Closed marcinguy closed 6 years ago
marcinguy
commented
6 years ago Tried also this:
Scout2/Scout2Listall.py --config ec2-security-group-opens-known-port-to-all.json --config-args "MySQL","tcp","3306" --format-file /home/user/Scout2/AWSScout2/rules/data/findings/ec2-security-group-opens-known-port-to-all.md --debug
['MySQL,tcp,3306']
Processing EC2 rule[ec2-security-group-opens-known-port-to-all.json]: "MySQL,tcp,3306 port open to all"
marcinguy
commented
6 years ago Figured it out
Scout2/Scout2Listall.py --config ec2-security-group-opens-known-port-to-all.json --config-args MySQL TCP 3306 --format-file /home/user/Scout2/AWSScout2/rules/data/findings/ec2-security-group-opens-known-port-to-all.md
marcinguy
commented
6 years ago But is there any more efficient way to run through all ports???
x4v13r64
commented
6 years ago The ec2-security-group-opens-port-to-all.json finding as used in the default ruleset checks all ports (except ["22", "80", "443", "1433", "1521", "3306", "3389", "5432", "27017" ]) to see if they are open to 0.0.0.0/0.
If you want to check all ports you could just remove the last condition, it would look something like:
{
"description": TCP port open to all",
"dashboard_name": "Rules",
"path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR",
"display_path": "ec2.regions.id.vpcs.id.security_groups.id",
"conditions": [ "and",
[ "_INCLUDE_(conditions/cidr-is-all.json)", "", ""],
[ "ec2.regions.id.vpcs.id.security_groups.id.rules.id", "equal", "ingress" ],
[ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "TCP" ],
]
}Great tip! Thanks!
How do I pass arguments to some checks:
i.e
Want to output it using Scout2Listall
Scout2/Scout2Listall.py --config ec2-security-group-opens-known-port-to-all.json --format-file /home/user/Scout2/AWSScout2/rules/data/findings/ec2-security-group-opens-known-port-to-all.mdThanks,