Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

License

NotificationsYou must be signed in to change notification settings

SecurityFTW/cs-suite

Repository files navigation

Usage

usage: cs.py [-h] -env {aws,gcp,azure,digitalocean} -aip AUDIT_IP -u USER_NAME -pem             PEM_FILE [-p] [-pId PROJECT_ID] [-az_u AZURE_USER]             [-az_p AZURE_PASS] [-o OUTPUT] [-w] [-n NUMBER]this is to get IP address for lynis audit onlyoptional arguments:  -h, --help            show this help message and exit  -env {aws,gcp,azure,digitalocean}, --environment {aws,gcp,azure,digitalocean}                        The cloud on which the test-suite is to be run  -aip AUDIT_IP, --audit_ip AUDIT_IP                        The IP for which lynis Audit needs to be done .... by                        default tries root/Administrator if username not                        provided  -u USER_NAME, --user_name USER_NAME                        The username of the user to be logged in,for a                        specific user  -pem PEM_FILE, --pem_file PEM_FILE                        The pem file to access to AWS instance  -p, --password        hidden password prompt  -pId PROJECT_ID, --project_id PROJECT_ID                        Project ID for which GCP Audit needs to be run. Can be                        retrivied using `gcloud projects list`  -az_u AZURE_USER, --azure_user AZURE_USER                        username of azure account, optionally used if you want                        to run the azure audit with no user interaction.  -az_p AZURE_PASS, --azure_pass AZURE_PASS                        username of azure password, optionally used if you                        want to run the azure audit with no user interaction.  -o OUTPUT, --output OUTPUT                        writes a log in JSON of an audit, ideal for                        consumptions into SIEMS like ELK and Splunk. Defaults                        to cs-audit.log  -w, --wipe            rm -rf reports/ folder before executing an audit  -n, --number          Retain number of report to store for a particular                         environment and user/project.

Requirements

  • Operating SystemOSX orLinux only
  • python 2.7
  • pip
  • git
  • jq
  • gcc (for sshpass installation (OS Audit). Not a mandatory pre-requisite)
  • AWS Audit - AWS ReadOnly Keys
  • GCP Audit - gcloud setup
  • Azure Audit - Azure user read-only access
  • DigitalOcean Audit - DigitalOcean API key and SPACES access_key and access_secret

Installation

(in order to avoid missing with the already installed python libraries)

  • get projectgit clone https://github.com/SecurityFTW/cs-suite.git && cd cs-suite/
  • installvirtualenvpip install virtualenv
  • create a python 2.7 local enviromentvirtualenv -p python2.7 venv
  • activate the virtual enviromentsource venv/bin/activate
  • install project dependenciespip install -r requirements.txt
  • run the tool viapython cs.py --help

AWS Configuration

  • In AWS create a IAM user with at least the following policyarn:aws:iam::aws:policy/ReadOnlyAccess
  • In your localinstall aws clibrew install awsclifor OSX
  • Configure AWS cliaws configure

GCP Configuration

Azure Configuration

  • signup and have logged in already toazure.microsoft.com
  • install azure CLIbrew install az
  • authenticate the azure cliaz login, you should see your subscription type if it was successful, simiarly to the response below:
[  {    "cloudName": "AzureCloud",    "id": "xxxxx-5595-4da5-bc27-xxxeeee",    "isDefault": true,    "name": "Free Trial",    "state": "Enabled",    "tenantId": "xxxxx-18e9-41a4-961b-xxxxx",    "user": {      "name": "customer@email.com",      "type": "user"    }  }]

DigitalOcean Configuration

  • create Personal Access Tokens and Spaces Access keyscloud.digitalocean.com
  • set the credentials by running export

export DO_KEY=*********************

export DO_ACCESS_KEY=*******************

export DO_SECRET_KEY=****************************

Running cs-suite

To run AWS Audit - python cs.py -env awsTo run GCP Audit - python cs.py -env gcp -pId <project_name>To run Azure Audit - python cs.py -env azureTo run DigitalOcean Audit - python cs.py -env digitalocean

  • The final report will be available inreports directory

  • The final AWS Audit report looks like below:

AWS Audit report

  • The final GCP Audit report looks like below:

GCP Audit report

Docker Setup

  • Create a local directoryaws withcredentials andconfig files

  • Theconfig file looks like below

$ cat aws/config[default]output = jsonregion = us-east-1
  • Thecredentials file looks like below
$ cat aws/credentials[default]aws_access_key_id = XXXXXXXXXXXXXXXaws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX

Note: This tool requiresarn:aws:iam::aws:policy/ReadOnlyAccess IAM policy

  • Then run the follwing docker command to start (passing your specific enviroment)
docker run -v `pwd`/aws:/root/.aws -v `pwd`/reports:/app/reports securityftw/cs-suite -env aws

Documentation

https://securityftw.github.io

Thanks

[8]ページ先頭
©2009-2025 Movatter.jp