Using Prowler for AWS assessment against CIS Foundations benchmark - Part 1 Introduction and setup

Introduction

Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening, and incident response.

It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 190 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others.

Pre-requisites?

Prowler can be installed on any Linux, Mac OS, or Windows with Cygwin or virtualization. Basic requirements include

1. Install jq and detect-secrets to work properly.
2. Python pip
3. The latest version of AWS-CLI. It works with either v1 or v2, however latest v2 is recommended if using new regions since it requires an STS v2 token, and other components needed.

Steps to install

For Ubuntu Linux

1. Install pip

   sudo apt install python3 python3-pip jq git zip

2. Installation of detect-secrets

   pip install detect-secrets==1.0.3

3. Install AWS CLI V2 and refer to the official documentation for other methods https://aws.amazon.com/cli/

   curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

   

   unzip awscliv2.zip
   sudo ./aws/install

4. Now clone the prowler tool from GitHub

   git clone https://github.com/prowler-cloud/prowler

5. Before running the Prowler tool configure an AWS account on the terminal on which you want to run Prowler. For configuration refer to the documentation https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence

6. The above credentials that are configured must have proper permissions associated with a user or role to do all checks. Only adding the AWS-managed policies, SecurityAudit and ViewOnlyAccess, to the user or role being used will also work.

7. Once the Prowler tool is cloned, change to the prowler directory and run the tool.

   ./prowler

   

Reference: https://github.com/prowler-cloud/prowler