Scout2 - Security auditing tool for AWS environments
Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analyzed and stored as JSON objects in several JavaScript files. These files are imported in the Scout2 HTML report, which allows for a quick and efficient review of the AWS configuration. Scout2 ships with over thirty rules, and can easily be extended to support more services and test cases.
HTML Report
The Scout2 Python script populates JavaScript variables displayed in the HTML report. In addition to displaying the AWS configuration, the AWS Scout2 HTML report highlights high-risk areas automatically. Potential findings are highlight with two different colors
- red :: danger
- orange :: warning
EC2 view
Security Groups are the first layer of defense for EC2 instances (AWS documentation), and control both inbound and outbound traffic at the instance level. AWS Scout2 has a default ruleset that reports known sensitive ports that are open to the Internet (in the following screenshot, 22/SSH). Additionally, the default ruleset also reports open ports whose number are associated with plaintext protocol (in the following screenshot, 23/Telnet).
Network ACLs are the second layer of defense, and control traffic in and out of a subnet. AWS Scout2 has an EC2/Network ACLs view that reports all existing rules:
Post a Comment