Closed marcinguy closed 5 years ago
When there is no output, nothing is returned (blank output). You must first run Scout2 before running Scout2Listall.
Don't use absolute paths (currently not supported).
This is what I get then running your markdown file when there is an open S3 bucket:
python Scout2Listall.py --profile aws_scout2 --config s3-bucket-world-acl.json --format-file s3-bucket-world-acl.md --config-args AllUsers read
| AllUsers |
This is what I get then running your markdown file when there is no open S3 bucket:
python Scout2Listall.py --profile aws_scout2 --config s3-bucket-world-acl.json --format-file s3-bucket-world-acl.md --config-args AllUsers read
Does this answer your question?
Thanks for your reply. I think there is a bug somewhere.
In my case the rule does not return items. I pprinted() the aws_config['services'][rule_service][rule_type][rule_key]
python Scout2Listall.py --profile test --config s3-bucket-world-acl.json --format-file s3-bucket-world-acl.md --config-args AllUsers read
Error: unhandled case, typeof(current_info) = <type 'NoneType'>
Path: [u's3', u'buckets', u'731c5473f01102de83d83e5d099ffac1cd23f36e', u'grantees']
Object: None
Entry target path: [u'id']
Failed to process rule defined in s3-bucket-world-acl.json
{'checked_items': 0,
'description': u'',
'display_path': u's3.buckets.id',
'flagged_items': 0,
'id_suffix': u'read',
'level': u'danger',
'path': u's3.buckets.id.grantees.id'}
Traceback (most recent call last):
File "Scout2Listall.py", line 8, in <module>
sys.exit(main())
File "/home/user/Scout2/AWSScout2/__listall__.py", line 89, in main
resources = aws_config['services'][rule_service][rule_type][rule_key]['items']
KeyError: 'items'
FYI Had this error while running Scout2:
Fetching S3 config...
buckets
1/89g configuration for test-documentation
An error occurred (AccessDenied) when calling the GetBucketLogging operation: Access Denied
7/89An error occurred (AccessDenied) when calling the GetBucketAcl operation: Access Denied
9/89An error occurred (AccessDenied) when calling the GetBucketPolicy operation: Access Denied
89/89
Maybe the config json is somehow not incomplete?
How can I debug/fix this?
Thanks,
I'll try to reproduce the first error you are getting.
Regarding the second error, you're getting it because the user/role you are using to run Scout2 doesn't have access to those buckets (hence the AccessDenied
response). Check the bucket ACLs as that's most likely where you are getting access denied.
@marcinguy, are the buckets identified in the Scout2 HTML report? This would help determine whether the issue is in Scout2 or Scout2Listall.
@l01cd3v yes I think so, I see buckets (Buckets Checked). For example:
Bucket without versioning
Buckets checked: 89
Buckets flagged: 83
@marcinguy do you have 89 buckets in the account? Because those that can't be accessed (which return the AccessDenied
response) won't be counted in there.
@j4v I checked, yes I have 89 buckets. So maybe the bug is that it adds AccessDeniend
buckets also. You are right, there should be at least 3 less (Bucket 1,7 and 9) based on my previous output.
Trying to get all world readable S3 Buckets
None were identified in my scan.
Is this the right way to do it when there will be some identified?
Shouldn't Scout2Listall.py just say, no items found.
Below is what I am trying:
Thanks,