The aws-cis-scanner from adamcrosby

aws-cis-scanner's Issues

Change report output based on flag: text, JSON or HTML

Enable the scanner to be used in a pipeline and/or other situations (such as a cron job, or cgi).

Segfault when running on default region

Hi,

When running v1.1 on Ubuntu 16.04, it segfaults with the following error:

./aws-cis-scanner-linux-x64-v1.1
BucketRegionError: incorrect region, the bucket is not in 'ap-northeast-1' region
	status code: 301, request id:
BucketRegionError: incorrect region, the bucket is not in 'ap-northeast-1' region
	status code: 301, request id:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x491419]

goroutine 1 [running]:
panic(0x9c4bc0, 0xc42000a0a0)
	/usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/adamcrosby/aws-cis-scanner/benchmark.s3BucketPolicyChecks(0xc4200240b0, 0xc420443420, 0x1b, 0xaacf01)
	/Users/adam/code/golang/src/github.com/adamcrosby/aws-cis-scanner/benchmark/logging.go:203 +0x139
github.com/adamcrosby/aws-cis-scanner/benchmark.ensureS3LogsBucketNotPublic(0xc42043da70, 0x2, 0x2, 0xc4200240b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/Users/adam/code/golang/src/github.com/adamcrosby/aws-cis-scanner/benchmark/logging.go:152 +0x17e
github.com/adamcrosby/aws-cis-scanner/benchmark.LoggingChecks(0xc4200240d0, 0xc4200240c0, 0xc4200240b0, 0xc4200240a0, 0xc4200119b0, 0xc420024110)
	/Users/adam/code/golang/src/github.com/adamcrosby/aws-cis-scanner/benchmark/logging.go:52 +0x2b5
main.checkRegion(0xc4200119b0, 0xc420070c60, 0x0, 0x0, 0x0, 0xc42000bbd0, 0x0, 0x0, 0x0, 0x0, ...)
	/Users/adam/code/golang/src/github.com/adamcrosby/aws-cis-scanner/aws-cis-scanner.go:99 +0x4f3
main.main()
	/Users/adam/code/golang/src/github.com/adamcrosby/aws-cis-scanner/aws-cis-scanner.go:61 +0x2b9

When running with -r "eu-west-1", it completes within a second, without checking anything:

real	0m0.013s
user	0m0.008s
sys	0m0.004s

Suggestion on how to fix this? This tools surely looks nice!

Add 'notes' to each check for failure or success

Some of the checks would be useful to have notes on, such as 'security groups which allow port 22 from 0.0.0.0/0': print the name and info in a notes column.

Add isolated region support

GovCloud, Beijing and C2S regions need to be added as flags.

Need to verify if each of the regions even supports the services necessary. I might break this into 3 different issues to track each separately. I have no way of testing Beijing or C2S.

Add testing!

Right now there is no testing, and barely any error catching.
Add automated testing and test coverage.

Add multi-region support

The CIS benchmark has a few checks that require 'all' regions to be checked.

Add GovCloud support

Part of #1 requires special handling logic for GovCloud:

not all services exist (verify that CIS benchmark ones do)
only the one region needs to be checked for a govcloud account

Add support for Beijing (CN) region

Part of #1 requires special handling logic for Beijing Region:

not all services exist (verify that CIS benchmark ones do)
only the one region needs to be checked for a Beijing account

Need: someway to TEST this?

adamcrosby / aws-cis-scanner Goto Github PK

aws-cis-scanner's People

Contributors

Stargazers

Watchers

Forkers

aws-cis-scanner's Issues

Change report output based on flag: text, JSON or HTML

Segfault when running on default region

Add 'notes' to each check for failure or success

Add isolated region support

Add testing!

Add multi-region support

Add GovCloud support

Add support for Beijing (CN) region

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent