1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen


A command line security audit tool for Amazon Web Services

About
Cloud Security Audit is a command line tool that scans for vulnerabilities in your AWS Account. In easy way you will be able to identify unsecure parts of your infrastructure and prepare your AWS account for security audit.

Installation
Currently Cloud Security Audit does not support any package managers, but the work is in progress.

Building from sources
First of all you need to download Cloud Security Audit to your GO workspace:
$GOPATH $ go get github.com/Appliscale/cloud-security-audit
$GOPATH $ cd cloud-security-audit
Then build and install configuration for the application inside cloud-security-audit directory by executing:
cloud-security-audit $ make all

Usage

Initialising Session
If you're using MFA you need to tell Cloud Security Audit to authenticate you before trying to connect by using flag --mfa. Example:
$ cloud-security-audit --service s3 --mfa --mfa-duration 3600

EC2 Scan

How to use
To perform audit on all EC2 instances, type:
$ cloud-security-audit --service ec2
You can narrow the audit to a region, by using the flag -r or --region. Cloud Security Audit also supports AWS profiles - to specify profile use the flag -p or --profile.

Example output
+---------------+---------------------+--------------------------------+-----------------------------------+----------+
| AVAILABILITY | EC2 | VOLUMES | SECURITY | |
| | | | | EC2 TAGS |
| ZONE | | (NONE) - NOT ENCRYPTED | GROUPS | |
| | | | | |
| | | (DKMS) - ENCRYPTED WITH | (INCOMING CIDR = 0.0.0.0/0) | |
| | | DEFAULT KMSKEY | | |
| | | | ID : PROTOCOL : PORT | |
+---------------+---------------------+--------------------------------+-----------------------------------+----------+
| eu-central-1a | i-0fa345j6756nb3v23 | vol-0a81288qjd188424d[DKMS] | sg-aaaaaaaa : tcp : 22 | App:some |
| | | vol-0c2834re8dfsd8sdf[NONE] | sg-aaaaaaaa : tcp : 22 | Key:Val |
+---------------+---------------------+--------------------------------+-----------------------------------+----------+

How to read it
  1. First column AVAILABILITY ZONE contains information where the instance is placed
  2. Second column EC2 contains instance ID.
  3. Third column Volumes contains IDs of attached volumes(virtual disks) to given EC2. Suffixes meaning:
    • [NONE] - Volume not encrypted.
    • [DKMS] - Volume encrypted using AWS Default KMS Key. More about KMS you can find here
  4. Fourth column Security Groups contains IDs of security groups that have too open permissions. e.g. CIDR block is equal to 0.0.0.0/0(open to the whole world).
  5. Fifth column EC2 TAGS contains tags of a given EC2 instance to help you identify purpose of this instance.

Docs
You can find more information about encryption in the following documentation:
  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

S3 Scan

How to use
To perform audit on all S3 buckets, type:
$ cloud-security-audit --service s3
Cloud Security Audit supports AWS profiles - to specify profile use the flag -p or --profile.

Example output
+------------------------------+---------+---------+-------------+------------+
| BUCKET NAME | DEFAULT | LOGGING | ACL | POLICY |
| | | | | |
| | SSE | ENABLED | IS PUBLIC | IS PUBLIC |
| | | | | |
| | | | R - READ | R - READ |
| | | | | |
| | | | W - WRITE | W - WRITE |
| | | | | |
| | | | D - DELETE | D - DELETE |
+------------------------------+---------+---------+-------------+------------+
| bucket1 | NONE | true | false | false |
+------------------------------+---------+---------+-------------+------------+
| bucket2 | DKMS | false | false | true [R] |
+------------------------------+---------+---------+-------------+------------+
| bucket3 | AES256 | false | true [RWD] | false |
+--------------------------- --+---------+---------+-------------+------------+

How to read it
  1. First column BUCKET NAME contains names of the s3 buckets.
  2. Second column DEFAULT SSE gives you information on which default type of server side encryption was used in your S3 bucket:
  • NONE - Default SSE not enabled.
  • DKMS - Default SSE enabled, AWS KMS Key used to encrypt data.
  • AES256 - Default SSE enabled, AES256.
  1. Third column LOGGING ENABLED contains information if Server access logging was enabled for a given S3 bucket. This provides detailed records for the requests that are made to an S3 bucket. More information about Server Access Logging can be found here
  2. Fourth column ACL IS PUBLIC provides information if ACL (Access Control List) contains permissions, that make the bucket public (allow read/writes for anyone). More information about ACLs here
  3. Fifth column POLICY IS PUBLIC contains information if bucket's policy allows any action (read/write) for an anonymous user. More about bucket policies here R, W and D letters describe what type of action is available for everyone.

