« Previous 1 2 3
Prowling AWS
Snooping Around
Breaking and Entering
The README file offers some other useful options in the examples I shamelessly repeat and show in this section.
If you ever want to check one of the tests individually, use:
$ ./prowler -c check32
After the first Prowler run to make sure it runs correctly, then a handy tip is to spend some time looking through the benchmarks listed earlier to figure out what you might need to audit against, instead of running through all the many checks.
It's also not such a bad idea if you find the check numbers from the Prowler output and focus on specific areas to speed up your report generation time. Just delimit your list of checks with commas after the -c
switch.
Additionally, use the -E
command switch
$ ./prowler -E check17,check24
to run Prowler against lots of checks while excluding only a few.
Lookin' Oh So Pretty
As you'd expect, Prowler produces a nicely formatted text file for your auditing report, but harking back to the pip
command earlier, you might remember that you also installed the ansi2html
package, which allows the mighty Prowler to produce HTML by piping the output of your results:
$ ./prowler | ansi2html -la > prowler-audit.html
Similarly, you can output to JSON or CSV with the -M
switch:
$ ./prowler -M json > prowler-audit.json
Just change json
to csv
(in the file name, too) if you prefer a CSV file.
The well-written Prowler docs also offer a nice example of saving a report to an S3 bucket:
$ ./prowler -M json | aws s3 cp - s3://your-bucket/prowler-audit.json
Finally, if you've worked with security audits before, you'll know that reaching an agreed level of compliance is the norm; therefore if, for example, you only needed to meet the requirements of CIS Benchmark Level 1, you could ask Prowler to focus on those checks only:
$ ./prowler -g cislevel1 If you want to check against multiple AWS accounts at once, then refer to the README file for a clever one-line command that runs Prowler across your accounts in parallel. A useful bootstrap script is offered, as well, to help you set up your AWS credentials via the AWS client and run Prowler, so it's definitely worth a read.
Additionally, a nice troubleshooting section looks at common errors and the use of multifactor authentication (MFA). Suffice it to say that the README file is comprehensive, easy to follow, and puts some other documentation to shame.
The End Is Nigh
Prowler boasts a number of checks that other tools miss, has thorough and considered documentation, and is a lightweight and reliable piece of software. I prefer the HTML reports, but running the JSON through the jq
program is also useful for easy-to-read output.
Having scratched the surface of this clever open source tool, I trust you'll be tempted to do the same and to keep an eye on your security issues in an automated fashion.
Infos
- Prowler: https://github.com/toniblyx/prowler
- CIS: https://www.cisecurity.org
- AWS Security Blog: https://aws.amazon.com/blogs/security/tag/cis-aws-foundations-benchmark/
- Prowler README: https://github.com/toniblyx/prowler/blob/master/README.md
- GDPR: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
- HIPAA: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
- Toni de la Fuente: https://blyx.com
- Git: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git
- Linux package managers: https://packaging.python.org/guides/installing-using-linux-tools
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.