الصفحة الرئيسية>كود المصدر JSP>فئات أخرى
تنزيل

CFRIPPER عبارة عن مكتبة ومحلل أمان CLI لقوالب AWS CloudFormation. يمكنك استخدام CFRIPPER لمنع نشر موارد AWS غير الآمنة في بيئة السحابة الخاصة بك. يمكنك كتابة شيكات الامتثال الخاصة بك عن طريق إضافة ملحقات مخصصة جديدة.

مستندات ومزيد من التفاصيل المتاحة في https://cfripper.readthedocs.io/

استخدام CLI

التنفيذ الطبيعي 

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
 - FullWildcardPrincipalRule: rootRole should not allow full wildcard ' * ' , or wildcard in account ID like ' arn:aws:iam::*:12345 ' at ' * '
 - IAMRolesOverprivilegedRule: Role ' rootRole ' contains an insecure permission ' * ' in policy ' root '
Analysing /tmp/root_bypass.json...
Valid: True

باستخدام العلم "حل" 

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format txt --resolve
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
 - FullWildcardPrincipalRule: rootRole should not allow full wildcard ' * ' , or wildcard in account ID like ' arn:aws:iam::*:12345 ' at ' * '
 - IAMRolesOverprivilegedRule: Role ' rootRole ' contains an insecure permission ' * ' in policy ' root '
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Valid: False
Issues found:
 - IAMRolesOverprivilegedRule: Role ' rootRole ' contains an insecure permission ' * ' in policy ' root '
Monitored issues found:
 - PartialWildcardPrincipalRule: rootRole contains an unknown principal: 123456789012
 - PartialWildcardPrincipalRule: rootRole should not allow wildcard, account-wide or root in resource-id like ' arn:aws:iam::12345:root ' at ' arn:aws:iam::123456789012:root '

باستخدام تنسيق JSON وحجة مخرجات الإخراج 

$ cfripper /tmp/root.yaml /tmp/root_bypass.json --format json --resolve --output-folder /tmp
Analysing /tmp/root.yaml...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root.yaml.cfripper.results.json
Analysing /tmp/root_bypass.json...
Not adding CrossAccountTrustRule failure in rootRole because no AWS Account ID was found in the config.
Result saved in /tmp/root_bypass.json.cfripper.results.json

باستخدام ملف تكوين القواعد 

$ cfripper tests/test_templates/config/security_group_firehose_ips.json --rules-config-file cfripper/config/rule_configs/example_rules_config_for_cli.py
Analysing tests/test_templates/config/security_group_firehose_ips.json...
Valid: True

استخدام ملفات القواعد 

$ cfripper tests/test_templates/config/security_group_firehose_ips.json --rules-filters-folder cfripper/config/rule_configs/
example_rules_config_for_cli.py loaded
Analysing tests/test_templates/config/security_group_firehose_ips.json...
Valid: True

رموز الخروج 

 """
Analyse AWS Cloudformation templates passed by parameter.
Exit codes:
  - 0 = all templates valid and scanned successfully
  - 1 = error / issue in scanning at least one template
  - 2 = at least one template is not valid according to CFRipper (template scanned successfully)
  - 3 = unknown / unhandled exception in scanning the templates
"""
يوسع
معلومات إضافية
تطبيقات ذات صلة
نوصي لك
أخبار ذات صلة الكل