Skip to content
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Shell Python HTML JavaScript PowerShell CSS Other
Branch: master
Clone or download
Pull request Compare This branch is 7 commits ahead, 9 commits behind SecurityFTW:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
modules
scripts
tools
.gitignore
.gitmodules
AWS_Audit_Report.png
Dockerfile
GCP_Audit_Report.png
LICENSE
README.md
_config.yml
cs-suite.png
cs.py
requirements.txt

README.md

Cloud Security Suite (cs-suite) - Version 3.0

Usage

usage: cs.py [-h] -env {aws,gcp,azure} -aip AUDIT_IP -u USER_NAME -pem
             PEM_FILE [-p] [-pId PROJECT_ID] [-az_u AZURE_USER]
             [-az_p AZURE_PASS] [-o OUTPUT] [-w]

this is to get IP address for lynis audit only

optional arguments:
  -h, --help            show this help message and exit
  -env {aws,gcp,azure}, --environment {aws,gcp,azure}
                        The cloud on which the test-suite is to be run
  -aip AUDIT_IP, --audit_ip AUDIT_IP
                        The IP for which lynis Audit needs to be done .... by
                        default tries root/Administrator if username not
                        provided
  -u USER_NAME, --user_name USER_NAME
                        The username of the user to be logged in,for a
                        specific user
  -pem PEM_FILE, --pem_file PEM_FILE
                        The pem file to access to AWS instance
  -p, --password        hidden password prompt
  -pId PROJECT_ID, --project_id PROJECT_ID
                        Project ID for which GCP Audit needs to be run. Can be
                        retrivied using `gcloud projects list`
  -az_u AZURE_USER, --azure_user AZURE_USER
                        username of azure account, optionally used if you want
                        to run the azure audit with no user interaction.
  -az_p AZURE_PASS, --azure_pass AZURE_PASS
                        username of azure password, optionally used if you
                        want to run the azure audit with no user interaction.
  -o OUTPUT, --output OUTPUT
                        writes a log in JSON of an audit, ideal for
                        consumptions into SIEMS like ELK and Splunk. Defaults
                        to cs-audit.log
  -w, --wipe            rm -rf reports/ folder before executing an audit

Requirements

  • Operating System OSX or Linux only
  • python 2.7
  • pip
  • git
  • jq
  • gcc (for sshpass installation (OS Audit). Not a mandatory pre-requisite)
  • AWS Audit - AWS ReadOnly Keys
  • GCP Audit - gcloud setup
  • Azure Audit - Azure user read-only access

Installation

(in order to avoid missing with the already installed python libraries)

  • get project git clone --recurse-submodules https://github.com/SecurityFTW/cs-suite.git && cd cs-suite/
  • install virtualenv pip install virtualenv
  • create a python 2.7 local enviroment virtualenv -p python2.7 venv
  • activate the virtual enviroment source venv/bin/activate
  • install project dependencies pip install -r requirements.txt
  • run the tool via python cs.py --help

AWS Configuration

  • In AWS create a IAM user with at least the following policy arn:aws:iam::aws:policy/ReadOnlyAccess
  • In your local install aws cli brew install awscli for OSX
  • Configure AWS cli aws configure

GCP Configuration

Azure Configuration

  • signup and have logged in already to azure.microsoft.com
  • install azure CLI brew install az
  • authenticate the azure cli az login, you should see your subscription type if it was successful, simiarly to the response below:
[
  {
    "cloudName": "AzureCloud",
    "id": "xxxxx-5595-4da5-bc27-xxxeeee",
    "isDefault": true,
    "name": "Free Trial",
    "state": "Enabled",
    "tenantId": "xxxxx-18e9-41a4-961b-xxxxx",
    "user": {
      "name": "customer@email.com",
      "type": "user"
    }
  }
]

Running cs-suite

To run AWS Audit - python cs.py -env aws
To run GCP Audit - python cs.py -env gcp -pId <project_name>
To run Azure Audit - python cs.py -env azure
  • The final report will be available in reports directory

  • The final AWS Audit report looks like below:

AWS Audit report

  • The final GCP Audit report looks like below:

GCP Audit report

Docker Setup

  • Create a local directory aws with credentials and config files

  • The config file looks like below

$ cat aws/config

[default]
output = json
region = us-east-1
  • The credentials file looks like below
$ cat aws/credentials

[default]
aws_access_key_id = XXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX

Note: This tool requires arn:aws:iam::aws:policy/ReadOnlyAccess IAM policy

  • Then run the follwing docker command to start (passing your specific enviroment)
docker run -v `pwd`/aws:/root/.aws -v `pwd`/reports:/app/reports securityftw/cs-suite -env aws

Documentation

https://securityftw.github.io

Thanks

You can’t perform that action at this time.