Closed m-minning closed 2 weeks ago
jfagoagas
commented
2 weeks ago Hello @m-minning, we will take a look at this and get back to you soon. In the meantime, would you mind to run Prowler again with --log-level ERROR argument and send the logs to us? That will help us to better debug your issue.
Thanks for using Prowler!
m-minning
commented
2 weeks ago Thanks @jfagoagas for your fast reply. It's having some trouble with the mutelist.
2024-07-10 08:08:33,473 [File: mutelist.py:28] [Module: mutelist] ERROR: SchemaError -- Mutelist YAML is malformed - Key 'Accounts' error:
Key '*' error:
Key 'Checks' error:
Key 'ec2_instance_secrets_user_data' error:
Missing key: 'Resources'[25]Edit: It works with the example. I'm trying now to migrate our mutelist step by step to see when the error starts
jfagoagas
commented
2 weeks ago Hi @m-minning by the error you shared it seems that your Mutelist is not valid since you must have the Regions and Resources keys under the check. So you will need to leave your Mutelist file with the following:
Mutelist:
Accounts:
'*':
Checks:
'ec2_instance_secrets_user_data': --> This key is missing the `Resources` key.
Regions:
- 'eu-central-1'
Tags:
- 'Project=Project1|Project=Project2'
Resources:
- '*' --> Include all using the * or the resource name.
'ec2_launch_template_no_secrets': --> This key is valid
Regions:
- 'eu-central-1'
Resources:
- 'Project1LaunchTemplate*'
- 'Project2LaunchTemplate'
'ecs_task_definitions_no_environment_secrets': --> This key is valid
Regions:
- 'eu-central-1'
Resources:
- 'Project3Task*'
- 'Project4Task*'I have included some clarifications to help explain the issue with the mutelist.
You can also get more information about the Mutelist in our public documentation at https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/mutelist/#aws-mutelist.
Thanks!
m-minning
commented
2 weeks ago Thanks @jfagoagas, that helped. I was totally blind and didn't see it.
Steps to Reproduce
prowler aws --ignore-exit-code-3 --filter-region us-east-1 eu-central-1 --role arn:aws:iam::${AWS_ACCOUNT_ID}:role/Prowler --status FAIL --security-hub --mutelist-file prowler/mutelist.yaml --excluded-checks awslambda_function_no_secrets_in_code cloudfront_distributions_logging_enabled cloudfront_distributions_using_deprecated_ssl_protocols cloudfront_distributions_using_waf cloudwatch_log_group_no_secrets_in_logs dynamodb_tables_pitr_enabled iam_root_hardware_mfa_enabled wafv2_webacl_logging_enabledExpected behavior
We have the mutelist stored in the location
prowler/mutelist.ymland expected that the findings (in the example below ec2) would be muted but it looks like the mutelist is ignored. We also tried to use the account number instead of*but the behavior is the same.Actual Result with Screenshots or Logs
How did you install Prowler?
Docker (docker pull toniblyx/prowler)
Environment Resource
We use OpenID Connect to run our jobs on GitLab SaaS runners hosted in GCE
OS used
Google Container-Optimized OS (https://docs.gitlab.com/ee/ci/runners/hosted_runners/linux.html)
Prowler version
4.2.4
Pip version
24.0
Context
I don't know if this is a bug or if anything is wrong with our configuration.