Output option -o combined with -F and -M does not work

[jfagoagas]

The following options combined does not work.

    -M <mode> output mode: text (default), mono, html, json, json-asff, junit-xml, csv. They can be used combined comma separated.
    -o                 Custom output directory, if not specified will use default prowler/output, requires -M <mode>
                            (i.e.: -M csv -o /tmp/reports/)
    -F                 Custom output report name, if not specified will use default output/prowler-output-ACCOUNT_NUM-OUTPUT_DATE

The expected output is to have the results file testOutput.csv at ./reports folder.

$ mkdir ./reports
$ ls -la ./reports 
total 0
drwxr-xr-x   2 user  staff   64  1 Nov 20:33 .
drwxr-xr-x  24 user  staff  768  1 Nov 20:33 ..
$ ./prowler -c check11 -F testOutput -M csv -o ./reports/
                          _
  _ __  _ __ _____      _| | ___ _ __
 | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
 | |_) | | | (_) \ V  V /| |  __/ |
 | .__/|_|  \___/ \_/\_/ |_|\___|_|v2.5.0-12August2021
 |_| the handy cloud security tool

 Date: Mon  1 Nov 2021 20:33:51 CET
 Generating AWS IAM Credential Report... -  []
1.1 [check11] Avoid the use of the root account - iam [High]
       PASS! eu-west-1: Root user in the account wasn't accessed in the last 1 days
$ find . -iname "testOutput*"
./testOutput.csv
$ ls -la ./reports 
total 0
drwxr-xr-x   2 user  staff   64  1 Nov 20:33 .
drwxr-xr-x  24 user  staff  768  1 Nov 20:33 ..

[toniblyx]

Thanks @jfagoagas, I think it is time to debug it :D bash -x ./prowler -c check11 -F testOutput -M csv -o ./reports/ and see what is going on.

[jfagoagas]

I have done it but I need to find time to analyze it.

