Prowler 2.11.0 - Blood Brothers

And if you're taking a walk through the garden of life
What do you think you'd expect you would see?
Just like a mirror reflecting the moves of your life
And in the river reflections of me

Steve Harris, founder and bass guitar of Iron Maiden 🤘🏽 wrote this song when he lost his father, lyrics and music is beautiful. This release is for those that always look forward and only look back to be thankful and learn. Also this song and version is to thanks my Prowler brothers @jfagoagas, @n4ch04, @sergargar and @drewkerrigan, they are working as beasts every day to make this piece of software better and building something awesome with Prowler underneath called Prowler Pro.

For all of you that have contributed to this version (see list below), thank you ❤️!!! And reach out to me on Twitter (@toniblyx - DMs are open) if you want some laptop stickers.

🔥Important changes in this version (read this!):

• 14 New checks covering Directory Service, IAM, S3, Workspaces, AppStream and ECR:

7.181 [extra7181] Directory Service monitoring with CloudWatch logs - ds [Medium]
7.182 [extra7182] Directory Service SNS Notifications - ds [Medium]
7.183 [extra7183] Directory Service LDAP Certificates expiration - ds [Medium]
7.184 [extra7184] Directory Service Manual Snapshot Limit - ds [Low]
7.185 [extra7185] Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation - iam [High]
7.186 [extra7186] Check S3 Account Level Public Access Block - s3 [High]
7.187 [extra7187] Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements - workspaces [High]
7.188 [extra7188] Ensure Radius server in DS is using the recommended security protocol - ds [Medium]
7.189 [extra7189] Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS - ds [Medium]
7.190 [extra7190] Ensure user maximum session duration is no longer than 10 hours. - appstream [Medium]
7.191 [extra7191] Ensure session disconnect timeout is set to 5 minutes or less. - appstream [Medium]
7.192 [extra7192] Ensure session idle disconnect timeout is set to 10 minutes or less. - appstream [Medium]
7.193 [extra7193] Ensure default Internet Access from your Amazon AppStream fleet streaming instances should remain unchecked. - appstream [Medium]
7.194 [extra7194] Check if ECR repositories have lifecycle policies enabled - ecr [Low]

• New beta feature called Prowler Quick Inventory, run ./prowler -i and tell us how it works for you. More information here: https://github.com/prowler-cloud/prowler#inventory
  
  

• Look at the new IAM check extra7185 that will help you find IAM customer managed policies that may lead into privilege escalation.

• Now you can send findings directly to a PostgreSQL DB. More here https://github.com/prowler-cloud/prowler#database-providers-connector.

• We have refactored the whole core to improve how everything is put together, that is helping us to write the new v3 in python.

New features:

• feat(check) Directory Service by @lemelop in #1164
• feat(check): PublicAccessBlockConfiguration by @jfagoagas in #1167
• feat(check): Amazon WorkSpaces storage volumes are encrypted by @rajarshidas in #1166
• feat(inventory): Prowler quick inventory including IAM resources by @toniblyx in #1258
• feat(ecr_lifecycle): Check Lifecycle policy by @massyn in #1260
• feat(checks): New IAM privilege escalation check by @jfagoagas in #1168
• feat(codebuild_timeout): Increase codebuild timeout to maximum. by @sergargar in #1192
• feat(db) Create a PostgreSQL connector for Prowler by @n4ch04 in #1171
• feat(checks): Amazon AppStream checks by @rajarshidas in #1216
• feat(check): Ensure default internet access from Amazon AppStream fleet should be disabled. by @rajarshidas in #1233
• feat(dockerfile): Include psql client in the Prowler scanner image by @jfagoagas in #1238
• feat(db-connector): Support environment variables by @jfagoagas in #1236
• feat(inventory): Prowler quick inventory by @toniblyx in #1245

Enhancements:

• feat(output): Consolidate prowler output functions by @n4ch04 in #1180
• refactor(Prowler): Main logic refactor by @jfagoagas in #1189
• feat(extra7185): Update severity of check extra7185 by @sergargar in #1178
• feat(actions): Trigger by @jfagoagas in #1209
• feat(check): Directory Service - Ensure Radius server is using the recommended security protocol by @rajarshidas in #1203
• docs(readme): Update inventory and checks by @jfagoagas in #1257
• feat(check7164): 365 days or more in a Cloudwatch log retention should be consider PASS by @bcarranza in #1240

Fixes:

• fix(extra767): Remove false positive for check_extra767 by @zsecducna in #1198
• fix(update_deprecate_runtimes): Deprecated runtimes for lambda were updated. by @sergargar in #1170
• fix(runtimes_extra762): Detect nodejs versions correctly. by @sergargar in #1177
• fix(SQS_encryption_type): Add SQS encryption types to extra728. by @sergargar in #1175
• fix(typo): Max session duration error message by @jfagoagas in #1179
• fix(apigateway_iam): Error handling and permissions for extra745. by @sergargar in #1176
• fix(assume_role): Use date instead of jq by @jfagoagas in #1181
• fix(check119_remediation): Update check remediation text. by @sergargar in #1185
• fix(codebuild_update): AWS CLI and permissions update. by @sergargar in #1183
• fix(extra7187): Remove commas from the metadata by @jfagoagas in #1187
• fix(outputs): Replace each comma occurrence before sending to csv file by @n4ch04 in #1188
• fix(shellcheck): Main variables by @jfagoagas in #1194
• fix(session_duration): Use jq with TZ=UTC by @jfagoagas in #1195
• fix(instance-metadata): Credentials recovering by @sergargar in #1207
• fix(actions): Dockerfile path by @jfagoagas in #1208
• fix(junit_xml output): Fix xml output integration. by @sergargar in #1210
• fix(instance metadata): missing raw flag in jq parser by @n4ch04 in #1214
• fix(shub_fails): Treat failed findings as failed in SHub. by @sergargar in #1219
• fix(extra7162): Query AWS log groups using LOG_GROUP_RETENTION_PERIOD_DAYS by @jfagoagas in #1232
• fix(backupInitialAWSCredentials): Do nothing if no initial creds by @jfagoagas in #1239
• fix(postgres): Fix postgres connector issues. by @sergargar in #1244
• fix(add-checks-regions): Missing regions in checks by @sergargar in #1247
• fix(Dockerfile): Prowler path by @jfagoagas in #1254
• fix(apigatewayv2): handle BadRequestException by @sergargar in #1261
• fix(codebuild): expired token error by @sergargar in #1262
• fix(extra7173): Correct check and alternative name by @vigah in #1270
• docs(readme): Fix spelling by @r8bhavneet in #1271
• docs(readme): Fix spelling errors by @andsiu #1274
• fix(ci): Remove yum check-update by @jfagoagas #1275

New Contributors

• @lemelop made their first contribution in #1164
• @rajarshidas made their first contribution in #1166
• @zsecducna made their first contribution in #1198
• @bcarranza made their first contribution in #1240
• @massyn made their first contribution in #1260
• @vigah made their first contribution in #1270
• @r8bhavneet made their first contribution in #1271

Full Changelog: 2.10.0...2.11.0