2.11.0
版本发布时间: 2022-07-21 17:20:09
prowler-cloud/prowler最新发布版本:4.3.7(2024-09-24 03:55:00)
Steve Harris, founder and bass guitar of Iron Maiden 🤘🏽 wrote this song when he lost his father, lyrics and music is beautiful. This release is for those that always look forward and only look back to be thankful and learn. Also this song and version is to thanks my Prowler brothers @jfagoagas, @n4ch04, @sergargar and @drewkerrigan, they are working as beasts every day to make this piece of software better and building something awesome with Prowler underneath called Prowler Pro.
For all of you that have contributed to this version (see list below), thank you ❤️!!! And reach out to me on Twitter (@toniblyx - DMs are open) if you want some laptop stickers.
🔥Important changes in this version (read this!):
- 14 New checks covering Directory Service, IAM, S3, Workspaces, AppStream and ECR:
7.181 [extra7181] Directory Service monitoring with CloudWatch logs - ds [Medium]
7.182 [extra7182] Directory Service SNS Notifications - ds [Medium]
7.183 [extra7183] Directory Service LDAP Certificates expiration - ds [Medium]
7.184 [extra7184] Directory Service Manual Snapshot Limit - ds [Low]
7.185 [extra7185] Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation - iam [High]
7.186 [extra7186] Check S3 Account Level Public Access Block - s3 [High]
7.187 [extra7187] Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements - workspaces [High]
7.188 [extra7188] Ensure Radius server in DS is using the recommended security protocol - ds [Medium]
7.189 [extra7189] Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS - ds [Medium]
7.190 [extra7190] Ensure user maximum session duration is no longer than 10 hours. - appstream [Medium]
7.191 [extra7191] Ensure session disconnect timeout is set to 5 minutes or less. - appstream [Medium]
7.192 [extra7192] Ensure session idle disconnect timeout is set to 10 minutes or less. - appstream [Medium]
7.193 [extra7193] Ensure default Internet Access from your Amazon AppStream fleet streaming instances should remain unchecked. - appstream [Medium]
7.194 [extra7194] Check if ECR repositories have lifecycle policies enabled - ecr [Low]
-
New beta feature called Prowler Quick Inventory, run
./prowler -i
and tell us how it works for you. More information here: https://github.com/prowler-cloud/prowler#inventory -
Look at the new IAM check
extra7185
that will help you find IAM customer managed policies that may lead into privilege escalation. -
Now you can send findings directly to a PostgreSQL DB. More here https://github.com/prowler-cloud/prowler#database-providers-connector.
-
We have refactored the whole core to improve how everything is put together, that is helping us to write the new v3 in python.
New features:
- feat(check) Directory Service by @lemelop in https://github.com/prowler-cloud/prowler/pull/1164
- feat(check): PublicAccessBlockConfiguration by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1167
- feat(check): Amazon WorkSpaces storage volumes are encrypted by @rajarshidas in https://github.com/prowler-cloud/prowler/pull/1166
- feat(inventory): Prowler quick inventory including IAM resources by @toniblyx in https://github.com/prowler-cloud/prowler/pull/1258
- feat(ecr_lifecycle): Check Lifecycle policy by @massyn in https://github.com/prowler-cloud/prowler/pull/1260
- feat(checks): New IAM privilege escalation check by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1168
- feat(codebuild_timeout): Increase codebuild timeout to maximum. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1192
- feat(db) Create a PostgreSQL connector for Prowler by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/1171
- feat(checks): Amazon AppStream checks by @rajarshidas in https://github.com/prowler-cloud/prowler/pull/1216
- feat(check): Ensure default internet access from Amazon AppStream fleet should be disabled. by @rajarshidas in https://github.com/prowler-cloud/prowler/pull/1233
- feat(dockerfile): Include psql client in the Prowler scanner image by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1238
- feat(db-connector): Support environment variables by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1236
- feat(inventory): Prowler quick inventory by @toniblyx in https://github.com/prowler-cloud/prowler/pull/1245
Enhancements:
- feat(output): Consolidate prowler output functions by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/1180
- refactor(Prowler): Main logic refactor by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1189
- feat(extra7185): Update severity of check extra7185 by @sergargar in https://github.com/prowler-cloud/prowler/pull/1178
