Merge pull request #108 from kuettai/main

Bug fixes on GuardDuty checked, and MFA Enabled Checks
aws-samples · May 22, 2024 · f8bd58d · f8bd58d
2 parents 70193bb + 35f0c85
commit f8bd58d
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 37 deletions.
diff --git a/info.json b/info.json
@@ -1 +1 @@
-{"apigateway": 9, "cloudfront": 8, "cloudtrail": 18, "cloudwatch": 18, "dynamodb": 24, "ec2": 54, "efs": 3, "eks": 7, "elasticache": 10, "guardduty": 4, "iam": 37, "kms": 4, "lambda": 15, "opensearch": 22, "rds": 82, "redshift": 9, "s3": 16}
+{"apigateway": 9, "cloudfront": 8, "cloudtrail": 18, "cloudwatch": 18, "dynamodb": 24, "ec2": 54, "efs": 3, "eks": 7, "elasticache": 10, "guardduty": 4, "iam": 37, "kms": 4, "lambda": 15, "opensearch": 22, "rds": 82, "redshift": 9, "s3": 16}
diff --git a/services/dashboard/DashboardPageBuilder.py b/services/dashboard/DashboardPageBuilder.py
@@ -145,7 +145,7 @@ def buildContentDetail_dashboard(self):
 
         output.append(self.generateRowWithCol(size=6, items=items, rowHtmlAttr="data-context='chartCount'"))
 
-        output.append("<h6>Report generated at <u>{}</u>, timezone setting: {}</h6>".format(datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"), datetime.datetime.now().tzname()))
+        output.append("<h6>Report generated at <u>{}</u>, timezone setting: {}</h6>".format(datetime.datetime.now(datetime.timezone.utc).strftime("%Y-%m-%d %H:%M:%S"), 'UTC'))
         return output
 
     def getDashboardCategoryTiles(self, key, cnt):

diff --git a/services/ec2/Ec2.py b/services/ec2/Ec2.py
@@ -408,18 +408,18 @@ def advise(self):
 
         # EC2 instance checks
         instances = self.getResources()
-        for instance in instances:
-            instanceData = instance['Instances'][0]
-            print('... (EC2) inspecting ' + instanceData['InstanceId'])
-            obj = Ec2Instance(instanceData,self.ec2Client, self.cwClient)
-            obj.run(self.__class__)
-
-            objs[f"EC2::{instanceData['InstanceId']}"] = obj.getInfo()
-
-            ## Gather SecGroups in dict first to prevent check same sec groups multiple time
-            instanceSG = self.getEC2SecurityGroups(instanceData)
-            for group in instanceSG:
-                secGroups[group['GroupId']] = group
+        for instanceArr in instances:
+            for instanceData in instanceArr['Instances']:
+                print('... (EC2) inspecting ' + instanceData['InstanceId'])
+                obj = Ec2Instance(instanceData,self.ec2Client, self.cwClient)
+                obj.run(self.__class__)
+                
+                objs[f"EC2::{instanceData['InstanceId']}"] = obj.getInfo()
+                
+                ## Gather SecGroups in dict first to prevent check same sec groups multiple time
+                instanceSG = self.getEC2SecurityGroups(instanceData)
+                for group in instanceSG:
+                    secGroups[group['GroupId']] = group
 
         #EBS checks
         volumes = self.getEBSResources()

diff --git a/services/iam/Iam.py b/services/iam/Iam.py
@@ -23,7 +23,7 @@ def __init__(self, region):
             'orgClient': ssBoto.client('organizations'),
             'accClient': ssBoto.client('account', config=self.bConfig),
             'sppClient': ssBoto.client('support', config=self.bConfig),
-            'gdClient': ssBoto.client('guardduty', config=self.bConfig),
+            # 'gdClient': ssBoto.client('guardduty', config=self.bConfig),
             'budgetClient': ssBoto.client('budgets', config=self.bConfig),
             'curClient': ssBoto.client('cur', config=self.bConfig),
             'ctClient': ssBoto.client('cloudtrail', config=self.bConfig)

diff --git a/services/iam/drivers/IamAccount.py b/services/iam/drivers/IamAccount.py
@@ -20,7 +20,7 @@ def __init__(self, none, awsClients, users, roles, ssBoto):
         self.iamClient = awsClients['iamClient']
         self.accClient = awsClients['accClient']
         self.sppClient = awsClients['sppClient']
-        self.gdClient = awsClients['gdClient']
+        # self.gdClient = awsClients['gdClient']
         self.budgetClient = awsClients['budgetClient']
         self.orgClient = awsClients['orgClient']
 