Docs
You can find more about securing your S3's in the following documentations:
  1. https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
  2. https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
  3. https://docs.aws.amazon.com/AmazonS3/latest/user-guide/server-access-logging.html

License
Apache License 2.0

Maintainers


...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services






Ähnliche Beiträge

  • 1. Azure Marketplace new offers – Volume 26 vom 626.57 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big Da
  • 2. Azure Marketplace new offers – Volume 26 vom 626.57 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. During September and October, 149 new consulting offers successfully met the onboarding criteria and went live. See details of the new offers below: Consulting Services   1-Day Big Da
  • 3. DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool vom 613.07 Punkte ic_school_black_18dp
    DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array o
  • 4. Azure Marketplace new offers – Volume 28 vom 503.35 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 17 to November 30, 2018, 80 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CloudflareAz
  • 5. Azure Marketplace new offers – Volume 27 vom 341.13 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. From November 1 to November 16, 2018, 61 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Virtual machines CIS Ubuntu L
  • 6. TWC9: Happy New Year, Trill Goes Open Source, .NET Updates, Tech Ranked and more | This Week On Channel 9 vom 336.06 Punkte ic_school_black_18dp
    It's 2019 and Christina and TWC9 are back from trip/vacation hiatus, here with the latest dev news, including: [00:38] Microsoft Ignite: The Tour continues to go full speed ahead in January, with stops in Toronto, Singapore, Tel Aviv, and Milan! [01:12] The CsharpFritz 2018 Year in Review - Jeff's insights on Twitch streaming are great! [1:37] .Net Foundation December Update and also check out all of t
  • 7. TWC9: VS Code Updates, Microsoft and Oracle, GitHub Desktop 2.0, Xbox Body Wash and more | This Week On Channel 9 vom 277.49 Punkte ic_school_black_18dp
    This Week on Channel 9, Christina is back from international travel and a few days off (WE WERE NOT CANCELED), is sporting her Rocket t-shirt and is ready got get into the week's latest dev news, including: [00:35] Insider Dev Tour [01:17] Microso
  • 8. TWC9: .NET Core 3.0 Preview 8, Visual Studio Previews, GitHub Actions for Azure and more | This Week On Channel 9 vom 269.24 Punkte ic_school_black_18dp
    This week on Channel 9, Christina is coming to terms with the end of summer by getting caught up with the latest dev news, including: [00:31] Microsoft Ignite Registration [01:06] .NET Core 3.0 Preview 8 [01:49] Visual Studio 2019 16.3 Preview 2 and Visual Studio for Mac 8.3 Preview 2 [02:23] Xamarin Updates in Visual Studio 2019 and Visual Studio for Mac Preview [02:34] Tips and Tricks for Linux Develop
  • 9. Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services vom 261.45 Punkte ic_school_black_18dp
    A command line security audit tool for Amazon Web ServicesAboutCloud Security Audit is a command line tool that scans for vulnerabilities in your AWS Account. In easy way you will be able to identify unsecure parts of your infrastructure and prepare your AWS account for security audit.InstallationCurrently Cloud Security Audit does not support any package managers, bu
  • 10. TWC9: Microsoft Edge for Windows 7 and 8, Docker for Windows Updates, Azure Bastion and more | This Week On Channel 9 vom 234.3 Punkte ic_school_black_18dp
    On #TWC9 This Week on Channel 9, Christina is in need of some nerdy shirt suggestions while also here for the latest developer news, including: [00:39] Microsoft Edge Preview Builds for Windows 7, 8, 8.1 and the direct download link. [01:50] Az
  • 11. Azure Marketplace new offers–Volume 40 vom 227.3 Punkte ic_school_black_18dp
    We continue to expand the Azure Marketplace ecosystem. For this volume, 212 new offers successfully met the onboarding criteria and went live. See details of the new offers below: Applications 2Care: 2CARE is a healthcare solution that easily captures th
  • 12. D-Link DGS-1510-28XMP bis 1.31 erweiterte Rechte [CVE-2017-6205] vom 224.37 Punkte ic_school_black_18dp
    Es wurde eine kritische Schwachstelle in D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 sowie DGS-1510-20 bis 1.31 gefunden. Hiervon betroffen ist eine unbekannte Funktion. Durch die Manipulation mit einer unb