コード例 #1
0
def run(args, config, start, end):
    """Perform the requested command"""
    use_color = args.use_color

    account = get_account(config['accounts'], args.account)

    if 'elasticsearch' in config:
        try:
            from cloudtracker.datasources.es import ElasticSearch
        except ImportError:
            exit(
                "Elasticsearch support not installed. Install with support via "
                "'pip install git+https://github.com/duo-labs/cloudtracker.git#egg=cloudtracker[es1]' for "
                "elasticsearch 1 support, or "
                "'pip install git+https://github.com/duo-labs/cloudtracker.git#egg=cloudtracker[es6]' for "
                "elasticsearch 6 support")
        datasource = ElasticSearch(config['elasticsearch'], start, end)
    else:
        logging.debug("Using Athena")
        from cloudtracker.datasources.athena import Athena
        datasource = Athena(config['athena'], account, start, end, args)

    # Read AWS actions
    aws_api_list = read_aws_api_list()

    # Read cloudtrail_supported_events
    global cloudtrail_supported_actions
    ct_actions_path = pkg_resources.resource_filename(
        __name__, "data/{}".format("cloudtrail_supported_actions.txt"))
    cloudtrail_supported_actions = {}
    with open(ct_actions_path) as f:
        lines = f.readlines()
    for line in lines:
        (service, event) = line.rstrip().split(":")
        cloudtrail_supported_actions[normalize_api_call(service, event)] = True

    account_iam = get_account_iam(account)

    if args.list:
        actor_type = args.list

        if actor_type == 'users':
            allowed_actors = get_allowed_users(account_iam)
            performed_actors = datasource.get_performed_users()
        elif actor_type == 'roles':
            allowed_actors = get_allowed_roles(account_iam)
            performed_actors = datasource.get_performed_roles()
        else:
            exit("ERROR: --list argument must be one of 'users' or 'roles'")

        print_actor_diff(performed_actors, allowed_actors, use_color)

    else:
        if args.destaccount:
            destination_account = get_account(config['accounts'],
                                              args.destaccount)
        else:
            destination_account = account

        destination_iam = get_account_iam(destination_account)

        search_query = datasource.get_search_query()

        if args.user:
            username = args.user

            user_iam = get_user_iam(username, account_iam)
            print("Getting info on {}, user created {}".format(
                args.user, user_iam['CreateDate']))

            if args.destrole:
                dest_role_iam = get_role_iam(args.destrole, destination_iam)
                print("Getting info for AssumeRole into {}".format(
                    args.destrole))

                allowed_actions = get_role_allowed_actions(
                    aws_api_list, dest_role_iam, destination_iam)
                performed_actions = datasource.get_performed_event_names_by_user_in_role(
                    search_query, user_iam, dest_role_iam)
            else:
                allowed_actions = get_user_allowed_actions(
                    aws_api_list, user_iam, account_iam)
                performed_actions = datasource.get_performed_event_names_by_user(
                    search_query, user_iam)
        elif args.role:
            rolename = args.role
            role_iam = get_role_iam(rolename, account_iam)
            print("Getting info for role {}".format(rolename))

            if args.destrole:
                dest_role_iam = get_role_iam(args.destrole, destination_iam)
                print("Getting info for AssumeRole into {}".format(
                    args.destrole))

                allowed_actions = get_role_allowed_actions(
                    aws_api_list, dest_role_iam, destination_iam)
                performed_actions = datasource.get_performed_event_names_by_role_in_role(
                    search_query, role_iam, dest_role_iam)
            else:
                allowed_actions = get_role_allowed_actions(
                    aws_api_list, role_iam, account_iam)
                performed_actions = datasource.get_performed_event_names_by_role(
                    search_query, role_iam)
        else:
            exit("ERROR: Must specify a user or a role")

        printfilter = {}
        printfilter['show_unknown'] = args.show_unknown
        printfilter['show_benign'] = args.show_benign
        printfilter['show_used'] = args.show_used

        print_diff(performed_actions, allowed_actions, printfilter, use_color)
コード例 #2
0
ファイル: __init__.py プロジェクト: danielpops/cloudtracker 
def run(args, config, start, end):
    """Perform the requested command"""
    use_color = args.use_color

    from cloudtracker.datasources.es import ElasticSearch
    datasource = ElasticSearch(config['elasticsearch'], start, end)

    account = get_account(config['accounts'], args.account)

    # Read AWS actions
    aws_api_list = read_aws_api_list()

    # Read cloudtrail_supported_events
    global cloudtrail_supported_actions
    cloudtrail_supported_actions = {}
    with open("cloudtrail_supported_actions.txt") as f:
        lines = f.readlines()
    for line in lines:
        (service, event) = line.rstrip().split(":")
        cloudtrail_supported_actions[normalize_api_call(service, event)] = True

    account_iam = get_account_iam(account)

    if args.list:
        actor_type = args.list

        if actor_type == 'users':
            allowed_actors = get_allowed_users(account_iam)
            performed_actors = datasource.get_performed_users()
        elif actor_type == 'roles':
            allowed_actors = get_allowed_roles(account_iam)
            performed_actors = datasource.get_performed_roles()
        else:
            exit("ERROR: --list argument must be one of 'users' or 'roles'")

        print_actor_diff(performed_actors, allowed_actors, use_color)

    else:
        if args.destaccount:
            destination_account = get_account(config['accounts'],
                                              args.destaccount)
        else:
            destination_account = account

        destination_iam = get_account_iam(destination_account)

        search_query = datasource.get_search_query()

        if args.user:
            username = args.user

            user_iam = get_user_iam(username, account_iam)
            print "Getting info on {}, user created {}".format(
                args.user, user_iam['CreateDate'])

            if args.destrole:
                dest_role_iam = get_role_iam(args.destrole, destination_iam)
                print "Getting info for AssumeRole into {}".format(
                    args.destrole)

                allowed_actions = get_role_allowed_actions(
                    aws_api_list, dest_role_iam, destination_iam)
                performed_actions = datasource.get_performed_event_names_by_user_in_role(
                    search_query, user_iam, dest_role_iam)
            else:
                allowed_actions = get_user_allowed_actions(
                    aws_api_list, user_iam, account_iam)
                performed_actions = datasource.get_performed_event_names_by_user(
                    search_query, user_iam)
        elif args.role:
            rolename = args.role
            role_iam = get_role_iam(rolename, account_iam)
            print "Getting info for role {}".format(rolename)

            if args.destrole:
                dest_role_iam = get_role_iam(args.destrole, destination_iam)
                print "Getting info for AssumeRole into {}".format(
                    args.destrole)

                allowed_actions = get_role_allowed_actions(
                    aws_api_list, dest_role_iam, destination_iam)
                performed_actions = datasource.get_performed_event_names_by_role_in_role(
                    search_query, role_iam, dest_role_iam)
            else:
                allowed_actions = get_role_allowed_actions(
                    aws_api_list, role_iam, account_iam)
                performed_actions = datasource.get_performed_event_names_by_role(
                    search_query, role_iam)
        else:
            exit("ERROR: Must specify a user or a role")

        printfilter = {}
        printfilter['show_unknown'] = args.show_unknown
        printfilter['show_benign'] = args.show_benign
        printfilter['show_used'] = args.show_used

        print_diff(performed_actions, allowed_actions, printfilter, use_color)