Fix(ES): Improve AWS CLI query and add error handling for ElasticSearch/OpenSearch checks #1032
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Check extra781, extra782, extra783, extra784 and extra785
Contributor
Author
$ ./prowler -p default -f sa-east-1 -c extra781,extra782,extra783,extra784,extra785
_
_ __ _ __ _____ _| | ___ _ __
| '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
| |_) | | | (_) \ V V /| | __/ |
| .__/|_| \___/ \_/\_/ |_|\___|_|v2.7.0-24January2022
|_| the handy cloud security tool
Date: Fri Feb 4 20:23:58 -03 2022
Color code for results:
- INFO (Information)
- PASS (Recommended value)
- WARNING (Ignored by whitelist)
- FAIL (Fix required)
This report is being generated using credentials below:
AWS-CLI Profile: [default] AWS API Region: [sa-east-1] AWS Filter Region: [sa-east-1]
AWS Account: [xxxx5262] UserId: [AROAxxxx:xxxx]
Caller Identity ARN: [arn:aws:sts::xxxx5262:assumed-role/xxxx/xxxx]
7.81 [extra781] Check if Amazon Elasticsearch Service (ES) domains has encryption at-rest enabled - es [Medium]
FAIL! sa-east-1: Amazon ES domain test-es does not have encryption at-rest enabled
7.82 [extra782] Check if Amazon Elasticsearch Service (ES) domains has node-to-node encryption enabled - es [Medium]
FAIL! sa-east-1: Amazon ES domain test-es does not have node-to-node encryption enabled
7.83 [extra783] Check if Amazon Elasticsearch Service (ES) domains has enforce HTTPS enabled - es [Medium]
PASS! sa-east-1: Amazon ES domain test-es has enforce HTTPS enabled
7.84 [extra784] Check if Amazon Elasticsearch Service (ES) domains internal user database enabled - es [Medium]
PASS! sa-east-1: Amazon ES domain test-es does not have internal user database enabled
7.85 [extra785] Check if Amazon Elasticsearch Service (ES) domains have updates available - es [Low]
PASS! sa-east-1: Amazon ES domain test-es vOpenSearch_1.1 does not have have updates available |
Checks related to Opensearch/ElasticSearch.
lazize
changed the title
Checks related to Opensearch/ElasticSearch.
jfagoagas
added
status/waiting-for-revision
toniblyx
approved these changes
Feb 17, 2022
toniblyx
changed the title
toniblyx
approved these changes
Feb 28, 2022
toniblyx
approved these changes
Feb 28, 2022
toniblyx
approved these changes
Feb 28, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
AWS CLI query was return wrong information.
Missing error handling.
Description
Please include a summary of the change and which issue is fixed. List any dependencies that are required for this change.
Fix CLI query and add error handling.
Checks:
Fix issue #989
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.