- feat(actions): Trigger by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1209
- feat(check): Directory Service - Ensure Radius server is using the recommended security protocol by @rajarshidas in https://github.com/prowler-cloud/prowler/pull/1203
- docs(readme): Update inventory and checks by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1257
- feat(check7164): 365 days or more in a Cloudwatch log retention should be consider PASS by @bcarranza in https://github.com/prowler-cloud/prowler/pull/1240
Fixes:
- fix(extra767): Remove false positive for check_extra767 by @zsecducna in https://github.com/prowler-cloud/prowler/pull/1198
- fix(update_deprecate_runtimes): Deprecated runtimes for lambda were updated. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1170
- fix(runtimes_extra762): Detect nodejs versions correctly. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1177
- fix(SQS_encryption_type): Add SQS encryption types to extra728. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1175
- fix(typo): Max session duration error message by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1179
- fix(apigateway_iam): Error handling and permissions for extra745. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1176
- fix(assume_role): Use date instead of jq by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1181
- fix(check119_remediation): Update check remediation text. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1185
- fix(codebuild_update): AWS CLI and permissions update. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1183
- fix(extra7187): Remove commas from the metadata by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1187
- fix(outputs): Replace each comma occurrence before sending to csv file by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/1188
- fix(shellcheck): Main variables by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1194
- fix(session_duration): Use jq with TZ=UTC by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1195
- fix(instance-metadata): Credentials recovering by @sergargar in https://github.com/prowler-cloud/prowler/pull/1207
- fix(actions): Dockerfile path by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1208
- fix(junit_xml output): Fix xml output integration. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1210
- fix(instance metadata): missing raw flag in jq parser by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/1214
- fix(shub_fails): Treat failed findings as failed in SHub. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1219
- fix(extra7162): Query AWS log groups using LOG_GROUP_RETENTION_PERIOD_DAYS by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1232
- fix(backupInitialAWSCredentials): Do nothing if no initial creds by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1239
- fix(postgres): Fix postgres connector issues. by @sergargar in https://github.com/prowler-cloud/prowler/pull/1244
- fix(add-checks-regions): Missing regions in checks by @sergargar in https://github.com/prowler-cloud/prowler/pull/1247
- fix(Dockerfile): Prowler path by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/1254
- fix(apigatewayv2): handle BadRequestException by @sergargar in https://github.com/prowler-cloud/prowler/pull/1261
- fix(codebuild): expired token error by @sergargar in https://github.com/prowler-cloud/prowler/pull/1262
- fix(extra7173): Correct check and alternative name by @vigah in https://github.com/prowler-cloud/prowler/pull/1270
- docs(readme): Fix spelling by @r8bhavneet in https://github.com/prowler-cloud/prowler/pull/1271
- docs(readme): Fix spelling errors by @andsiu https://github.com/prowler-cloud/prowler/pull/1274
- fix(ci): Remove
yum check-update
by @jfagoagas https://github.com/prowler-cloud/prowler/pull/1275
New Contributors
- @lemelop made their first contribution in https://github.com/prowler-cloud/prowler/pull/1164
- @rajarshidas made their first contribution in https://github.com/prowler-cloud/prowler/pull/1166
- @zsecducna made their first contribution in https://github.com/prowler-cloud/prowler/pull/1198
- @bcarranza made their first contribution in https://github.com/prowler-cloud/prowler/pull/1240
- @massyn made their first contribution in https://github.com/prowler-cloud/prowler/pull/1260
- @vigah made their first contribution in https://github.com/prowler-cloud/prowler/pull/1270
- @r8bhavneet made their first contribution in https://github.com/prowler-cloud/prowler/pull/1271
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.10.0...2.11.0