Check 2.9 failure even if no VPCs exist in the region

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

https://prowler.com

Apache License 2.0

10.83k stars 1.54k forks source link

Check 2.9 failure even if no VPCs exist in the region #274

Closed affanhmalik closed 5 years ago

affanhmalik commented 5 years ago

CIS section 2.9 requires VPC flowlogs to be enabled for all VPCs. However, prowler implementation only looks for flowlogs in each region (doesn't account for the possibility that there are no VPCs in the region).

To reproduce:

In AWS Console, go to VPC
Change region to an unused region, delete the default VPC (and any other existing VPCs)
Run check29, the status of this particular region will be FAIL

toniblyx commented 5 years ago

Hi @affanhmalik, this check is actually correct, there are no flowlogs because also there are no VPCs in a given region. Do you think it should be INFO instead? Stating something like: INFO! ap-south-1: No VPCs found

affanhmalik commented 5 years ago

@toniblyx I think its better to check for Flowlogs only in an active VPC, avoiding noise as well as false flags.

I created PR: https://github.com/toniblyx/prowler/pull/276