qnd:aws_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
qnd:aws_security [2021/10/12 15:32] – [Example] mguptonqnd:aws_security [2021/10/12 18:44] (current) mgupton
Line 7: Line 7:
 ==== Example ==== ==== Example ====
 Example of doing just the group 1.0 checks (IAM related) for specific region and producing an HTML report. Example of doing just the group 1.0 checks (IAM related) for specific region and producing an HTML report.
-<code bash+ 
-./prowler -g group1 -r us-east-1 -M html+<code> 
 +❯ ./prowler -p mg -g group1 -r us-east-1 -M csv 
 +                          _ 
 +  _ __  _ __ _____      _| | ___ _ __ 
 + | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__| 
 + | |_) | | | (_) \ V  V /| |  __/ | 
 + | .__/|_|  \___/ \_/\_/ |_|\___|_|v2.5.0-12August2021 
 + |_| the handy cloud security tool 
 + 
 + Date: Tue Oct 12 11:01:16 CDT 2021 
 + Generating AWS IAM Credential Report... -  [] 
 +1.1 [check11] Avoid the use of the root account - iam [High] 
 +       PASS! us-east-1: Root user in the account wasn't accessed in the last 1 days 
 +1.2 [check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password - iam [High] 
 +       FAIL! us-east-1: User admin2 has Password enabled but MFA disabled 
 +1.3 [check13] Ensure credentials unused for 90 days or greater are disabled - iam [Medium] 
 +       FAIL! us-east-1: User admin has not logged into the console in the past 90 days 
 +       FAIL! us-east-1: User admin2 has never logged into the console since creation and their password not changed in the past 90 days 
 +       FAIL! us-east-1: User admin has not used access key 1 in the past 90 days 
 +       FAIL! us-east-1: User admin2 has never used access key 1 since creation and not rotated it in the past 90 days 
 +       PASS! us-east-1: User admin has used access key 2 in the past 90 days 
 +1.4 [check14] Ensure access keys are rotated every 90 days or less - iam [Medium] 
 +       FAIL! us-east-1: admin has not rotated access key 1 in over 90 days 
 +       FAIL! us-east-1: admin2 has not rotated access key 1 in over 90 days 
 +       FAIL! us-east-1: admin has not rotated access key 2 in over 90 days 
 +1.5 [check15] Ensure IAM password policy requires at least one uppercase letter - iam [Medium] 
 +       PASS! us-east-1: Password Policy requires upper case 
 +1.6 [check16] Ensure IAM password policy require at least one lowercase letter - iam [Medium] 
 +       PASS! us-east-1: Password Policy requires lower case 
 +1.7 [check17] Ensure IAM password policy require at least one symbol - iam [Medium] 
 +       FAIL! us-east-1: Password Policy missing symbol requirement 
 +1.8 [check18] Ensure IAM password policy require at least one number - iam [Medium] 
 +       PASS! us-east-1: Password Policy requires number 
 +1.9 [check19] Ensure IAM password policy requires minimum length of 14 or greater - iam [Medium] 
 +       FAIL! us-east-1: Password Policy missing or weak length requirement 
 +1.10 [check110] Ensure IAM password policy prevents password reuse: 24 or greater - iam [Medium] 
 +       FAIL! us-east-1: Password Policy has weak reuse requirement (lower than 24) 
 +1.11 [check111] Ensure IAM password policy expires passwords within 90 days or less - iam [Medium] 
 +       FAIL! us-east-1: Password expiration is not set 
 +1.12 [check112] Ensure no root account access key exists - iam [Critical] 
 +       PASS! us-east-1: No access key 1 found for root 
 +       PASS! us-east-1: No access key 2 found for root 
 +1.13 [check113] Ensure MFA is enabled for the root account - iam [Critical] 
 +       PASS! us-east-1: Virtual MFA is enabled for root 
 +1.14 [check114] Ensure hardware MFA is enabled for the root account - iam [Critical] 
 +       FAIL! us-east-1: Only Virtual MFA is enabled for root 
 +1.15 [check115] Ensure security questions are registered in the AWS account - support [Medium] 
 +       INFO! No command available for check 1.15. Login to the AWS Console as root & click on the Account. Name -> My Account -> Configure Security Challenge Questions. 
 +1.16 [check116] Ensure IAM policies are attached only to groups or roles - iam [Low] 
 +       FAIL! us-east-1: admin has managed policy directly attached 
 +       FAIL! us-east-1: admin2 has managed policy directly attached 
 +1.17 [check117] Maintain current contact details - support [Medium] 
 +       INFO! No command available for check 1.17. See section 1.17 on the CIS Benchmark guide for details. 
 +1.18 [check118] Ensure security contact information is registered - support [Medium] 
 +       INFO! No command available for check 1.18. See section 1.18 on the CIS Benchmark guide for details. 
 +1.19 [check119] Ensure IAM instance roles are used for AWS resource access from instances - ec2 [Medium] 
 +       INFO! eu-north-1: No EC2 instances found 
 +       INFO! ap-south-1: No EC2 instances found 
 +       INFO! eu-west-3: No EC2 instances found 
 +       INFO! eu-west-2: No EC2 instances found 
 +       INFO! eu-west-1: No EC2 instances found 
 +       INFO! ap-northeast-3: No EC2 instances found 
 +       INFO! ap-northeast-2: No EC2 instances found 
 +       INFO! ap-northeast-1: No EC2 instances found 
 +       INFO! sa-east-1: No EC2 instances found 
 +       INFO! ca-central-1: No EC2 instances found 
 +       INFO! ap-southeast-1: No EC2 instances found 
 +       INFO! ap-southeast-2: No EC2 instances found 
 +       INFO! eu-central-1: No EC2 instances found 
 +       INFO! us-east-1: No EC2 instances found 
 +       INFO! us-east-2: No EC2 instances found 
 +       INFO! us-west-1: No EC2 instances found 
 +       INFO! us-west-2: No EC2 instances found 
 +1.20 [check120] Ensure a support role has been created to manage incidents with AWS Support - iam [Medium] 
 +       FAIL! us-east-1: Support Policy not applied to any Role 
 +1.21 [check121] Do not setup access keys during initial user setup for all IAM users that have a console password - iam [Medium] 
 +       FAIL! us-east-1: User admin2 has never used access key 1 
 +       PASS! us-east-1: No users found with access key 2 never used 
 +1.22 [check122] Ensure IAM policies that allow full "*:*" administrative privileges are not created - iam [Medium] 
 +       PASS! us-east-1: No custom policy found that allow full "*:*" administrative privileges 
 +7.74 [extra774] Ensure credentials unused for 30 days or greater are disabled - iam [Medium] 
 +       FAIL! us-east-1: User admin has not logged into the console in the past 30 days 
 +       FAIL! us-east-1: User admin2 has never logged into the console since creation and their password not changed in the past 30 days 
 +       FAIL! us-east-1: User admin has not used access key 1 in the past 30 days 
 +       FAIL! us-east-1: User admin2 has never used access key 1 since creation and not rotated it in the past 30 days 
 +       PASS! us-east-1: User admin has used access key 2 in the past 30 days
 </code> </code>
 +
 +====== Misc ======
 +  * [[https://github.com/nccgroup/ScoutSuite]]
 +
 +
  
  • qnd/aws_security.1634052768.txt.gz
  • Last modified: 2021/10/12 15:32
  • by mgupton