https://github.com/securityftw/cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
https://github.com/securityftw/cs-suite

aws-audit aws-security azure azure-audit azure-security cloud-security gcp gcp-audit-report security security-audit security-tools

Last synced: 12 days ago
JSON representation

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

• Host: GitHub
• URL: https://github.com/securityftw/cs-suite
• Owner: SecurityFTW
• License: gpl-3.0
• Created: 2017-08-16T10:58:35.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2022-12-08T00:45:51.000Z (almost 2 years ago)
• Last Synced: 2024-02-14T13:36:24.878Z (9 months ago)
• Topics: aws-audit, aws-security, azure, azure-audit, azure-security, cloud-security, gcp, gcp-audit-report, security, security-audit, security-tools
• Language: Shell
• Homepage:
• Size: 3.25 MB
• Stars: 1,122
• Watchers: 62
• Forks: 227
• Open Issues: 41
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Cloud Security Suite (cs-suite) - Version 3.0

## Usage

```

usage: cs.py [-h] -env {aws,gcp,azure,digitalocean} -aip AUDIT_IP -u USER_NAME -pem

             PEM_FILE [-p] [-pId PROJECT_ID] [-az_u AZURE_USER]

             [-az_p AZURE_PASS] [-o OUTPUT] [-w] [-n NUMBER]

this is to get IP address for lynis audit only

optional arguments:

  -h, --help            show this help message and exit

  -env {aws,gcp,azure,digitalocean}, --environment {aws,gcp,azure,digitalocean}

                        The cloud on which the test-suite is to be run

  -aip AUDIT_IP, --audit_ip AUDIT_IP

                        The IP for which lynis Audit needs to be done .... by

                        default tries root/Administrator if username not

                        provided

  -u USER_NAME, --user_name USER_NAME

                        The username of the user to be logged in,for a

                        specific user

  -pem PEM_FILE, --pem_file PEM_FILE

                        The pem file to access to AWS instance

  -p, --password        hidden password prompt

  -pId PROJECT_ID, --project_id PROJECT_ID

                        Project ID for which GCP Audit needs to be run. Can be

                        retrivied using `gcloud projects list`

  -az_u AZURE_USER, --azure_user AZURE_USER

                        username of azure account, optionally used if you want

                        to run the azure audit with no user interaction.

  -az_p AZURE_PASS, --azure_pass AZURE_PASS

                        username of azure password, optionally used if you

                        want to run the azure audit with no user interaction.

  -o OUTPUT, --output OUTPUT

                        writes a log in JSON of an audit, ideal for

                        consumptions into SIEMS like ELK and Splunk. Defaults

                        to cs-audit.log

  -w, --wipe            rm -rf reports/ folder before executing an audit

  -n, --number          Retain number of report to store for a particular 

                        environment and user/project.

```

## Requirements

* Operating System **OSX** or **Linux** only

* python 2.7

* pip

* git

* jq

* gcc (for sshpass installation (OS Audit). Not a mandatory pre-requisite)

* AWS Audit - AWS ReadOnly Keys

* GCP Audit - gcloud setup

* Azure Audit - Azure user read-only access

* DigitalOcean Audit - DigitalOcean API key and SPACES access_key and access_secret

## Installation

(in order to avoid missing with the already installed python libraries)

 - get project `git clone https://github.com/SecurityFTW/cs-suite.git &&

cd cs-suite/`   

 - install [virtualenv](https://virtualenv.pypa.io/en/latest/) `pip install virtualenv`

 - create a python 2.7 local enviroment `virtualenv -p python2.7 venv`  

 - activate the virtual enviroment `source venv/bin/activate` 

 - install project dependencies `pip install -r requirements.txt`

 - run the tool via `python cs.py --help`

### AWS Configuration

- In AWS create a IAM user with at least the following policy `arn:aws:iam::aws:policy/ReadOnlyAccess` 

- In your local [install aws cli](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) `brew install awscli` _for OSX_  

- Configure AWS cli `aws configure`

### GCP Configuration

- create a [project](https://cloud.google.com/resource-manager/docs/creating-managing-projects) in GCP

- enable the [Cloud resource manager API](https://console.cloud.google.com/apis/api/cloudresourcemanager.googleapis.com/overview)

- create a [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys), download its key JSON and place it under `cs-suite/tools/G-Scout/keyfile.json`)

- Install [google cloud sdk](https://cloud.google.com/sdk/install#installation_options)

- configure google clound sdk `gcloud init`  

### Azure Configuration

- signup and have logged in already to [azure.microsoft.com](https://azure.microsoft.com)

- install azure CLI `brew install az`

- authenticate the azure cli `az login`, you should see your subscription type if it was successful, simiarly to the response below:

```

[

  {

    "cloudName": "AzureCloud",

    "id": "xxxxx-5595-4da5-bc27-xxxeeee",

    "isDefault": true,

    "name": "Free Trial",

    "state": "Enabled",

    "tenantId": "xxxxx-18e9-41a4-961b-xxxxx",

    "user": {

      "name": "[email protected]",

      "type": "user"

    }

  }

]

```

### DigitalOcean Configuration

- create Personal Access Tokens and Spaces Access keys [cloud.digitalocean.com](https://cloud.digitalocean.com/account/api/tokens)

- set the credentials by running export

export DO_KEY=*********************

export DO_ACCESS_KEY=*******************

export DO_SECRET_KEY=****************************

## Running cs-suite

```

To run AWS Audit - python cs.py -env aws

To run GCP Audit - python cs.py -env gcp -pId 

To run Azure Audit - python cs.py -env azure

To run DigitalOcean Audit - python cs.py -env digitalocean

```

- The final report will be available in `reports` directory

- The final AWS Audit report looks like below:

![AWS Audit report](AWS_Audit_Report.png)

- The final GCP Audit report looks like below:

![GCP Audit report](GCP_Audit_Report.png)

## Docker Setup

- Create a local directory `aws` with `credentials` and `config` files

- The `config` file looks like below

```

$ cat aws/config

[default]

output = json

region = us-east-1

```

- The `credentials` file looks like below

```

$ cat aws/credentials

[default]

aws_access_key_id = XXXXXXXXXXXXXXX

aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX

```

***Note: This tool requires `arn:aws:iam::aws:policy/ReadOnlyAccess` IAM policy***

- Then run the follwing docker command to start (passing your specific enviroment)

```

docker run -v `pwd`/aws:/root/.aws -v `pwd`/reports:/app/reports securityftw/cs-suite -env aws

```

## Documentation

[https://securityftw.github.io](https://securityftw.github.io)

## Thanks

* Scout2 - https://github.com/nccgroup/Scout2

* Prowler - https://github.com/Alfresco/prowler

* Lunar - https://github.com/lateralblast/lunar

* Lynis - https://github.com/CISOfy/lynis

* G-Scout - https://github.com/nccgroup/G-Scout

* @alanrenouf - https://github.com/alanrenouf/Windows-Workstation-and-Server-Audit

* Ranjeet Sengar - https://github.com/sengar23