From 66a57bf67aee73f5f2f85f33458db7995b659809 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Thu, 6 Jun 2024 13:33:53 -0500 Subject: [PATCH] Update --- .github/scripts/prep.sh | 21 +++++++++++ .github/workflows/aws.yml | 69 +++++++++++++++++++++++++++++++++++ .github/workflows/okta.yml | 46 +++++++++++++++++++++++ .github/workflows/tenable.yml | 29 +++++++++++++++ 4 files changed, 165 insertions(+) create mode 100644 .github/scripts/prep.sh create mode 100644 .github/workflows/aws.yml create mode 100644 .github/workflows/okta.yml create mode 100644 .github/workflows/tenable.yml diff --git a/.github/scripts/prep.sh b/.github/scripts/prep.sh new file mode 100644 index 0000000..1470e98 --- /dev/null +++ b/.github/scripts/prep.sh @@ -0,0 +1,21 @@ +## ENVIRONMENT ## + +#!/bin/bash + +# Error tracking and logging function +log_error() { + echo "Error: $1" >&2 +} + +# INSTALL JQ +mkdir -p $HOME/bin +curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o $HOME/bin/jq +if [ $? -ne 0 ]; then + log_error "Failed to install jq" + exit 1 +fi +chmod +x $HOME/bin/jq +if [ $? -ne 0 ]; then + log_error "Failed to set executable permission for jq" + exit 1 +fi \ No newline at end of file diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml new file mode 100644 index 0000000..e8ac786 --- /dev/null +++ b/.github/workflows/aws.yml @@ -0,0 +1,69 @@ +name: Amazon Web Services + +on: + schedule: + # Run at 00:00 on the first day of every month + - cron: "0 0 1 * *" + +jobs: + run-script: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: "3.x" + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + # If you have a requirements.txt, uncomment the line below + # pip install -r requirements.txt + + - name: Configure AWS credentials for commercial + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.DEVOPS_PRIVSEC_AUTOMATION_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.DEVOPS_PRIVSEC_AUTOMATION_AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Configure AWS credentials for federal + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.DEVOPS_DOOP_AUTOMATION_AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.DEVOPS_DOOP_AUTOMATION_AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - id: install-aws-cli + uses: unfor19/install-aws-cli-action@v1 + with: + version: 2 # default + verbose: false # default + arch: amd64 # allowed values: amd64, arm64 + rootdir: "" # defaults to "PWD" + workdir: "" # defaults to "PWD/unfor19-awscli" + + - name: Prepare Environment + id: prep + run: /bin/bash scripts/prep.sh + continue-on-error: false + + - name: Get current date + id: date + run: echo "::set-output name=date::$(date +'%Y-%m-%d-%H-%M') + + - uses: github-actions-x/commit@v2.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + push-branch: "main" + force-add: "true" + + - name: Commit & Push changes + uses: actions-js/push@master + with: + force: true + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/okta.yml b/.github/workflows/okta.yml new file mode 100644 index 0000000..b14ce88 --- /dev/null +++ b/.github/workflows/okta.yml @@ -0,0 +1,46 @@ +name: Run Okta Scripts + +on: + push: + branches: + - main + schedule: + - cron: "0 0 * * *" # Runs daily at midnight + workflow_dispatch: # Allows manual triggering of the workflow + +jobs: + run-okta-scripts: + runs-on: ubuntu-latest + + env: + OKTA_DOMAIN: ${{ secrets.OKTA_DOMAIN }} + OKTA_API_TOKEN: ${{ secrets.OKTA_API_TOKEN }} + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v3 + with: + python-version: "3.x" + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install requests jq + + - name: Run check-authentication-settings + run: python src/evidence-collection/okta/check_authentication_settings.py + + - name: Run check-deactivated-users + run: python src/evidence-collection/okta/check_deactivated_users.py + + - name: Run check-mfa-enrollments + run: python src/evidence-collection/okta/check_mfa_enrollments.py + + - name: Run check-password-policies + run: python src/evidence-collection/okta/check_password_policies.py + + - name: Run check-users-and-groups + run: python src/evidence-collection/okta/check_users_and_groups.py diff --git a/.github/workflows/tenable.yml b/.github/workflows/tenable.yml new file mode 100644 index 0000000..527364f --- /dev/null +++ b/.github/workflows/tenable.yml @@ -0,0 +1,29 @@ +name: Tenable + +on: + schedule: + # Runs at 00:00 every Monday + - cron: "0 0 * * 1" + +jobs: + fetch_and_save_scans: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Python 3.8 + uses: actions/setup-python@v3 + with: + python-version: 3.8 + + - name: Install dependencies + run: | + pip install pytenable + + - name: Run Tenable Scan Script + env: + PRIVSEC_TENABLE_ACCESS_KEY: ${{ secrets.PRIVSEC_TENABLE_ACCESS_KEY }} + PRIVSEC_TENABLE_SECRET_KEY: ${{ secrets.PRIVSEC_TENABLE_SECRET_KEY }} + run: python src/tools/tenable/tenable-results.py