+ OPTRED='�[1;31m'
+ OPTNORMAL='�[0;39m'
+ PROWLER_VERSION=2.5.0-12August2021
++ dirname ./prowler
+ PROWLER_DIR=.
+ REGION=
+ FILTERREGION=
+ MAXITEMS=100
+ MONOCHROME=0
+ MODE=text
+ QUIET=0
+ SEP=,
+ KEEPCREDREPORT=0
+ EXITCODE=0
+ SEND_TO_SECURITY_HUB=0
++ date -u +%Y-%m-%dT%H:%M:%S%z
+ PROWLER_START_TIME=2021-11-02T15:40:52+0000
+ TITLE_ID=
+ TITLE_TEXT='CALLER ERROR - UNSET TITLE'
+ WHITELIST_FILE=
+ TOTAL_CHECKS=()
+ [[ -z '' ]]
+ ORIGINAL_OUTPUT=
+ export AWS_DEFAULT_OUTPUT=json
+ AWS_DEFAULT_OUTPUT=json
+ getopts :hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F: OPTION
+ case $OPTION in
+ CHECK_ID=check11
+ getopts :hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F: OPTION
+ case $OPTION in
+ OUTPUT_FILE_NAME=testOutput
+ getopts :hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F: OPTION
+ case $OPTION in
+ MODE=csv
+ getopts :hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F: OPTION
+ case $OPTION in
+ OUTPUT_DIR_CUSTOM=./reports/
+ getopts :hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F: OPTION
+ trap clean_up EXIT
+ trap handle_ctrl_c INT
+ unset AWS_DEFAULT_OUTPUT
+ . ./include/colors
++ IFS=,
++ read -ra MODES
++ for MODE in '"${MODES[@]}"'
++ [[ csv != \m\o\n\o ]]
++ [[ csv != \t\e\x\t ]]
++ [[ csv != \c\s\v ]]
++ [[ csv == \m\o\n\o ]]
++ [[ csv == \c\s\v ]]
++ MONOCHROME=1
++ [[ 1 -eq 1 ]]
++ NORMAL=
++ WARNING=
++ SECTION=
++ NOTICE=
++ OK=
++ BAD=
++ CYAN=
++ BLUE=
++ BROWN=
++ DARKGRAY=
++ GRAY=
++ GREEN=
++ MAGENTA=
++ PURPLE=
++ RED=
++ YELLOW=
++ WHITE=
+ . ./include/os_detector
++ DATE_CMD=date
++ BASE64_CMD=base64
++ '[' darwin21 == linux-gnu ']'
++ '[' darwin21 == linux-musl ']'
++ [[ darwin21 == \d\a\r\w\i\n* ]]
+++ mktemp -t prowler.cred_report-XXXXXX
++ TEMP_REPORT_FILE=/var/folders/65/36ql7p2d5cb2v7p85qwp3cxc0000gn/T/prowler.cred_report-XXXXXX.VFdXVMRF
+++ which gdate
++ GDATE=
++ '[' -n '' ']'
+++ which gbase64
++ GBASE64=
++ '[' -n '' ']'
++ date --version
++ base64 --version
+ . ./include/aws_profile_loader
+++ curl -s -m 1 http://169.254.169.254/latest/meta-data/iam/security-credentials/
++ INSTANCE_PROFILE=
++ echo ''
++ grep -q '404 - Not Found'
++ [[ -n '' ]]
++ [[ -n '' ]]
++ [[ -n '' ]]
++ [[ -n '' ]]
++ [[ -n '' ]]
++ [[ -n '' ]]
++ [[ -n '' ]]
++ [[ '' == \C\l\o\u\d\S\h\e\l\l ]]
++ PROFILE=default
++ PROFILE_OPT='--profile default'
+++ aws configure get region
++ REGION_CONFIG=eu-west-1
++ [[ -n '' ]]
++ [[ -n eu-west-1 ]]
++ REGION=eu-west-1
+ . ./include/awscli_detector
+++ which aws
++ '[' '!' -z /usr/local/bin/aws ']'
+++ which aws
++ AWSCLI=/usr/local/bin/aws
+ . ./include/whoami
++ case "$REGION" in
++ REGION_FOR_STS=eu-west-1
+++ /usr/local/bin/aws sts get-caller-identity --profile default --output json --region eu-west-1
++ GETCALLER='{
    "UserId": "",
    "Account": "",
    "Arn": "arn:aws:iam:::user/"
}'
++ ret=0
++ [[ 0 -ne 0 ]]
++ [[ -n '' ]]
+++ echo '{' '"UserId":' '"",' '"Account":' '"",' '"Arn":' '"arn:aws:iam:::user/"' '}'
+++ jq -r .Account
++ ACCOUNT_NUM=
+++ echo '{' '"UserId":' '"",' '"Account":' '"",' '"Arn":' '"arn:aws:iam:::user/"' '}'
+++ jq -r .Arn
++ CALLER_ARN=arn:aws:iam:::user/
+++ echo '{' '"UserId":' '"",' '"Account":' '"",' '"Arn":' '"arn:aws:iam:::user/"' '}'
+++ jq -r .UserId
++ USER_ID=
+++ echo arn:aws:iam:::user/
+++ cut -d: -f2
++ AWS_PARTITION=aws
+ . ./include/assume_role
+ . ./include/csv_header
+ . ./include/banner
+ . ./include/html_report
+ . ./include/outputs_bucket
++ [[ -n '' ]]
+ . ./include/outputs
++ EXTENSION_CSV=csv
++ EXTENSION_JSON=json
++ EXTENSION_ASFF=asff.json
++ EXTENSION_TEXT=txt
++ EXTENSION_HTML=html
+++ date -u +%Y%m%d%H%M%S
++ OUTPUT_DATE=20211102154055
++ OUTPUT_DIR=./output
++ [[ -n ./reports/ ]]
++ [[ !  csv  =~  text  ]]
++ [[ ! -d ./reports/ ]]
++ OUTPUT_DIR=./reports/
