GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → DenizParlak → Zeus

DenizParlak / Zeus

Licence: mit
AWS Auditing & Hardening Tool

Programming Languages

shell
77523 projects

Labels

awshardening

Projects that are alternatives of or similar to Zeus

Terraform Aws Secure Baseline
Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
Stars: ✭ 596 (-5.4%)
Mutual labels:  aws, hardening
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+623.97%)
Mutual labels:  aws, hardening
Aws Gate
Better AWS SSM Session manager CLI client
Stars: ✭ 294 (-53.33%)
Mutual labels:  aws, hardening
Dynamodb Gui Client
DynamoDb GUI Client
Stars: ✭ 540 (-14.29%)
Mutual labels:  aws
Ecs Deploy
Powerful CLI tool to simplify Amazon ECS deployments, rollbacks & scaling
Stars: ✭ 541 (-14.13%)
Mutual labels:  aws
Awslambdaproxy
An AWS Lambda powered HTTP/SOCKS web proxy
Stars: ✭ 571 (-9.37%)
Mutual labels:  aws
Dev Setup
macOS development environment setup: Easy-to-understand instructions with automated setup scripts for developer tools like Vim, Sublime Text, Bash, iTerm, Python data analysis, Spark, Hadoop MapReduce, AWS, Heroku, JavaScript web development, Android development, common data stores, and dev-based OS X defaults.
Stars: ✭ 5,590 (+787.3%)
Mutual labels:  aws
Watchtower
Python CloudWatch Logging: Log Analytics and Application Intelligence
Stars: ✭ 537 (-14.76%)
Mutual labels:  aws
Finala
Finala is an open-source resource cloud scanner that analyzes, discloses, presents and notifies about wasteful and unused resources.
Stars: ✭ 605 (-3.97%)
Mutual labels:  aws
S5cmd
Parallel S3 and local filesystem execution tool.
Stars: ✭ 565 (-10.32%)
Mutual labels:  aws
Terratest
Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
Stars: ✭ 5,797 (+820.16%)
Mutual labels:  aws
Intro To Terraform
Sample code for the blog post series "A Comprehensive Guide to Terraform."
Stars: ✭ 550 (-12.7%)
Mutual labels:  aws
Spring Cloud Aws
Integration for Amazon Web Services APIs with Spring
Stars: ✭ 541 (-14.13%)
Mutual labels:  aws
Django S3direct
Directly upload files to S3 compatible services with Django.
Stars: ✭ 570 (-9.52%)
Mutual labels:  aws
Ssh Over Ssm
SSH over AWS SSM. No bastions or public-facing instances. SSH user management through IAM. No requirement to store SSH keys locally or on server.
Stars: ✭ 541 (-14.13%)
Mutual labels:  aws
Aws Mfa
Manage AWS MFA Security Credentials
Stars: ✭ 606 (-3.81%)
Mutual labels:  aws
Escalator
Escalator is a batch or job optimized horizontal autoscaler for Kubernetes
Stars: ✭ 539 (-14.44%)
Mutual labels:  aws
Terragrunt
Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules.
Stars: ✭ 5,446 (+764.44%)
Mutual labels:  aws
Aws Plantuml
PlantUML sprites, macros, and other includes for AWS components.
Stars: ✭ 565 (-10.32%)
Mutual labels:  aws
Geodesic
🚀 Geodesic is a DevOps Linux Distro. We use it as a cloud automation shell. It's the fastest way to get up and running with a rock solid Open Source toolchain. ★ this repo! https://slack.cloudposse.com/
Stars: ✭ 629 (-0.16%)
Mutual labels:  aws
View All Similar Projects ➔

Zeus

AWS Auditing & Hardening Tool

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user.

Currently, it only includes the Logging mechanism.

Identity and Access Management

  • Avoid the use of the "root" account
  • Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • Ensure credentials unused for 90 days or greater are disabled
  • Ensure access keys are rotated every 90 days or less
  • Ensure IAM password policy requires at least one uppercase letter
  • Ensure IAM password policy requires at least one lowercase letter
  • Ensure IAM password policy requires at least one symbol
  • Ensure IAM password policy requires at least one number
  • Ensure IAM password policy requires minimum length of 14 or greater
  • Ensure no root account access key exists
  • Ensure MFA is enabled for the "root" account
  • Ensure security questions are registered in the AWS account
  • Ensure IAM policies are attached only to groups or role
  • Enable detailed billing
  • Maintain current contact details
  • Ensure security contact information is registered
  • Ensure IAM instance roles are used for AWS resource access from instances

Logging

  • Ensure CloudTrail is enabled in all regions
  • Ensure CloudTrail log file validation is enabled
  • Ensure the S3 bucket CloudTrail logs to is not publicly accessible
  • Ensure CloudTrail trails are integrated with CloudWatch Logs
  • Ensure AWS Config is enabled in all regions
  • Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
  • Ensure CloudTrail logs are encrypted at rest using KMS CMKs
  • Ensure rotation for customer created CMKs is enabled

Networking

  • Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
  • Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389
  • Ensure VPC flow logging is enabled in all VPC
  • Ensure the default security group of every VPC restricts all traffic

Monitoring

  • Ensure a log metric filter and alarm exist for unauthorized API calls
  • Ensure a log metric filter and alarm exist for Management Consolesign-in without MFA
  • Ensure a log metric filter and alarm exist for usage of "root" account
  • Ensure a log metric filter and alarm exist for IAM policy changes
  • Ensure a log metric filter and alarm exist for CloudTrail configuration changes
  • Ensure a log metric filter and alarm exist for AWS Management Console authentication failures
  • Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs
  • Ensure a log metric filter and alarm exist for S3 bucket policy changes
  • Ensure a log metric filter and alarm exist for AWS Config configuration changes
  • Ensure a log metric filter and alarm exist for security group changes
  • Ensure a log metric filter and alarm exist for changes to NetworkAccess Control Lists (NACL)
  • Ensure a log metric filter and alarm exist for changes to network gateways
  • Ensure a log metric filter and alarm exist for route table changes
  • Ensure a log metric filter and alarm exist for VPC changes

ChangeLog

Soon.

Requirements

Zeus has been written in bash script using AWS-CLI and it works in Linux/UNIX and OSX.

Make sure that the AWS-CLI tool is installed on the system and profile is configured (aws configure).

Update:

pip & aws-cli checking functions are added that based on operating system.

Usage

git clone https://github.com/DenizParlak/Zeus.git && cd Zeus && chmod +x zeus.sh && ./zeus.sh

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].