@@ -169,11 +169,24 @@ def _checkHasExternalProvider(self):
             self.results['hasExternalIdentityProvider'] = [-1, '']
 
     def _checkHasGuardDuty(self):
-        resp = self.gdClient.list_detectors()
-        if 'DetectorIds' in resp:
-            ids = resp.get('DetectorIds')
-            if len(ids) > 0:
-                return
+        ssBoto = self.ssBoto
+        regions = Config.get("REGIONS_SELECTED")
+
+        results = {}
+        badResults = []
+        cnt = 0
+        for region in regions:
+            if region == 'GLOBAL':
+                continue
+
+            conf = bConfig(region_name = region)
+            gdClient = ssBoto.client('guardduty', config=conf)
+
+            resp = self.gdClient.list_detectors()
+            if 'DetectorIds' in resp:
+                ids = resp.get('DetectorIds')
+                if len(ids) > 0:
+                    return
 
         self.results["enableGuardDuty"] = [-1, ""]
 

diff --git a/services/iam/drivers/IamUser.py b/services/iam/drivers/IamUser.py
@@ -1,4 +1,4 @@
-import boto3
+import boto3, botocore
 import datetime
 from dateutil.tz import tzlocal
 
@@ -16,9 +16,9 @@ def __init__(self, user, iamClient):
 
     def _checkHasMFA(self):
         xkey = "rootMfaActive" if self.user['user'] == "<root_account>" else "mfaActive"
-        if self.user['mfa_active'] == 'false':
+        if self.user['mfa_active'] == 'false' and (self.user['user'] == "<root_account>" or self.user['password_enabled'] == 'true'):
             self.results[xkey] = [-1, 'Inactive']
-
+            
     def _checkConsoleLastAccess(self):
         key = ''
 
@@ -52,25 +52,31 @@ def _checkUserInGroup(self):
         if user == '<root_account>':
             return
 
-        resp = self.iamClient.list_groups_for_user(UserName = user)
-        groups = resp.get('Groups')
-        if not groups:
-            self.results['userNotUsingGroup'] = [-1, '-']
-
+        try:
+            resp = self.iamClient.list_groups_for_user(UserName = user)
+            groups = resp.get('Groups')
+            if not groups:
+                self.results['userNotUsingGroup'] = [-1, '-']
+        except botocore.exceptions.ClientError as e:
+            print(e.response['Error']['Code'], e.response['Error']['Message'])
+
     def _checkUserPolicy(self):
         user = self.user['user']
         if user == '<root_account>':
             return
 
         ## Managed Policy   
-        resp = self.iamClient.list_attached_user_policies(UserName = user)
-        policies = resp.get('AttachedPolicies')
-        self.evaluateManagePolicy(policies) ## code in iam_common.class.php
-
-        ## Inline Policy
-        resp = self.iamClient.list_user_policies(UserName = user)
-        inlinePolicies = resp.get('PolicyNames')
-        self.evaluateInlinePolicy(inlinePolicies, user, 'user')
+        try:
+            resp = self.iamClient.list_attached_user_policies(UserName = user)
+            policies = resp.get('AttachedPolicies')
+            self.evaluateManagePolicy(policies) ## code in iam_common.class.php
+
+            ## Inline Policy
+            resp = self.iamClient.list_user_policies(UserName = user)
+            inlinePolicies = resp.get('PolicyNames')
+            self.evaluateInlinePolicy(inlinePolicies, user, 'user')
+        except botocore.exceptions.ClientError as e:
+            print(e.response['Error']['Code'], e.response['Error']['Message'])
 
     def _checkAccessKeyRotate(self):
         user = self.user
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"apigateway": 9, "cloudfront": 8, "cloudtrail": 18, "cloudwatch": 18, "dynamodb": 24, "ec2": 54, "efs": 3, "eks": 7, "elasticache": 10, "guardduty": 4, "iam": 37, "kms": 4, "lambda": 15, "opensearch": 22, "rds": 82, "redshift": 9, "s3": 16}
		{"apigateway": 9, "cloudfront": 8, "cloudtrail": 18, "cloudwatch": 18, "dynamodb": 24, "ec2": 54, "efs": 3, "eks": 7, "elasticache": 10, "guardduty": 4, "iam": 37, "kms": 4, "lambda": 15, "opensearch": 22, "rds": 82, "redshift": 9, "s3": 16}