Exemple #1
0
    def run(self, *args, **kwargs):
        """Entry point for the scheduler

        Args:
            *args: Optional arguments
            **kwargs: Optional keyword arguments

        Returns:
            None
        """
        accounts = list(AWSAccount.get_all(include_disabled=False).values())

        # S3 Bucket config
        s3_acl = get_template('cloudtrail_s3_bucket_policy.json')
        s3_bucket_name = self.dbconfig.get('bucket_name', self.ns)
        s3_bucket_region = self.dbconfig.get('bucket_region', self.ns,
                                             'us-west-2')
        s3_bucket_account = AWSAccount.get(
            self.dbconfig.get('bucket_account', self.ns))
        CloudTrail.create_s3_bucket(s3_bucket_name, s3_bucket_region,
                                    s3_bucket_account, s3_acl)

        self.validate_sqs_policy(accounts)

        for account in accounts:
            ct = CloudTrail(account, s3_bucket_name, s3_bucket_region,
                            self.log)
            ct.run()
Exemple #2
0
    def create_sns_topic(self, region):
        """Creates an SNS topic if needed. Returns the ARN if the created SNS topic

        Args:
            region (str): Region name

        Returns:
            `str`
        """
        sns = self.session.client('sns', region_name=region)

        self.log.info('Creating SNS topic for {}/{}'.format(
            self.account, region))
        # Create the topic
        res = sns.create_topic(Name=self.topic_name)
        arn = res['TopicArn']

        # Allow CloudTrail to publish messages with a policy update
        tmpl = get_template('cloudtrail_sns_policy.json')
        policy = tmpl.render(region=region,
                             account_id=self.account.account_number,
                             topic_name=self.topic_name)
        sns.set_topic_attributes(TopicArn=arn,
                                 AttributeName='Policy',
                                 AttributeValue=policy)

        auditlog(event='cloudtrail.create_sns_topic',
                 actor=self.ns,
                 data={
                     'account': self.account.account_name,
                     'region': region
                 })

        return arn
Exemple #3
0
    def notify(self, notices):
        """Send notifications to the recipients provided

        Args:
            notices (:obj:`dict` of `str`: `list`): A dictionary mapping notification messages to the recipient.

        Returns:
            `None`
        """
        tmpl_html = get_template('required_tags_notice.html')
        tmpl_text = get_template('required_tags_notice.txt')
        for recipient, data in list(notices.items()):
            body_html = tmpl_html.render(data=data)
            body_text = tmpl_text.render(data=data)

            send_notification(subsystem=self.ns,
                              recipients=[recipient],
                              subject=self.email_subject,
                              body_html=body_html,
                              body_text=body_text)
Exemple #4
0
    def create_iam_role(self, account):
        """Create a new IAM role. Returns the ARN of the newly created role

        Args:
            account (:obj:`Account`): Account where to create the IAM role

        Returns:
            `str`
        """
        try:
            iam = self.session.client('iam')
            trust = get_template('vpc_flow_logs_iam_role_trust.json').render()
            policy = get_template('vpc_flow_logs_role_policy.json').render()

            newrole = iam.create_role(
                Path='/',
                RoleName=self.role_name,
                AssumeRolePolicyDocument=trust)['Role']['Arn']

            # Attach an inline policy to the role to avoid conflicts or hitting the Managed Policy Limit
            iam.put_role_policy(RoleName=self.role_name,
                                PolicyName='VpcFlowPolicy',
                                PolicyDocument=policy)

            self.log.debug('Created VPC Flow Logs role & policy for {}'.format(
                account.account_name))
            auditlog(event='vpc_flow_logs.create_iam_role',
                     actor=self.ns,
                     data={
                         'account': account.account_name,
                         'roleName': self.role_name,
                         'trustRelationship': trust,
                         'inlinePolicy': policy
                     })
            return newrole

        except Exception:
            self.log.exception(
                'Failed creating the VPC Flow Logs role for {}.'.format(
                    account))
Exemple #5
0
    def notify(self, notices):
        """Send notifications to the users via. the provided methods

        Args:
            notices (:obj:`dict` of `str`: `dict`): List of the notifications to send

        Returns:
            `None`
        """
        issues_html = get_template('unattached_ebs_volume.html')
        issues_text = get_template('unattached_ebs_volume.txt')

        for recipient, issues in list(notices.items()):
            if issues:
                message_html = issues_html.render(issues=issues)
                message_text = issues_text.render(issues=issues)

                send_notification(subsystem=self.name,
                                  recipients=[recipient],
                                  subject=self.subject,
                                  body_html=message_html,
                                  body_text=message_text)
Exemple #6
0
    def notify(self, new_issues, existing_issues, fixed_issues):
        """Send notifications (email, slack, etc.) for any issues that are currently open or has just been closed

        Args:
            new_issues (`list` of :obj:`DomainHijackIssue`): List of newly discovered issues
            existing_issues (`list` of :obj:`DomainHijackIssue`): List of existing open issues
            fixed_issues (`list` of `dict`): List of fixed issues

        Returns:
            None
        """
        if len(new_issues + existing_issues + fixed_issues) > 0:
            maxlen = max(len(x['properties']['source']) for x in (new_issues + existing_issues + fixed_issues)) + 2
            text_tmpl = get_template('domain_hijacking.txt')
            html_tmpl = get_template('domain_hijacking.html')
            issues_text = text_tmpl.render(
                new_issues=new_issues,
                existing_issues=existing_issues,
                fixed_issues=fixed_issues,
                maxlen=maxlen
            )
            issues_html = html_tmpl.render(
                new_issues=new_issues,
                existing_issues=existing_issues,
                fixed_issues=fixed_issues,
                maxlen=maxlen
            )

            try:
                send_notification(
                    subsystem=self.name,
                    recipients=[NotificationContact('email', addr) for addr in self.recipients],
                    subject=self.subject,
                    body_html=issues_html,
                    body_text=issues_text
                )
            except Exception as ex:
                self.log.exception('Failed sending notification email: {}'.format(ex))
Exemple #7
0
    def _init_saml_request(self):
        tmpl = get_template('saml_settings.json')
        config = tmpl.render(
            strict=str(self.dbconfig.get('strict', self.ns, True)).lower(),
            debug=str(self.dbconfig.get('debug', self.ns, False)).lower(),
            sp_entity_id=self.dbconfig.get('sp_entity_id', self.ns),
            sp_acs=self.dbconfig.get('sp_acs', self.ns),
            sp_sls=self.dbconfig.get('sp_sls', self.ns),
            idp_entity_id=self.dbconfig.get('idp_entity_id', self.ns),
            idp_ssos=self.dbconfig.get('idp_ssos', self.ns),
            idp_sls=self.dbconfig.get('idp_sls', self.ns),
            idp_x509cert=self.dbconfig.get('idp_x509cert', self.ns)
        )

        auth = OneLogin_Saml2_Auth(self.req, json.loads(config))
        auth.set_strict(False)
        return auth
Exemple #8
0
def _get_syslog_format(event_type):
    """Take an event type argument and return a python logging format

    In order to properly format the syslog messages to current standard, load the template and perform necessary
    replacements and return the string.

    Args:
        event_type (str): Event type name

    Returns:
        `str`
    """
    syslog_format_template = get_template('syslog_format.json')
    fmt = syslog_format_template.render(event_type=event_type,
                                        host=dbconfig.get('instance_name',
                                                          default='local'))

    # Load and redump string, to get rid of any extraneous whitespaces
    return json.dumps(json.loads(fmt))