This command line application will process each Security group and check for unnecessary ports that are open.
Go to file
Darshil Chanpura 7a9b335f94 Added installation instructions 2021-01-11 13:34:48 +05:30
audit Added more formatting improvements 2021-01-10 12:10:03 +05:30
docs Added screenshot 2021-01-11 12:54:07 +05:30
.chglog.yml Version 1.0.1 2021-01-11 11:52:32 +05:30
.gitignore Update: added some files in .gitignore 2021-01-11 11:39:52 +05:30
LICENSE Initial Commit 2021-01-09 19:17:29 +05:30
README.md Added installation instructions 2021-01-11 13:34:48 +05:30
changelog.yml Added changelog 2021-01-11 11:53:52 +05:30
go.mod Initial Commit 2021-01-09 19:17:29 +05:30
go.sum Initial Commit 2021-01-09 19:17:29 +05:30
main.go Added formatting and other details 2021-01-09 22:10:36 +05:30
nfpm.yaml Version 1.0.1 2021-01-11 11:52:32 +05:30

README.md

Security Groups Audit

This command line application will process each Security group and check for unnecessary ports that are open.

Scope

Security Groups

  • Describe Security Groups
  • Describe Security Groups with Filters
  • Describe Security Groups of Running Instances

Validation

  • Check for any 0.0.0.0/0 or ::/0 values other than 80 and 443
  • Check for All Traffic open as well, ports 0-65535

Usage

There are some options available as of now.

  • -csv for printing out in CSV format, this can be helpful for showing it in reports.
  • -no-color for disabling the color output.
  • -profile and -region for AWS Profile (credentials) and Region to use.
$ sg-audit -h
Usage of sg-audit:
  -csv
        Output in CSV Format
  -no-color
        No Colored output
  -profile string
        AWS Profile to use
  -region string
        AWS Region to use

Screenshot

screenshot

Legends

  • BOLD indicates atleast one instance is attached with this security group
  • [CRIT] or the line in red indicates the rule is open to internet
  • [WARN] or the line in yellow indicates the rule is all ports are open to one of the IP
  • [SKIP] or the line in cyan indicates the rule is marked as skip in Rule Description
  • [CHCK] or the line in green indicates the rule is marked as checked in Rule Description

Installation

There are repositories available for RHEL/Debian based systems. More information can be found on https://repo.dcpri.me and installation is simply

sudo apt install sg-audit # debian
# or 
sudo yum install sg-audit # older RHEL based OS
# or
sudo dnf install sg-audit # other RHEL based OS

For macOS download the binary from Releases tab. Won't recommend the arm64 build yet.

LICENSE

MIT