示例#1
0
def audit_iamuser(accounts, send_report):
    """ Runs auditors/iam_user """
    accounts = __prep_accounts__(accounts)
    au = IAMUserAuditor(accounts=accounts, debug=True)
    au.audit_all_objects()

    if send_report:
        report = au.create_report()
        au.email_report(report)

    au.save_issues()
    db.session.close()
示例#2
0
 def __init__(self, accounts=None, alert_accounts=None, debug=False):
     self.account_watchers = {}
     self.account_alerters = {}
     if not alert_accounts:
         alert_accounts = accounts
     for account in accounts:
         self.account_watchers[account] = [
             (SQS(accounts=[account], debug=debug), None),
             (ELB(accounts=[account], debug=debug), None),
             (IAMSSL(accounts=[account], debug=debug), None),
             (RDSSecurityGroup(accounts=[account], debug=debug),
              RDSSecurityGroupAuditor(accounts=[account], debug=debug)),
             (SecurityGroup(accounts=[account], debug=debug),
              SecurityGroupAuditor(accounts=[account], debug=debug)),
             (S3(accounts=[account],
                 debug=debug), S3Auditor(accounts=[account], debug=debug)),
             (IAMUser(accounts=[account], debug=debug),
              IAMUserAuditor(accounts=[account], debug=debug)),
             (IAMGroup(accounts=[account], debug=debug), None),
             (IAMRole(accounts=[account], debug=debug), None),
             (Keypair(accounts=[account], debug=debug), None),
             (SNS(accounts=[account],
                  debug=debug), SNSAuditor(accounts=[account], debug=debug))
         ]
         if account in alert_accounts:
             self.account_alerters[account] = Alerter(
                 watchers_auditors=self.account_watchers[account],
                 account=account)
def audit_iamuser(accounts, send_report):
    """ Runs auditors/iam_user """
    accounts = __prep_accounts__(accounts)
    au = IAMUserAuditor(accounts=accounts, debug=True)
    au.audit_all_objects()

    if send_report.lower() == 'true' or send_report == True:
        report = au.create_report()
        au.email_report(report)

    au.save_issues()
    db.session.close()
def find_iamuser_changes(accounts):
    """ Runs watchers/iamuser"""
    accounts = __prep_accounts__(accounts)
    cw = IAMUser(accounts=accounts, debug=True)
    (items, exception_map) = cw.slurp()
    cw.find_changes(current=items, exception_map=exception_map)

    # Audit these changed items
    items_to_audit = []
    for item in cw.created_items + cw.changed_items:
        iamuser_item = IAMUserItem(account=item.account, name=item.name, config=item.new_config)
        items_to_audit.append(iamuser_item)

    au = IAMUserAuditor(debug=True)
    au.audit_these_objects(items_to_audit)
    au.save_issues()

    cw.save()
    db.session.close()
示例#5
0
def find_iamuser_changes(accounts):
    """ Runs watchers/iamuser"""
    accounts = __prep_accounts__(accounts)
    cw = IAMUser(accounts=accounts, debug=True)
    (items, exception_map) = cw.slurp()
    cw.find_changes(current=items, exception_map=exception_map)

    # Audit these changed items
    items_to_audit = []
    for item in cw.created_items + cw.changed_items:
        iamuser_item = IAMUserItem(account=item.account, name=item.name, config=item.new_config)
        items_to_audit.append(iamuser_item)

    au = IAMUserAuditor(accounts=accounts, debug=True)
    au.audit_these_objects(items_to_audit)
    au.save_issues()

    cw.save()
    db.session.close()