Medium] 
 +       FAIL! us-east-1: Password Policy missing symbol requirement 
 +1.8 [check18] Ensure IAM password policy require at least one number - iam [Medium] 
 +       PASS! us-east-1: Password Policy requires number 
 +1.9 [check19] Ensure IAM password policy requires minimum length of 14 or greater - iam [Medium] 
 +       FAIL! us-east-1: Password Policy missing or weak length requirement 
 +1.10 [check110] Ensure IAM password policy prevents password reuse: 24 or greater - iam [Medium] 
 +       FAIL! us-east-1: Password Policy has weak reuse requirement (lower than 24) 
 +1.11 [check111] Ensure IAM password policy expires passwords within 90 days or less - iam [Medium] 
 +       FAIL! us-east-1: Password expiration is not set 
 +1.12 [check112] Ensure no root account access key exists - iam [Critical] 
 +       PASS! us-east-1: No access key 1 found for root 
 +       PASS! us-east-1: No access key 2 found for root 
 +1.13 [check113] Ensure MFA is enabled for the root account - iam [Critical] 
 +       PASS! us-east-1: Virtual MFA is enabled for root 
 +1.14 [check114] Ensure hardware MFA is enabled for the root account - iam [Critical] 
 +       FAIL! us-east-1: Only Virtual MFA is enabled for root 
 +1.15 [check115] Ensure security questions are registered in the AWS account - support [Medium] 
 +       INFO! No command available for check 1.15. Login to the AWS Console as root & click on the Account. Name -> My Account -> Configure Security Challenge Questions. 
 +1.16 [check116] Ensure IAM policies are attached only to groups or roles - iam [Low] 
 +       FAIL! us-east-1: admin has managed policy directly attached 
 +       FAIL! us-east-1: admin2 has managed policy directly attached 
 +1.17 [check117] Maintain current contact details - support [Medium] 
 +       INFO! No command available for check 1.17. See section 1.17 on the CIS Benchmark guide for details. 
 +1.18 [check118] Ensure security contact information is registered - support [Medium] 
 +       INFO! No command available for check 1.18. See section 1.18 on the CIS Benchmark guide for details. 
 +1.19 [check119] Ensure IAM instance roles are used for AWS resource access from instances - ec2 [Medium] 
 +       INFO! eu-north-1: No EC2 instances found 
 +       INFO! ap-south-1: No EC2 instances found 
 +       INFO! eu-west-3: No EC2 instances found 
 +       INFO! eu-west-2: No EC2 instances found 
 +       INFO! eu-west-1: No EC2 instances found 
 +       INFO! ap-northeast-3: No EC2 instances found 
 +       INFO! ap-northeast-2: No EC2 instances found 
 +       INFO! ap-northeast-1: No EC2 instances found 
 +       INFO! sa-east-1: No EC2 instances found 
 +       INFO! ca-central-1: No EC2 instances found 
 +       INFO! ap-southeast-1: No EC2 instances found 
 +       INFO! ap-southeast-2: No EC2 instances found 
 +       INFO! eu-central-1: No EC2 instances found 
 +       INFO! us-east-1: No EC2 instances found 
 +       INFO! us-east-2: No EC2 instances found 
 +       INFO! us-west-1: No EC2 instances found 
 +       INFO! us-west-2: No EC2 instances found 
 +1.20 [check120] Ensure a support role has been created to manage incidents with AWS Support - iam [Medium] 
 +       FAIL! us-east-1: Support Policy not applied to any Role 
 +1.21 [check121] Do not setup access keys during initial user setup for all IAM users that have a console password - iam [Medium] 
 +       FAIL! us-east-1: User admin2 has never used access key 1 
 +       PASS! us-east-1: No users found with access key 2 never used 
 +1.22 [check122] Ensure IAM policies that allow full "*:*" administrative privileges are not created - iam [Medium] 
 +       PASS! us-east-1: No custom policy found that allow full "*:*" administrative privileges 
 +7.74 [extra774] Ensure credentials unused for 30 days or greater are disabled - iam [Medium] 
 +       FAIL! us-east-1: User admin has not logged into the console in the past 30 days 
 +       FAIL! us-east-1: User admin2 has never logged into the console since creation and their password not changed in the past 30 days 
 +       FAIL! us-east-1: User admin has not used access key 1 in the past 30 days 
 +       FAIL! us-east-1: User admin2 has never used access key 1 since creation and not rotated it in the past 30 days 
 +       PASS! us-east-1: User admin has used access key 2 in the past 30 days
 </code> </code>
 +
 +====== Misc ======
 +  * [[https://github.com/nccgroup/ScoutSuite]]
 +
 +
  
  • qnd/aws_security.1634050358.txt.gz
  • Last modified: 2021/10/12 14:52
  • by mgupton