++ '[' -z x ']'
++ HTML_LOGO_URL=https://github.com/toniblyx/prowler/
++ HTML_LOGO_IMG=https://github.com/toniblyx/prowler/raw/2.4/util/html/prowler-logo-new.png
+++ get_iso8601_timestamp
+++ bsd_get_iso8601_timestamp
+++ date -u +%Y-%m-%dT%H:%M:%SZ
++ TIMESTAMP=2021-11-02T15:40:55Z
++ PROWLER_PARAMETERS='-c check11 -F testOutput -M csv -o ./reports/'
++ [[ -n csv ]]
++ mkdir -p ./reports/
++ [[ csv =~ html ]]
++ [[ default == '' ]]
+ . ./include/credentials_report
++ trap cleanTemp EXIT
+ . ./include/scoring
+ . ./include/python_detector
+ . ./include/secrets_detector
+ . ./include/check_creds_last_used
+ . ./include/check3x
+ . ./include/connection_tests
+ . ./include/securityhub_integration
+ . ./include/junit_integration
++ JUNIT_OUTPUT_DIRECTORY=junit-reports
++ JUNIT_TESTS_COUNT=0
++ JUNIT_SUCCESS_COUNT=0
++ JUNIT_FAILURES_COUNT=0
++ JUNIT_SKIPPED_COUNT=0
++ JUNIT_ERRORS_COUNT=0
+ prowlerBanner
+ [[ '' != \0 ]]
+ echo -e '                          _'
+ echo -e '  _ __  _ __ _____      _| | ___ _ __'
+ echo -e ' | '\''_ \| '\''__/ _ \ \ /\ / / |/ _ \ '\''__|'
+ echo -e ' | |_) | | | (_) \ V  V /| |  __/ |'
+ echo -e ' | .__/|_|  \___/ \_/\_/ |_|\___|_|v2.5.0-12August2021'
+ echo -e ' |_| the handy cloud security tool\n'
++ date
+ echo -e ' Date: Tue  2 Nov 2021 16:40:55 CET'
+ printColorsCode
+ [[ 1 -eq 0 ]]
+ [[ '' == \1 ]]
+ [[ '' == \1 ]]
+ [[  csv  =~  json  ]]
+ [[  csv  =~  json-asff  ]]
+ [[ 0 -eq 1 ]]
+ is_junit_output_enabled
+ [[  csv  =~  junit-xml  ]]
+ false
+ getWhoami
+ [[ csv == \c\s\v ]]
+ [[ 255 -eq 0 ]]
+ printCsvHeader
+ echo PROFILE,ACCOUNT_NUM,REGION,TITLE_ID,CHECK_RESULT,ITEM_SCORED,ITEM_LEVEL,TITLE_TEXT,CHECK_RESULT_EXTENDED,CHECK_ASFF_COMPLIANCE_TYPE,CHECK_SEVERITY,CHECK_SERVICENAME,CHECK_ASFF_RESOURCE_TYPE,CHECK_ASFF_TYPE,CHECK_RISK,CHECK_REMEDIATION,CHECK_DOC,CHECK_CAF_EPIC,CHECK_RESOURCE_ID,PROWLER_START_TIME
+ [[ -n '' ]]
+ get_regions
++ /usr/local/bin/aws ec2 describe-regions --query 'Regions[].RegionName' --output text --profile default --region eu-west-1 --region-names
+ REGIONS='eu-north-1	ap-south-1	eu-west-3	eu-west-2	eu-west-1	ap-northeast-3	ap-northeast-2	ap-northeast-1	sa-east-1	ca-central-1	ap-southeast-1	ap-southeast-2	eu-central-1	us-east-1	us-east-2	us-west-1	us-west-2'
+ ret=0
+ [[ 0 -ne 0 ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n check11 ]]
+ IFS=,
+ read -ra CHECKS
+ for CHECK in '"${CHECKS[@]}"'
+ execute_check check11
+ [[ -n '' ]]
+ CHECK_ID=check11
+ local alternate_name_var=CHECK_ALTERNATE_check11
+ local alternate_name=
+ local asff_type_var=CHECK_ASFF_TYPE_check11
+ CHECK_ASFF_TYPE='Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark'
+ local asff_compliance_type_var=CHECK_ASFF_COMPLIANCE_TYPE_check11
+ CHECK_ASFF_COMPLIANCE_TYPE='Software and Configuration Checks'
+ local asff_resource_type_var=CHECK_ASFF_RESOURCE_TYPE_check11
+ CHECK_ASFF_RESOURCE_TYPE=AwsAccount
+ local severity_var=CHECK_SEVERITY_check11
+ CHECK_SEVERITY=High
+ local servicename_var=CHECK_SERVICENAME_check11
+ CHECK_SERVICENAME=iam
+ local risk_var=CHECK_RISK_check11
+ CHECK_RISK='The "root" account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.'
+ local remediation_var=CHECK_REMEDIATION_check11
+ CHECK_REMEDIATION='Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.'
+ local doc_var=CHECK_DOC_check11
+ CHECK_DOC=http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
+ local caf_epic_var=CHECK_CAF_EPIC_check11
+ CHECK_CAF_EPIC=IAM
+ SECURITYHUB_NEW_FINDINGS_IDS=()
++ awk '/check11/{print}' /dev/fd/63
+++ echo ''
+ ignores=
+ '[' ']'
+ local check_id_var=CHECK_ID_check11
+ local check_id=1.1
+ '[' 1.1 ']'
+ [[ 1.1 == 1* ]]
+ '[' '!' -s /var/folders/65/36ql7p2d5cb2v7p85qwp3cxc0000gn/T/prowler.cred_report-XXXXXX.VFdXVMRF ']'
+ genCredReport
