rkreddyp
rkreddyp
/ iam_policy_analysis.py
Created
February 14, 2019 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get role and user dataframe with policies | |
| (df, dfu) = iam_analyze.prepare_role_df() | |
| display ( md(""" #### All Roles with Policy Full S3 Access """)) | |
| dfu.AttachedManagedPolicies = dfu.AttachedManagedPolicies.astype(str) | |
| dfs3 = dfu[dfu.AttachedManagedPolicies.str.contains("AmazonS3FullAccess", na=False) ] | |
| display(HTML(dfs3.to_html(index=False, justify="left"))) | |
| display ( md(""" #### All Roles with Policy Full Administrator Access """)) |
rkreddyp
/ iam_list_users.py
Created
February 14, 2019 14:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iam_client=boto3.client('iam') | |
| items = [] | |
| response = iam_client.list_users() | |
| while response: | |
| items += response['Users'] | |
| response = iam_client.list_roles(Marker=response['Marker']) if 'Marker' in response else None | |
| user_df = pd.DataFrame (items) | |
| display (md(""" ## IAM Users Summary |
rkreddyp
/ iam_list_roles.py
Created
February 14, 2019 14:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iam_client=boto3.client('iam') | |
| items = [] | |
| response = iam_client.list_roles() | |
| while response: | |
| items += response['Roles'] | |
| response = iam_client.list_roles(Marker=response['Marker']) if 'Marker' in response else None | |
| role_df = pd.DataFrame (items) | |
| display (md(""" ## IAM Roles Summary | |
| * No .of Roles: {noroles} |
rkreddyp
/ security_review_runbook.ipynb
Created
February 12, 2019 23:47
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
rkreddyp
/ security_review_runbook.ipynb
Created
February 12, 2019 23:47
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
rkreddyp
/ security_review_rootactivity.py
Created
February 12, 2019 18:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eventdf = oeventdf.copy() | |
| print (eventdf.columns) | |
| eventdf.userIdentity= eventdf.userIdentity.astype(str) | |
| eventdf = eventdf [eventdf.userIdentity.str.contains("Root")] | |
| eventdf = eventdf [['EventSource', 'EventName', 'Username', 'EventTime', 'sourceIPAddress']] | |
| eventdf = eventdf.groupby( ['EventTime', "EventSource","Username", 'sourceIPAddress'] )['EventName'].agg(','.join).reset_index(name='Eventnames') | |
| sdf.to_csv("/tmp/rootactivity.csv") | |
| link = lib_helpers.take_uploadfilename_return_link("rootactivity.csv", "rootactivity.csv") | |
| display (md("##### Download the csv of the below table [here]({link})".format(link=link) ) ) |
rkreddyp
/ security_review_consolelogins.py
Created
February 12, 2019 18:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| readonly = "false" # change it to false if you want write events as well | |
| eventdf = cloudtrail_helpers.get_events_df("EventName", "PutConfigRule", starttime, endtime, readonly) | |
| print (eventdf.shape) | |
| eventdf.EventTime = pd.to_datetime(eventdf.EventTime, format='%m-%d-%Y:%H').apply(lambda x:x.strftime('%m-%d-%Y')) | |
| sdf = eventdf[["EventTime", 'Username', 'userAgent', 'sourceIPAddress']] | |
| sdf = sdf.groupby( ["EventTime", "userAgent", 'sourceIPAddress'] )['Username'].agg(','.join).reset_index(name='Usernames') | |
rkreddyp
/ security_review_useraction.py
Last active
February 12, 2019 17:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| reload(cloudtrail_helpers) | |
| endtime = datetime.datetime.now() # Create start and end time for CloudTrail lookup | |
| interval = datetime.timedelta(hours=48) | |
| starttime = endtime - interval | |
| reload(cloudtrail_helpers) | |
| eventdf = cloudtrail_helpers.get_events_all_df(starttime, endtime) | |
| eventdf['Resources'] = eventdf['Resources'].astype(str) | |
| oeventdf = eventdf.copy() |
rkreddyp
/ security_review_checks.py
Last active
February 12, 2019 17:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Check Cloudtrail Configuration Across All Regions | |
| region_arr = aws_helpers.get_region_array() | |
| df_arr = [] | |
| for region in region_arr: | |
| cclient=boto3.client('cloudtrail',region_name=region) | |
| cdf = pd.DataFrame(cclient.describe_trails()['trailList']) | |
| cdf = cdf [[ 'Name', 'S3BucketName', 'IsMultiRegionTrail']] | |
| df_arr.append(cdf) | |
| ctedf = pd.concat(df_arr) | |
| display(HTML(ctedf.drop_duplicates().to_html(index=False))) |
NewerOlder