示例#1
0
def stop_instances(ec2_client):
  instance_logs = [ time.ctime() + ' Stop all instances' ]
  try:
    instances = helpers.get_running_instances(ec2_client)
  except Exception as err:
    instance_logs.append(time.ctime() + ' No running instances.')
    return helpers.save_logs(instance_logs, 'EC2 stop log: ')
  for instance in instances:
    instance_logs.append(time.ctime() + ' ' + str(instance))
    try:
      instance_logs.append(time.ctime() + ' ' + str(helpers.stop_instance(ec2_client, instance['InstanceId'])))
    except Exception as err:
      instance_logs.append(time.ctime() + ' ' + str(err))
  helpers.save_logs(instance_logs, 'EC2 stop log: ')
示例#2
0
def unlock_nacls(ec2_client):
  nacl_logs = [ time.ctime() + ' Unlock Network Access Control List' ]
  nacls = ec2_client.describe_network_acls()['NetworkAcls']
  for nacl in nacls:
    nacl_logs.append(time.ctime() + ' ' + str(nacl))
    try:
      nacl_logs.append(time.ctime() + ' ' + str(helpers.delete_nacl_entry(ec2_client, True, nacl['NetworkAclId'], 1)))
    except Exception as err:
      nacl_logs.append(time.ctime() + ' ' + str(err))
    try:
      nacl_logs.append(time.ctime() + ' ' + str(helpers.delete_nacl_entry(ec2_client, False, nacl['NetworkAclId'], 2)))
    except Exception as err:
      nacl_logs.append(time.ctime() + ' ' + str(err))
  helpers.save_logs(nacl_logs, 'NACL log: ')
示例#3
0
def capture_ssm(ec2_client, ssm_client, ssm_command, ssm_document_name, ssm_document_body):
  ssm_logs = [ time.ctime() + ' SSM capture running processes and system memory' ]
  try:
    instances = helpers.get_running_instances(ec2_client)
  except Exception as err:
    ssm_logs.append(time.ctime() + ' No running instances.')
    return helpers.save_logs(ssm_logs, 'SSM log: ')
  try:
    ssm_logs.append(time.ctime() + ' ' + str(helpers.ssm_make_document(ssm_client, ssm_command, ssm_document_name, ssm_document_body)))
  except Exception as err:
    ssm_logs.append(time.ctime() + ' ' + str(err))
  for instance in instances:
    ssm_logs.append(time.ctime() + ' ' + str(instance))
    try:
      ssm_logs.append(time.ctime() + ' ' + helpers.ssm_exec_document(ssm_client, instance['InstanceId'], ssm_document_name))
    except Exception as err:
      ssm_logs.append(time.ctime() + ' ' + str(err))
  return helpers.save_logs(ssm_logs, 'SSM log: ')
示例#4
0
def lockdown_s3(s3_client):
  s3_logs = [ time.ctime() + ' Lockdown S3 buckets' ]
  try:
    buckets = helpers.get_buckets(s3_client)
  except Exception as err:
    s3_logs.append(time.ctime() + ' ' + str(err))
  for bucket in [ bucket['Name'] for bucket in buckets ]:
    s3_logs.append(time.ctime() + ' ' + bucket)
    try:
      s3_logs.append(time.ctime() + ' ' + str(s3_client.put_bucket_acl(Bucket=bucket, ACL='private')))
    except Exception as err:
      s3_logs.append(time.ctime() + ' ' + str(err))
  return helpers.save_logs(s3_logs, 'S3 log: ')
示例#5
0
def unlock_iam(iam_client, account_id, policy_name, users, roles, user_name):
  policy_logs = [ time.ctime() + ' Unlock IAM Users and Roles' ]
  for user in users:
    policy_logs.append(time.ctime() + ' ' + str(user))
    if user['UserName'] != user_name:
      try:
        policy_logs.append(time.ctime() + ' ' + str(helpers.detach_user_policy(iam_client, user['UserName'], helpers.get_policy_arn(account_id, policy_name))))
      except Exception as err:
        policy_logs.append(time.ctime() + ' ' + str(err))
  for role in roles:
    if helpers.check_aws_roles(role['RoleName']):
      policy_logs.append(time.ctime() + ' ' + str(role))
      try:
        policy_logs.append(time.ctime() + ' ' + str(helpers.detach_role_policy(iam_client, role['RoleName'], helpers.get_policy_arn(account_id, policy_name))))
      except Exception as err:
        policy_logs.append(time.ctime() + ' ' + str(err))
  policy_logs.append(time.ctime() + ' ' + policy_name + ' ' + account_id)
  try:
    policy_logs.append(time.ctime() + ' ' + str(helpers.delete_deny_policy(iam_client, helpers.get_policy_arn(account_id, policy_name))))
  except Exception as err:
    policy_logs.append(time.ctime() + ' ' + str(err))
  helpers.save_logs(policy_logs, 'IAM policy log: ')
示例#6
0
def lockdown_iam(iam_client, account_id, policy_name, users, roles, user_name):
  policy_logs = [ time.ctime() + ' Lockdown IAM Users and Roles' ]
  deny_policy = helpers.create_deny_policy(iam_client, account_id, policy_name)
  for user in users:
    if user['UserName'] != user_name:
      policy_logs.append(time.ctime() + ' ' + str(user))
      try:
        policy_logs.append(time.ctime() + ' ' + str(helpers.attach_user_policy(iam_client, user['UserName'], deny_policy['Arn'])))
      except Exception as err:
        policy_logs.append(time.ctime() + ' ' + str(err))
  for role in roles:
    if helpers.check_aws_roles(role['RoleName']):
      policy_logs.append(time.ctime() + ' ' + str(role))
      try:
        policy_logs.append(time.ctime() + ' ' + str(helpers.attach_role_policy(iam_client, role['RoleName'], deny_policy['Arn'])))
      except Exception as err:
        policy_logs.append(time.ctime() + ' ' + str(err))
  return helpers.save_logs(policy_logs, 'IAM policy log: ')
示例#7
0
def verify_admin_user(iam_client, user_name):
  admin_logs = [ time.ctime() + ' ' + str(helpers.verify_admin_user(iam_client, user_name)) ]
  return helpers.save_logs(admin_logs, 'ADMIN verify log: ')
示例#8
0
def lookup_audit_logs(cloudtrail_client, ec2_client):
  audit_logs = [ time.ctime() + ' Lookup Cloudtrail and Flowlogs locations' ]
  audit_logs.extend([ time.ctime() + ' Cloudtrail logs S3 Bucket: ' + trail['S3BucketName'] for trail in cloudtrail_client.describe_trails()['trailList'] ])
  audit_logs.append(time.ctime() + ' ' + str(ec2_client.describe_flow_logs()))
  helpers.save_logs(audit_logs, 'AUDIT log: ')