Exemple #1
0
def main():
    """ main function """
    parser = argparse.ArgumentParser(
        description='this is to get IP address for lynis audit only')
    parser.add_argument(
        '-aip',
        '--audit_ip',
        help=
        'The IP for which lynis Audit needs to be done .... by default tries root/Administrator if username not provided'
    )
    parser.add_argument(
        '-u',
        '--user_name',
        help='The username of the user to be logged in,for a specific user')
    parser.add_argument('-pem',
                        '--pem_file',
                        help='The pem file to access to AWS instance')
    parser.add_argument('-p',
                        '--password',
                        action='store_true',
                        dest='password',
                        help='hidden password prompt')
    parser.add_argument('-env',
                        '--environment',
                        help='The cloud on which the test-suite is to be run',
                        choices=['aws', 'gcp', 'azure'],
                        required=True)
    parser.add_argument(
        '-pId',
        '--project_name',
        help='Project Name for which GCP Audit needs to be run')
    args = parser.parse_args()
    if args.password:
        password = getpass()

    if args.environment == 'gcp':
        from modules import gcpaudit
        if not args.project_name:
            print("Please pass project name for the GCP Audit")
            print("Exiting !!!")
            exit(0)
        else:
            gcpaudit.gcp_audit(args.project_name)

    elif args.environment == 'aws':
        from modules import awsaudit
        from modules import merger
        from modules import localaudit
        if args.audit_ip:
            if not (args.user_name):
                args.user_name = None
            if not (args.pem_file):
                args.pem_file = None
            if not (args.password):
                password = None
            localaudit.local_audit(args.audit_ip, args.user_name,
                                   args.pem_file, password)
            exit(0)
        else:
            awsaudit.aws_audit()
            merger.merge()
            exit(0)

    elif args.environment == 'azure':
        from modules import azureaudit
        azureaudit.azure_audit()
Exemple #2
0
def main():
    """ main function """
    parser = argparse.ArgumentParser(description='this is to get IP address for lynis audit only')
    parser.add_argument('-env', '--environment', required=True, help='The cloud on which the test-suite is to be run',
                        choices=['aws', 'gcp', 'azure'])
    parser.add_argument('-aip', '--audit_ip', required=False, help='The IP for which lynis Audit needs to be done .... by default tries root/Administrator if username not provided')
    parser.add_argument('-u', '--user_name', required=False, help='The username of the user to be logged in,for a specific user')
    parser.add_argument('-pem', '--pem_file', required=False, help='The pem file to access to AWS instance')
    parser.add_argument('-p', '--password', required=False, action='store_true', dest='password', help='hidden password prompt')
    parser.add_argument('-pId', '--project_id', help='Project ID for which GCP Audit needs to be run. Can be retrivied using `gcloud projects list`')
    parser.add_argument('-az_u', '--azure_user', required=False, help='username of azure account, optionally used if you want to run the azure audit with no user interaction.')
    parser.add_argument('-az_p', '--azure_pass', required=False, help='username of azure password, optionally used if you want to run the azure audit with no user interaction.')
    parser.add_argument('-o', '--output', required=False, default="cs-audit.log", help='writes a log in JSON of an audit, ideal for consumptions into SIEMS like ELK and Splunk. Defaults to cs-audit.log')
    parser.add_argument("-w", "--wipe", required=False, default=False, action='store_true',
                        help="rm -rf reports/ folder before executing an audit")
    parser.add_argument('-n', '--number', required=False, help='Retain number of report to store for a particular environment and user/project.')

    args = parser.parse_args()

    # set up logging
    log = logger.setup_logging(args.output, "INFO")

    log.info("starting cloud security suite v1.0")

    if args.number and args.wipe == True:
        print("Warning you can't use -w or -n flag at same time")
        exit(1)
    elif args.number:
        try:
           int(args.number)
        except Exception as _:
            print("Please provide a number for -n option only. ")
            print("EXITTING!!")
            exit(1)

    if args.password:
        password = getpass()

    
    if args.wipe:
        log.info("wiping reports/ folder before running")
        rm.rm("reports/")
    

    if args.environment == 'gcp':
        from modules import gcpaudit
        if not args.project_id:
            print ("Please pass project ID for the GCP Audit")
            print ("Exiting !!!")
            exit(0)
        else:
            log.info("running gcp audit")
            gcpaudit.gcp_audit(args.project_id)
            log.info("completed gcp audit")

    elif args.environment == 'aws':
        from modules import awsaudit
        from modules import merger
        from modules import localaudit
        if args.audit_ip:
            if not(args.user_name):
                args.user_name = None
            if not(args.pem_file):
                args.pem_file = None
            if not(args.password):
                password = None
            log.info("running aws local audit")
            localaudit.local_audit(args.audit_ip, args.user_name, args.pem_file, password)
            log.info("completed aws local audit")
            exit(0)
        else:
            log.info("running aws audit")
            awsaudit.aws_audit()
            merger.merge()
            log.info("completed aws audit")
        

    elif args.environment == 'azure':
        if args.azure_user and args.azure_pass:
            print("using azure credentials passed via cli")
            subprocess.call(['az', 'login', '-u', args.azure_user, '-p', args.azure_pass])
        else:
            print("azure authentication required")
            subprocess.call(['az', 'login'])
        log.info("running azure audit")
        from modules import azureaudit
        azureaudit.azure_audit()
        log.info("completed azure audit")


    if args.number > 0 and args.wipe == False:
        from modules import retainnumberofreports
        retainnumberofreports.retain_reports(args.environment, int(args.number))
        exit(0)