search

DenizParlak / Zeus

AWS Auditing & Hardening Tool
http://www.denizparlak.com/?p=386
MIT License
707 stars 98 forks source link

MacOS Problemi #2

Open omarkurt opened 7 years ago

omarkurt commented 7 years ago

İlk kurulum mac'im de denedim tool'u, MacOS oldugunu anlıyor ama pip yüklü olmadığında bu cıktı veriyor?

Mesela şuan sistem de py2 var ve pip hiç kurulu değil.

Python : Python 2.7.10 (default, Feb 7 2017, 00:08:15)

Omars-Air:Zeus omarkurt$ ./zeus.sh
   ______     ______     __  __     ______
  /\___  \   /\  ___\   /\ \/\ \   /\  ___\ 
  \/_/  /__  \ \  __\   \ \ \_\ \  \ \___  \ 
    /\_____\  \ \_____\  \ \_____\  \/\_____\ 
    \/_____/   \/_____/   \/_____/   \/_____/ 

____________________________________________

AWS Auditing & Hardening Tool v1.0 ~

denizparlak@papilon.com.tr
twitter.com/_denizparlak

Zeus is starting at.. Wed Jul 5 17:28:01 +03 2017
____________________________________________

INFO: Operating System: MacOS

Avoid the use of the root account.
Result:

./zeus.sh: line 110: aws: command not found
./zeus.sh: line 111: aws: command not found
base64: invalid option -- d
Usage:  base64 [-hvD] [-b num] [-i in_file] [-o out_file]
  -h, --help     display this message
  -D, --decode   decodes input
  -b, --break    break encoded string into num character lines
  -i, --input    input file (default: "-" for stdin)
  -o, --output   output file (default: "-" for stdout)
IAM credential report file created as 'credential_reports.txt'

____________________________________________

Ensure MFA is enabled for all IAM users that have a console password.
Result:

./zeus.sh: line 129: aws: command not found
base64: invalid option -- d
Usage:  base64 [-hvD] [-b num] [-i in_file] [-o out_file]
  -h, --help     display this message
  -D, --decode   decodes input
  -b, --break    break encoded string into num character lines
  -i, --input    input file (default: "-" for stdin)
  -o, --output   output file (default: "-" for stdout)
MFA credential report file created as 'mfa_reports.txt'

____________________________________________

Ensure credentials unused for 90 days or greater are disabled.
Result:

./zeus.sh: line 147: aws: command not found
base64: invalid option -- d
Usage:  base64 [-hvD] [-b num] [-i in_file] [-o out_file]
  -h, --help     display this message
  -D, --decode   decodes input
  -b, --break    break encoded string into num character lines
  -i, --input    input file (default: "-" for stdin)
  -o, --output   output file (default: "-" for stdout)
OK
Password enabled for each user!

____________________________________________

Ensure access keys are rotated every 90 days or less.
Result:

./zeus.sh: line 170: aws: command not found
base64: invalid option -- d
Usage:  base64 [-hvD] [-b num] [-i in_file] [-o out_file]
  -h, --help     display this message
  -D, --decode   decodes input
  -b, --break    break encoded string into num character lines
  -i, --input    input file (default: "-" for stdin)
  -o, --output   output file (default: "-" for stdout)
Access keys rotate log file created as access_key.log

____________________________________________

Ensure IAM password policy requires at least one uppercase letter.
Result:

./zeus.sh: line 188: aws: command not found
OK
Uppercase letter force active!
____________________________________________

Ensure IAM password policy requires at least one lowercase letter.
Result:

./zeus.sh: line 215: aws: command not found
./zeus.sh: line 218: aws: command not found
OK
Lowercase letter force active!
____________________________________________

Ensure IAM password policy requires at least one symbol.
Result:

./zeus.sh: line 248: aws: command not found
OK
At least one symbol force active!
____________________________________________

Ensure IAM password policy requires at least one number.
Result:

./zeus.sh: line 278: aws: command not found
./zeus.sh: line 280: aws: command not found
OK
Number force active!
____________________________________________

Ensure IAM password policy requires minimum length of 14 or greater.
Result:

./zeus.sh: line 278: aws: command not found
./zeus.sh: line 280: aws: command not found
OK
Number force active!
____________________________________________

Ensure CloudTrail is enabled in all regions:
Result:

./zeus.sh: line 341: aws: command not found
./zeus.sh: line 344: aws: command not found
./zeus.sh: line 346: aws: command not found
egrep: repetition-operator operand invalid
WARNING
Trail found but multi region is not active.
Fix? y/n
DenizParlak commented 7 years ago
  1. satırdaki kodu:

python3 get-pip.py --user &> /dev/null

python2 get-pip.py --user &> /dev/null

olarak değiştirip tekrar dener misin Omar?

varunchandak commented 7 years ago

First check the path of aws:

which aws

or whereis aws

Then, export the path in the script.

Example: if aws location is /usr/bin/, then

export PATH=/usr/bin

DenizParlak commented 7 years ago

@varunchandak I think it's not a export problem, probably pip can't install because of Omar's system use python2 instead of python3.

daveshackleford commented 7 years ago

I had a number of errors on the Mac with it finding cut, base64, etc. Also, on the Mac distro I have, the base64 command uses -D, not -d. I replaced that in the script, and also added the path for aws CLI and binaries called with:

export PATH=/usr/bin:/usr/local/bin

This worked much better (I actually got output in the report files), but I am still getting some aws CLI errors that I will look into.

DenizParlak commented 7 years ago

Apparently I'll have to work more on the Mac.

@daveshackleford Which version are you using?

daveshackleford commented 7 years ago

@DenizParlak I am using 10.12.5, AWS is aws-cli/1.11.55 Python/2.7.10 Darwin/16.6.0 botocore/1.5.18.

DenizParlak commented 7 years ago

Thank you @daveshackleford

I will investigate this.

daveshackleford commented 7 years ago

Thanks for the effort, @DenizParlak ! I will help as I can. 👍

omarkurt commented 7 years ago

Hi folks!

cd Zeus

Omars-MacBook-Air:Zeus omarkurt$ sh zeus.sh (permission set)

Console Output : https://jpst.it/11coP

Try pip (manuel) : https://danielmiessler.com/blog/installing-pip-macos-os-x/#gs.DTCPVbQ Trying awscli (manuel) : https://stackoverflow.com/a/44560012

DONE!

Omars-MacBook-Air:Zeus omarkurt$ sh zeus.sh

-en

-e denizparlak@papilon.com.tr -e twitter.com/_denizparlak -en

-e Zeus is starting at.. Sun Jul 9 18:08:38 +03 2017 -e ____ -en

-e INFO: Operating System: MacOS -e INFO{}: pip is installed on the system. -e INFO: AWS-CLI is installed on the system.

DenizParlak commented 7 years ago

Manuel kurulumları yaptığında başka bir hatayla karşılaştın mı @omarkurt ? Eğer tek problem pip ve aws-cli'ın otomatik olarak yüklenmemesiyse ona göre bakayım.

omarkurt commented 7 years ago

Suanlik herhangi bir sıkıntı yaşamadım. Yukarıda belirtmis oldugum gibi, başka birşey yaşamadım. Eğer sıkıntı olursa Issues açarım, release ederken tekrar denerim. @DenizParlak