search

SecurityFTW / cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
GNU General Public License v3.0
1.14k stars 217 forks source link

Possible Broken Dashboard #72

Open ghost opened 3 years ago

ghost commented 3 years ago

I setup this tool to run locally using docker. I setup ReadOnlyAccess Policy for AWS:

I now have the final report and I noticed the following sections don't open:

Scout2 IP Audit AWS Trust Advisor

Any idea why?

I also noticed this during the scan might have something to do with it:

image

For the other reports to work I have to right click and open in new tab.

shivankar-madaan commented 3 years ago

Hi @x1337x-sec Thanks for reaching out. As per the current screenshot it looks like the security token is invalid. Maybe it was a temporary token which got invalidated during the scan.

For the IP Audit to run, you have to provide the ec2 instance IP, along with ssh key so it can login and run the scan. AWS Trust Advisor output can be seen when you also add the Support Read Only role to the keys.

Hope it helps. Let me know if I can be of further help.

ghost commented 3 years ago

Where do you place the ec2 instance IP and how would you scan all instances?

Is the Security Token separate to the secret key and secret ID

shivankar-madaan commented 3 years ago

Currently you can scan only one IP You can watch this here https://www.youtube.com/watch?v=2eW-0bS0Hq8

I guess security token is when you have temporary access like session token?? Not exactly. Are you still facing the same error of token invalid

ghost commented 3 years ago

Yes it is a session toke I defined it in the creds file as

[default] aws_access_key_id = XXXXXXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXX aws_session_token= XXXXXXXXXXXXXXXXXXXXX

I now get the following two errors / warnings

/usr/local/lib/python2.7/site-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.25.10) or chardet (3.0.4) doesn't match a supported version! RequestsDependencyWarning) Warning: Unable to determine STS token expiration; later API calls may fail.

Note we use AWS SSO with Okta

I am still seeing errors for example:

(UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid

Also do you have the ARN for read-only support role.

shivankar-madaan commented 3 years ago

Ok I think it's just a warning, which should be fine

for the other exception arn:aws:iam::aws:policy/ReadOnlyAccess this should suffice and add Support Role if you need Trusted Advisor checks

ghost commented 3 years ago

Do you have the support role ARN?

shivankar-madaan commented 3 years ago

No but I know it is AWS managed policy SupportReadOnly I guess