cs-suite icon indicating copy to clipboard operation
cs-suite copied to clipboard
verified publisher icon SecurityFTW

Possible Broken Dashboard

Open ghost opened this issue 4 years ago • 7 comments

I setup this tool to run locally using docker. I setup ReadOnlyAccess Policy for AWS:

I now have the final report and I noticed the following sections don't open:

Scout2 IP Audit AWS Trust Advisor

Any idea why?

I also noticed this during the scan might have something to do with it:

image

For the other reports to work I have to right click and open in new tab.

ghost avatar Apr 28 '21 19:04 ghost

Hi @x1337x-sec Thanks for reaching out. As per the current screenshot it looks like the security token is invalid. Maybe it was a temporary token which got invalidated during the scan.

For the IP Audit to run, you have to provide the ec2 instance IP, along with ssh key so it can login and run the scan. AWS Trust Advisor output can be seen when you also add the Support Read Only role to the keys.

Hope it helps. Let me know if I can be of further help.

shivankar-madaan avatar Apr 28 '21 20:04 shivankar-madaan

Where do you place the ec2 instance IP and how would you scan all instances?

Is the Security Token separate to the secret key and secret ID

ghost avatar Apr 29 '21 12:04 ghost

Currently you can scan only one IP You can watch this here https://www.youtube.com/watch?v=2eW-0bS0Hq8

I guess security token is when you have temporary access like session token?? Not exactly. Are you still facing the same error of token invalid

shivankar-madaan avatar Apr 29 '21 13:04 shivankar-madaan

Yes it is a session toke I defined it in the creds file as

[default] aws_access_key_id = XXXXXXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXX aws_session_token= XXXXXXXXXXXXXXXXXXXXX

I now get the following two errors / warnings

/usr/local/lib/python2.7/site-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.25.10) or chardet (3.0.4) doesn't match a supported version! RequestsDependencyWarning) Warning: Unable to determine STS token expiration; later API calls may fail.

Note we use AWS SSO with Okta

I am still seeing errors for example:

(UnrecognizedClientException) when calling the DescribeTrails operation: The security token included in the request is invalid

Also do you have the ARN for read-only support role.

ghost avatar Apr 29 '21 17:04 ghost

Ok I think it's just a warning, which should be fine

for the other exception arn:aws:iam::aws:policy/ReadOnlyAccess this should suffice and add Support Role if you need Trusted Advisor checks

shivankar-madaan avatar Apr 29 '21 17:04 shivankar-madaan

Do you have the support role ARN?

ghost avatar Apr 29 '21 18:04 ghost

No but I know it is AWS managed policy SupportReadOnly I guess

shivankar-madaan avatar Apr 29 '21 18:04 shivankar-madaan