prowler
prowler copied to clipboard
prowler-cloud
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness....
### Description Add 9 checks of Kubernetes RBAC service: > [rbac_cluster_admin_usage] Ensure that the cluster-admin role is only used where required - RBAC [high] [rbac_minimize_csr_approval_access] Minimize access to the approval...
### Description Add 10 checks of Kubernetes Kubelet service: ``` [kubelet_authorization_mode] Ensure that the kubelet --authorization-mode argument is not set to AlwaysAllow - kubelet [high] [kubelet_client_ca_file_set] Ensure that the kubelet...
### Description Add all checks for Kubernetes etcd: > [etcd_client_cert_auth] Ensure that the --client-cert-auth argument is set to true for etcd - etcd [high] > [etcd_no_auto_tls] Ensure that the --auto-tls...
### Description Add all checks for Kubernetes Controller Manager: > [controllermanager_bind_address] Ensure that the --bind-address argument is set to 127.0.0.1 - controller-manager [medium] > [controllermanager_root_ca_file_set] Ensure that the --root-ca-file argument...
### Steps to Reproduce If a security group is assigned only on a lambda function, prowlers thinks that is unused and rises an alert. ### Expected behavior Prowler should detect...
### Description Add new 10 Kubernetes ApiServer checks: > [apiserver_no_always_admit_plugin] Ensure that the admission control plugin AlwaysAdmit is not set - apiserver [high] > [apiserver_no_token_auth_file] Ensure that the --token-auth-file parameter...
### Description Add new 10 Kubernetes ApiServer checks: > [apiserver_client_ca_file_set] Ensure that the --client-ca-file argument is set as appropriate - apiserver [high] > [apiserver_deny_service_external_ips] Ensure that the DenyServiceExternalIPs is set...
### Description Add new 9 Kubernetes ApiServer checks: > [apiserver_always_pull_images_plugin] Ensure that the admission control plugin AlwaysPullImages is set - apiserver [medium] > [apiserver_anonymous_requests] Ensure that the --anonymous-auth argument is...
### New feature motivation Similar to the secrets checks for the other services (lambda/ec2/ecs/etc), more checks can be implemented ### Solution Proposed Elastic Beanstalk: * Configuration files (.ebextensions) used for...
### Context Improved UI for prowler 4.0 Currently only supports the AWS provider. ### Description Switched from using alive_progress bar to using Rich to display the UI I wanted to...
Metadata
Owner
Metadata
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness....