2.6.0
版本发布时间: 2021-11-12 19:10:01
prowler-cloud/prowler最新发布版本:4.3.7(2024-09-24 03:55:00)
Prowler 2.6.0 - Phantom
This release name is in honor to Phantom of the Opera, one of my favorite songs and a master piece of 🔥Iron Maiden🔥. It starts by "I've been lookin' so long for you now" like looking for security issues, isn't it? 🤘🏼 Enjoy it here while reading the rest of this note.
Important changes in this version:
- CIS level parameter (ITEM_LEVEL) has been reverted to the csv, json and html outputs (it was removed in 2.5), CIS Scored is not added since it is not relevant in the global Prowler reports. dd398a9
- Security Hub integration has been fixed due to a conflict with duplicated findings in the management account by @xeroxnir
- 12 New checks!! Thanks to @kbgoll05, @qumei, @georgie969, @ShubhamShah11, @jarrettandrulis, @dsensibaugh, @ShubhamShah11, @ManuelUgarte, @tekdj7: Now there are a total of 207. See below for details.
- Known issues, please review https://github.com/toniblyx/prowler/issues?q=is%3Aissue+is%3Aopen+label%3Abug.
- Now there is a Discord server for Prowler available, check it out in README.md.
- There is a maintained Docker Hub repo for Prowler and AWS ECR public repo as well. See badges in README.md for details.
- See below new features for more details of new cool stuff in this version.
New Features:
- 12 New checks for efs, redshift, elb, dynamodb, route53, cloiudformation, elb and apigateway:
7.148 [extra7148] Check if EFS File systems have backup enabled - efs [Medium]
7.149 [extra7149] Check if Redshift Clusters have automated snapshots enabled - redshift [Medium]
7.150 [extra7150] Check if Elastic Load Balancers have deletion protection enabled - elb [Medium]
7.151 [extra7151] Check if DynamoDB tables point-in-time recovery (PITR) is enabled - dynamodb [Medium]
7.152 [extra7152] Enable Privacy Protection for for a Route53 Domain - route53 [Medium]
7.153 [extra7153] Enable Transfer Lock for a Route53 Domain - route53 [Medium]
7.154 [extra7154] Enable termination protection for Cloudformation Stacks - cloudformation [MEDIUM]
7.155 [extra7155] Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode - elb [MEDIUM]
7.156 [extra7156] Checks if API Gateway V2 has Access Logging enabled - apigateway [Medium]
7.157 [extra7157] Check if API Gateway V2 has configured authorizers - apigateway [Medium]
7.158 [extra7158] Check if ELBV2 has listeners underneath - elb [Medium]
7.159 [extra7159] Check if ELB has listeners underneath - elb [Medium]
- New checks group FTR (AWS Foundational Technical Review) by @jfagoagas
- New feature added flags
Z
to control if Prowler returns exit code 3 on a failed check by @Kirizan in https://github.com/toniblyx/prowler/pull/865 - New Prowler Terraform Kickstarter by @singergs
- New way to deploy Prowler at Organizational level with serverless by @bella-kwon
- New feature: adding the ability to provide a file for checks
-C
to be ran by @Kirizan in https://github.com/toniblyx/prowler/pull/891
Enhancements:
- Enhanced scoring when only INFO is detected
- Enhanced ignore archived findings in GuardDuty for check extra7139 by @chbiel in https://github.com/toniblyx/prowler
- /pull/851
- Updated prowler-codebuild-role name for CFN StackSets name length limit by @varunirv in https://github.com/toniblyx/prowler/pull/846
- Added feature to allow role ARN while using -R parameter by @mmuller88 in https://github.com/toniblyx/prowler/pull/860
- Updated documentation regarding a confusion with the
-q
option (issue #884) by @w0rmr1d3r in https://github.com/toniblyx/prowler/pull/890
Fixes:
- Fixed extra737 remove false positives due to policies with condition by @rinaudjaws in https://github.com/toniblyx/prowler/pull/849
- Fixed title, remediation and doc link for check extra768 by @w0rmr1d3r in https://github.com/toniblyx/prowler/pull/853
- Fixed typo in risk description for check29 by @kamiryo in https://github.com/toniblyx/prowler/pull/858
- Fixed bug in extra784 by @tayivan-sg in https://github.com/toniblyx/prowler/pull/856
- Fixed support policy arn in check120 by @hersh86 in https://github.com/toniblyx/prowler/pull/862
- Fixed typo and HTTP capitalisation in extra7142 by @acknosyn in https://github.com/toniblyx/prowler/pull/863
- Fixed Security Hub conflict with duplicated findings in the management account #711 by @xeroxnir in https://github.com/toniblyx/prowler/pull/873
- Fixed doc reference link in check23 @FallenAtticus by @FallenAtticus in https://github.com/toniblyx/prowler/pull/864
- Fixed duplicated region in textFail message for extra741 by @pablopagani in https://github.com/toniblyx/prowler/pull/880
- Updated parts from check7152 accidentally left in by @jarrettandrulis in https://github.com/toniblyx/prowler/pull/895
- Fix check extra734 about S3 buckets default encryption with StringNotEquals by @rustic in https://github.com/toniblyx/prowler/pull/896
- Fix Shodan typo in -h usage text by @jfagoagas in https://github.com/toniblyx/prowler/pull/899
- Fixed typo in README.md by @bevel-zgates in https://github.com/toniblyx/prowler/pull/908
New Contributors
- @varunirv made their first contribution in https://github.com/toniblyx/prowler/pull/846
- @rinaudjaws made their first contribution in https://github.com/toniblyx/prowler/pull/849
- @chbiel made their first contribution in https://github.com/toniblyx/prowler/pull/851
- @tayivan-sg made their first contribution in https://github.com/toniblyx/prowler/pull/856
- @bella-kwon made their first contribution in https://github.com/toniblyx/prowler/pull/857
- @mmuller88 made their first contribution in https://github.com/toniblyx/prowler/pull/860
- @hersh86 made their first contribution in https://github.com/toniblyx/prowler/pull/862
- @acknosyn made their first contribution in https://github.com/toniblyx/prowler/pull/863
- @FallenAtticus made their first contribution in https://github.com/toniblyx/prowler/pull/864
- @georgie969 made their first contribution in https://github.com/toniblyx/prowler/pull/866
- @ManuelUgarte made their first contribution in https://github.com/toniblyx/prowler/pull/869
- @jarrettandrulis made their first contribution in https://github.com/toniblyx/prowler/pull/875
- @ShubhamShah11 made their first contribution in https://github.com/toniblyx/prowler/pull/877
- @dsensibaugh made their first contribution in https://github.com/toniblyx/prowler/pull/889
- @rustic made their first contribution in https://github.com/toniblyx/prowler/pull/896
- @zqumei0 made their first contribution in https://github.com/toniblyx/prowler/pull/894
- @bevel-zgates made their first contribution in https://github.com/toniblyx/prowler/pull/908
Full Changelog: https://github.com/toniblyx/prowler/compare/2.5.0...2.6.0
Thank you all for your contributions, Prowler community is awesome! 🥳