def main():
""" main function """
parser = argparse.ArgumentParser(
description='this is to get IP address for lynis audit only')
parser.add_argument(
'-aip',
'--audit_ip',
help=
'The IP for which lynis Audit needs to be done .... by default tries root/Administrator if username not provided'
)
parser.add_argument(
'-u',
'--user_name',
help='The username of the user to be logged in,for a specific user')
parser.add_argument('-pem',
'--pem_file',
help='The pem file to access to AWS instance')
parser.add_argument('-p',
'--password',
action='store_true',
dest='password',
help='hidden password prompt')
parser.add_argument('-env',
'--environment',
help='The cloud on which the test-suite is to be run',
choices=['aws', 'gcp', 'azure'],
required=True)
parser.add_argument(
'-pId',
'--project_name',
help='Project Name for which GCP Audit needs to be run')
args = parser.parse_args()
if args.password:
password = getpass()
if args.environment == 'gcp':
from modules import gcpaudit
if not args.project_name:
print("Please pass project name for the GCP Audit")
print("Exiting !!!")
exit(0)
else:
gcpaudit.gcp_audit(args.project_name)
elif args.environment == 'aws':
from modules import awsaudit
from modules import merger
from modules import localaudit
if args.audit_ip:
if not (args.user_name):
args.user_name = None
if not (args.pem_file):
args.pem_file = None
if not (args.password):
password = None
localaudit.local_audit(args.audit_ip, args.user_name,
args.pem_file, password)
exit(0)
else:
awsaudit.aws_audit()
merger.merge()
exit(0)
elif args.environment == 'azure':
from modules import azureaudit
azureaudit.azure_audit()
def main():
""" main function """
parser = argparse.ArgumentParser(description='this is to get IP address for lynis audit only')
parser.add_argument('-env', '--environment', required=True, help='The cloud on which the test-suite is to be run',
choices=['aws', 'gcp', 'azure'])
parser.add_argument('-aip', '--audit_ip', required=False, help='The IP for which lynis Audit needs to be done .... by default tries root/Administrator if username not provided')
parser.add_argument('-u', '--user_name', required=False, help='The username of the user to be logged in,for a specific user')
parser.add_argument('-pem', '--pem_file', required=False, help='The pem file to access to AWS instance')
parser.add_argument('-p', '--password', required=False, action='store_true', dest='password', help='hidden password prompt')
parser.add_argument('-pId', '--project_id', help='Project ID for which GCP Audit needs to be run. Can be retrivied using `gcloud projects list`')
parser.add_argument('-az_u', '--azure_user', required=False, help='username of azure account, optionally used if you want to run the azure audit with no user interaction.')
parser.add_argument('-az_p', '--azure_pass', required=False, help='username of azure password, optionally used if you want to run the azure audit with no user interaction.')
parser.add_argument('-o', '--output', required=False, default="cs-audit.log", help='writes a log in JSON of an audit, ideal for consumptions into SIEMS like ELK and Splunk. Defaults to cs-audit.log')
parser.add_argument("-w", "--wipe", required=False, default=False, action='store_true',
help="rm -rf reports/ folder before executing an audit")
parser.add_argument('-n', '--number', required=False, help='Retain number of report to store for a particular environment and user/project.')
args = parser.parse_args()
# set up logging
log = logger.setup_logging(args.output, "INFO")
log.info("starting cloud security suite v1.0")
if args.number and args.wipe == True:
print("Warning you can't use -w or -n flag at same time")
exit(1)
elif args.number:
try:
int(args.number)
except Exception as _:
print("Please provide a number for -n option only. ")
print("EXITTING!!")
exit(1)
if args.password:
password = getpass()
if args.wipe:
log.info("wiping reports/ folder before running")
rm.rm("reports/")
if args.environment == 'gcp':
from modules import gcpaudit
if not args.project_id:
print ("Please pass project ID for the GCP Audit")
print ("Exiting !!!")
exit(0)
else:
log.info("running gcp audit")
gcpaudit.gcp_audit(args.project_id)
log.info("completed gcp audit")
elif args.environment == 'aws':
from modules import awsaudit
from modules import merger
from modules import localaudit
if args.audit_ip:
if not(args.user_name):
args.user_name = None
if not(args.pem_file):
args.pem_file = None
if not(args.password):
password = None
log.info("running aws local audit")
localaudit.local_audit(args.audit_ip, args.user_name, args.pem_file, password)
log.info("completed aws local audit")
exit(0)
else:
log.info("running aws audit")
awsaudit.aws_audit()
merger.merge()
log.info("completed aws audit")
elif args.environment == 'azure':
if args.azure_user and args.azure_pass:
print("using azure credentials passed via cli")
subprocess.call(['az', 'login', '-u', args.azure_user, '-p', args.azure_pass])
else:
print("azure authentication required")
subprocess.call(['az', 'login'])
log.info("running azure audit")
from modules import azureaudit
azureaudit.azure_audit()
log.info("completed azure audit")
if args.number > 0 and args.wipe == False:
from modules import retainnumberofreports
retainnumberofreports.retain_reports(args.environment, int(args.number))
exit(0)