Skip to content

Commit

Permalink
Merge pull request #42 from ninedongsu/main
Browse files Browse the repository at this point in the history
fix: Change validation condition for check_logs_are_enabled rule
dorukozturk authored Sep 11, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
2 parents e649812 + 768ca76 commit 5deb00a
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions hardeneks/cluster_wide/security/detective_controls.py
Original file line number Diff line number Diff line change
@@ -14,11 +14,10 @@ class check_logs_are_enabled(Rule):
def check(self, resources: Resources):
client = boto3.client("eks", region_name=resources.region)
cluster_metadata = client.describe_cluster(name=resources.cluster)
logs = cluster_metadata["cluster"]["logging"]["clusterLogging"][0][
"enabled"
]
logs = filter(lambda x: x.get('enabled') and 'audit' in x.get('types'),
cluster_metadata["cluster"]["logging"]["clusterLogging"])
self.result = Result(status=True, resource_type="Log Configuration")
if not logs:
if not list(logs):
self.result = Result(
status=False, resource_type="Log Configuration"
)

0 comments on commit 5deb00a

Please sign in to comment.