usage: cs.py [-h] [-aip AUDIT_IP] [-u USER_NAME] [-pem PEM_FILE] [-p] -env
{aws,gcp,azure} [-pId PROJECT_NAME] [-o OUTPUT] [-w]
this is to get IP address for lynis audit only
optional arguments:
-h, --help show this help message and exit
-aip AUDIT_IP, --audit_ip AUDIT_IP
The IP for which lynis Audit needs to be done .... by
default tries root/Administrator if username not
provided
-u USER_NAME, --user_name USER_NAME
The username of the user to be logged in,for a
specific user
-pem PEM_FILE, --pem_file PEM_FILE
The pem file to access to AWS instance
-p, --password hidden password prompt
-env {aws,gcp,azure}, --environment {aws,gcp,azure}
The cloud on which the test-suite is to be run
-pId PROJECT_NAME, --project_name PROJECT_NAME
Project Name for which GCP Audit needs to be run
-o OUTPUT, --output OUTPUT
writes a log in JSON of an audit, ideal for
consumptions into SIEMS like ELK and Splunk. Defaults
to cs-audit.log
-w, --wipe rm -rf reports/ folder before executing an audit
- Operating System OSX or Linux only
- python 2.7
- pip
- git
- jq
- gcc (for sshpass installation (OS Audit). Not a mandatory pre-requisite)
- AWS Audit - AWS ReadOnly Keys
- GCP Audit - gcloud setup
- Azure Audit - Azure user read-only access
(in order to avoid missing with the already installed python libraries)
- get project
git clone https://github.com/SecurityFTW/cs-suite.git && cd cs-suite/ - install virtualenv
pip install virtualenv - create a python 2.7 local enviroment
virtualenv -p python2.7 venv - activate the virtual enviroment
source venv/bin/activate - install project dependencies
pip install -r requirements.txt - run the tool via
python cs.py --help
- In AWS create a IAM user with at least the following policy
arn:aws:iam::aws:policy/ReadOnlyAccess - In your local install aws cli
brew install awsclifor OSX - Configure AWS cli
aws configure
- create a project in GCP
- enable the Cloud resource manager API
- create a service account, download its key JSON and place it on the root of this project (example
cs-suite/keyfile.json) - set GOOGLE_APPLICATION_CREDENTIALS enviromental variable to you keyfile.json path
export GOOGLE_APPLICATION_CREDENTIALS=~/cs-suite/keyfile.json - Install google cloud sdk
- configure google clound sdk
gcloud init
- signup and have logged in already to azure.microsoft.com
- install azure CLI
brew install az - authenticate the azure cli
az login, you should see your subscription type if it was successful, simiarly to: ``` [ { "cloudName": "AzureCloud", "id": "xxxxx-5595-4da5-bc27-xxxeeee", "isDefault": true, "name": "Free Trial", "state": "Enabled", "tenantId": "xxxxx-18e9-41a4-961b-xxxxx", "user": { "name": "[email protected]", "type": "user" } } ]
## Running cs-suite
```bash
To run AWS Audit - python cs.py -env aws
To run GCP Audit - python cs.py -env gcp -pId <project_name>
To run Azure Audit - python cs.py -env azure
-
The final report will be available in
reportsdirectory -
The final AWS Audit report looks like below:
- The final GCP Audit report looks like below:
-
Create a local directory
awswithcredentialsandconfigfiles -
The
configfile looks like below
$ cat aws/config
[default]
output = json
region = us-east-1
- The
credentialsfile looks like below
$ cat aws/credentials
[default]
aws_access_key_id = XXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXNote: This tool requires arn:aws:iam::aws:policy/ReadOnlyAccess IAM policy
- Then run the follwing docker command to start (passing your specific enviroment)
docker run -v `pwd`/aws:/root/.aws -v `pwd`/reports:/app/reports securityftw/cs-suite -env aws- Scout2 - https://github.com/nccgroup/Scout2
- Prowler - https://github.com/Alfresco/prowler
- Lunar - https://github.com/lateralblast/lunar
- Lynis - https://github.com/CISOfy/lynis
- G-Scout - https://github.com/nccgroup/G-Scout
- @alanrenouf - https://github.com/alanrenouf/Windows-Workstation-and-Server-Audit
- Ranjeet Sengar - https://github.com/sengar23
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent