PyPI - prowler-cloud - Versions diffs - 5.14.1__py3-none-any.whl → 5.15.0__py3-none-any.whl - Mend

prowler-cloud 5.14.1py3-none-any.whl → 5.15.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (326) hide show

prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.py ADDED Viewed

@@ -0,0 +1,32 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_lowercase(Check):
+    """Check if RAM password policy requires at least one lowercase letter."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            if ram_client.password_policy.require_lowercase_characters:
+                report.status = "PASS"
+                report.status_extended = (
+                    "RAM password policy requires at least one lowercase letter."
+                )
+            else:
+                report.status = "FAIL"
+                report.status_extended = "RAM password policy does not require at least one lowercase letter."
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_max_login_attempts",
+  "CheckTitle": "RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "**RAM password policies** can temporarily block logon after several incorrect logon attempts within an hour.\n\nIt is recommended that the password policy is set to temporarily block logon after **5 incorrect logon attempts** within an hour.",
+  "Risk": "Temporarily blocking logon for incorrect password input increases account resiliency against **brute force logon attempts**.\n\nThis control helps prevent automated password guessing attacks from succeeding.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/max-login-attempts-password-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --MaxLoginAttemps 5",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  max_login_attemps = 5\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. In the `Max Attempts` field, check the box next to **Enable** and enter `5`\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_max_login_attempts"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.py ADDED Viewed

@@ -0,0 +1,32 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_max_login_attempts(Check):
+    """Check if RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            if ram_client.password_policy.max_login_attempts >= 5:
+                report.status = "PASS"
+                report.status_extended = "RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour."
+            elif ram_client.password_policy.max_login_attempts == 0:
+                report.status = "FAIL"
+                report.status_extended = "RAM password policy does not temporarily block logon after incorrect attempts (max login attempts is disabled)."
+            else:
+                report.status = "FAIL"
+                report.status_extended = f"RAM password policy temporarily blocks logon after {ram_client.password_policy.max_login_attempts} incorrect logon attempts, which is not the recommended value of 5."
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_max_password_age",
+  "CheckTitle": "RAM password policy expires passwords in 365 days or greater",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "**RAM password policies** can require passwords to be expired after a given number of days.\n\nIt is recommended that the password policy expire passwords after **365 days** or greater.",
+  "Risk": "Too frequent password changes are more harmful than beneficial. They offer no containment benefits and enforce bad habits, since they encourage users to choose variants of older passwords.\n\nThe CIS now recommends an **annual password reset** as a balanced approach.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-password-expiration-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --MaxPasswordAge 365",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  max_password_age = 90\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. Check the box under `Max Age`, enter `365` or a greater number up to `1095`\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_max_password_age"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.py ADDED Viewed

@@ -0,0 +1,35 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_max_password_age(Check):
+    """Check if RAM password policy expires passwords in 365 days or greater."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            # If max_password_age is 0, it means password expiration is disabled (which is acceptable)
+            # If it's set, it should be 365 or greater
+            if ram_client.password_policy.max_password_age == 0:
+                report.status = "PASS"
+                report.status_extended = "RAM password policy does not expire passwords (password expiration is disabled)."
+            elif ram_client.password_policy.max_password_age >= 365:
+                report.status = "PASS"
+                report.status_extended = f"RAM password policy expires passwords after {ram_client.password_policy.max_password_age} days."
+            else:
+                report.status = "FAIL"
+                report.status_extended = f"RAM password policy expires passwords after {ram_client.password_policy.max_password_age} days, which is less than the recommended 365 days."
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_minimum_length",
+  "CheckTitle": "RAM password policy requires minimum length of 14 or greater",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "**RAM password policies** can be used to ensure password complexity.\n\nIt is recommended that the password policy require a minimum of **14 or greater characters** for any password.",
+  "Risk": "Enhancing complexity of a password policy increases account resiliency against **brute force logon attempts**.\n\nLonger passwords provide exponentially more security against automated password cracking.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-14-characters-password-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --MinimumPasswordLength 14",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  minimum_password_length = 14\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. In the Length section, enter `14` or a greater number\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_minimum_length"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.py ADDED Viewed

@@ -0,0 +1,30 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_minimum_length(Check):
+    """Check if RAM password policy requires minimum length of 14 or greater."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            if ram_client.password_policy.minimum_password_length >= 14:
+                report.status = "PASS"
+                report.status_extended = f"RAM password policy requires minimum length of {ram_client.password_policy.minimum_password_length} characters."
+            else:
+                report.status = "FAIL"
+                report.status_extended = f"RAM password policy requires minimum length of {ram_client.password_policy.minimum_password_length} characters, which is less than the recommended 14 characters."
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_password_policy_number/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_number",
+  "CheckTitle": "RAM password policy require at least one number",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "**RAM password policies** can be used to ensure password complexity.\n\nIt is recommended that the password policy require at least one **number**.",
+  "Risk": "Enhancing complexity of a password policy increases account resiliency against **brute force logon attempts**.\n\nWeak passwords without numeric characters are more susceptible to dictionary attacks.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-number-password-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --RequireNumbers true",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  require_numbers = true\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. In the Charset section, select **Number**\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_number"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_password_reuse_prevention",
+  "CheckTitle": "RAM password policy prevents password reuse",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "It is recommended that the **password policy** prevent the reuse of passwords.\n\nThis ensures users cannot cycle back to previously compromised passwords.",
+  "Risk": "Preventing **password reuse** increases account resiliency against brute force logon attempts.\n\nIf a password is compromised and later reused, attackers with knowledge of old credentials can regain access.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/prevent-password-reuse-password-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --PasswordReusePrevention 5",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  password_reuse_prevention = 24\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. In the `Do Not repeat History` section field, enter `5`\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_password_reuse_prevention"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.py ADDED Viewed

@@ -0,0 +1,35 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_password_reuse_prevention(Check):
+    """Check if RAM password policy prevents password reuse."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            if ram_client.password_policy.password_reuse_prevention >= 5:
+                report.status = "PASS"
+                report.status_extended = f"RAM password policy prevents password reuse (history: {ram_client.password_policy.password_reuse_prevention} passwords)."
+            else:
+                report.status = "FAIL"
+                if ram_client.password_policy.password_reuse_prevention == 0:
+                    report.status_extended = (
+                        "RAM password policy does not prevent password reuse."
+                    )
+                else:
+                    report.status_extended = f"RAM password policy prevents reuse of only {ram_client.password_policy.password_reuse_prevention} previous passwords, which is less than the recommended 5."
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_symbol",
+  "CheckTitle": "RAM password policy require at least one symbol",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "**RAM password policies** can be used to ensure password complexity.\n\nIt is recommended that the password policy require at least one **symbol**.",
+  "Risk": "Enhancing complexity of a password policy increases account resiliency against **brute force logon attempts**.\n\nSpecial characters significantly increase the keyspace that attackers must search.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-symbol-password-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --RequireSymbols true",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  require_symbols = true\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. In the Charset section, select **Symbol**\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_symbol"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.py ADDED Viewed

@@ -0,0 +1,34 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_symbol(Check):
+    """Check if RAM password policy requires at least one symbol."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            if ram_client.password_policy.require_symbols:
+                report.status = "PASS"
+                report.status_extended = (
+                    "RAM password policy requires at least one symbol."
+                )
+            else:
+                report.status = "FAIL"
+                report.status_extended = (
+                    "RAM password policy does not require at least one symbol."
+                )
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_password_policy_uppercase",
+  "CheckTitle": "RAM password policy requires at least one uppercase letter",
+  "CheckType": [
+    "Unusual logon",
+    "Abnormal account"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:password-policy",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudRAMPasswordPolicy",
+  "Description": "**RAM password policies** can be used to ensure password complexity.\n\nIt is recommended that the password policy require at least one **uppercase letter**.",
+  "Risk": "Enhancing complexity of a password policy increases account resiliency against **brute force logon attempts**.\n\nWeak passwords without case variety are more susceptible to dictionary attacks.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116413.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/uppercase-letter-password-policy.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram SetPasswordPolicy --RequireUppercaseCharacters true",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": "resource \"alicloud_ram_password_policy\" \"example\" {\n  require_uppercase_characters = true\n}"
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **RAM Console**\n2. Choose **Settings**\n3. In the Password section, click **Modify**\n4. In the Charset section, select **Upper case**\n5. Click **OK**",
+      "Url": "https://hub.prowler.com/check/ram_password_policy_uppercase"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.py ADDED Viewed

@@ -0,0 +1,32 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_password_policy_uppercase(Check):
+    """Check if RAM password policy requires at least one uppercase letter."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        if ram_client.password_policy:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=ram_client.password_policy
+            )
+            report.region = ram_client.region
+            report.resource_id = f"{ram_client.audited_account}-password-policy"
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:password-policy"
+            )
+            if ram_client.password_policy.require_uppercase_characters:
+                report.status = "PASS"
+                report.status_extended = (
+                    "RAM password policy requires at least one uppercase letter."
+                )
+            else:
+                report.status = "FAIL"
+                report.status_extended = "RAM password policy does not require at least one uppercase letter."
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "ram_policy_attached_only_to_group_or_roles",
+  "CheckTitle": "RAM policies are attached only to groups or roles",
+  "CheckType": [
+    "Abnormal account",
+    "Cloud threat detection"
+  ],
+  "ServiceName": "ram",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:ram::account-id:user/{user-name}",
+  "Severity": "low",
+  "ResourceType": "AlibabaCloudRAMUser",
+  "Description": "By default, **RAM users**, groups, and roles have no access to Alibaba Cloud resources. RAM policies are the means by which privileges are granted to users, groups, or roles.\n\nIt is recommended that RAM policies be applied directly to **groups and roles** but not users.",
+  "Risk": "Assigning privileges at the **group or role level** reduces the complexity of access management as the number of users grows.\n\nReducing access management complexity may in turn reduce opportunity for a principal to inadvertently receive or retain **excessive privileges**.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/doc-detail/116820.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/receive-permissions-via-ram-groups-only.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "aliyun ram DetachPolicyFromUser --PolicyName <policy_name> --PolicyType <System|Custom> --UserName <ram_user>",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "1. Create **RAM user groups** and assign policies to those groups\n2. Add users to the appropriate groups\n3. Detach any policies directly attached to users using the RAM Console or CLI",
+      "Url": "https://hub.prowler.com/check/ram_policy_attached_only_to_group_or_roles"
+    }
+  },
+  "Categories": [
+    "identity-access"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.py ADDED Viewed

@@ -0,0 +1,35 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.ram.ram_client import ram_client
+class ram_policy_attached_only_to_group_or_roles(Check):
+    """Check if RAM policies are attached only to groups or roles, not directly to users."""
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        for user in ram_client.users:
+            report = CheckReportAlibabaCloud(metadata=self.metadata(), resource=user)
+            report.region = ram_client.region
+            report.resource_id = user.name
+            report.resource_arn = (
+                f"acs:ram::{ram_client.audited_account}:user/{user.name}"
+            )
+            if user.attached_policies:
+                report.status = "FAIL"
+                policy_names = [policy.policy_name for policy in user.attached_policies]
+                report.status_extended = (
+                    f"RAM user {user.name} has {len(user.attached_policies)} "
+                    f"policies directly attached: {', '.join(policy_names)}. "
+                    f"Policies should be attached to groups or roles instead."
+                )
+                findings.append(report)
+            else:
+                report.status = "PASS"
+                report.status_extended = (
+                    f"RAM user {user.name} has no policies directly attached."
+                )
+                findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/__init__.py ADDED Viewed

File without changes

prowler-cloud 5.14.1__py3-none-any.whl → 5.15.0__py3-none-any.whl

prowler-cloud 5.14.1py3-none-any.whl → 5.15.0py3-none-any.whl