+ textTitle '' 'Generating AWS IAM Credential Report...'
+ CHECKS_COUNTER=1
+ TITLE_ID=
+ [[ -n '' ]]
+ TITLE_TEXT='Generating AWS IAM Credential Report...'
+ CHECK_SERVICENAME=
+ local 'CHECK_SEVERITY=[]'
+ local group_ids
+ group_ids='[]'
+ echo -e ' Generating AWS IAM Credential Report... -  []'
++ seq 1 60
+ for i in '$(seq 1 60)'
++ /usr/local/bin/aws iam generate-credential-report --output text --query State --profile default --region eu-west-1
+ GENERATECREDENTIALREPORTOUTPUT=COMPLETE
++ echo COMPLETE
++ grep AccessDenied
+ [[ -n '' ]]
+ [[ COMPLETE == \C\O\M\P\L\E\T\E ]]
+ return
+ saveReport
+ /usr/local/bin/aws iam get-credential-report --query Content --output text --profile default --region eu-west-1
+ decode_report
+ bsd_decode_report
+ base64 -D
+ [[ 0 -eq 1 ]]
+ show_check_title check11
+ local check_id=CHECK_ID_check11
+ local check_title=CHECK_TITLE_check11
+ local check_scored=CHECK_SCORED_check11
+ local check_type=CHECK_TYPE_check11
+ local check_asff_compliance_type=CHECK_ASFF_COMPLIANCE_TYPE_check11
+ local check_severity=CHECK_SEVERITY_check11
+ local check_servicename=CHECK_SERVICENAME_check11
+ local group_ids
+ local group_index
+ local check_name
+ [[ -n '' ]]
+ [[ '' == \e\n\s ]]
+ textTitle 1.1 '[check11] Avoid the use of the root account' iam High ''
+ CHECKS_COUNTER=2
+ TITLE_ID=1.1
+ [[ -n '' ]]
+ TITLE_TEXT='[check11] Avoid the use of the root account'
+ CHECK_SERVICENAME=iam
+ local 'CHECK_SEVERITY=[High]'
+ local group_ids
+ group_ids='[]'
+ echo -e '1.1 [check11] Avoid the use of the root account - iam [High]'
+ is_junit_output_enabled
+ [[  csv  =~  junit-xml  ]]
+ false
+ IGNORES=
+ CHECK_NAME=check11
+ check11
+ MAX_DAYS=-1
++ cat /var/folders/65/36ql7p2d5cb2v7p85qwp3cxc0000gn/T/prowler.cred_report-XXXXXX.VFdXVMRF
++ awk -F, '{ print $1,$5,$11,$16 }'
++ grep '<root_account>'
++ cut '-d ' -f2,3,4
+ last_login_dates='2021-05-17T07:42:15+00:00 N/A N/A'
+ failures=0
+ for date in '$last_login_dates'
+ [[ 2021-05-17 =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ ]]
++ how_many_days_from_today 2021-05-17
++ bsd_how_many_days_from_today 2021-05-17
++ DATE_TO_COMPARE=2021-05-17
+++ date +%s
++ TODAY_IN_DAYS=1635867658
+++ date -jf %Y-%m-%d 2021-05-17 +%s
++ DATE_IN_DAYS=1621262458
++ DAYS_TO=-169
++ echo -169
+ days_not_in_use=-169
+ '[' -169 -gt -1 ']'
+ for date in '$last_login_dates'
+ [[ N/A =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ ]]
+ for date in '$last_login_dates'
+ [[ N/A =~ ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ ]]
+ [[ 0 == 0 ]]
+ textPass 'eu-west-1: Root user in the account wasn'\''t accessed in the last 1 days' eu-west-1 root
+ CHECK_RESULT=PASS
+ CHECK_RESULT_EXTENDED='eu-west-1: Root user in the account wasn'\''t accessed in the last 1 days'
+ CHECK_RESOURCE_ID=root
+ [[ 0 == 1 ]]
+ PASS_COUNTER=1
+ [[ -n eu-west-1 ]]
+ REPREGION=eu-west-1
+ [[ csv =~ csv ]]
+ echo 'default,,eu-west-1,1.1,PASS,,,[check11] Avoid the use of the root account,eu-west-1: Root user in the account wasn'\''t accessed in the last 1 days,Software and Configuration Checks,High,iam,AwsAccount,Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark,The "root" account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.,Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.,http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html,IAM,root,2021-11-02T15:40:52+0000'
+ [[ csv =~ json ]]
+ [[ csv =~ json-asff ]]
+ is_junit_output_enabled
+ [[  csv  =~  junit-xml  ]]
+ false
+ [[ csv =~ mono ]]
+ echo '       PASS! eu-west-1: Root user in the account wasn'\''t accessed in the last 1 days'
+ [[ csv =~ html ]]
+ is_junit_output_enabled
+ [[  csv  =~  junit-xml  ]]
+ false
+ [[ 0 -eq 1 ]]
+ [[ csv =~ html ]]
+ copyToS3
+ [[ -n '' ]]
+ cleanTemp
+ [[ 0 -ne 1 ]]
+ rm -fr /var/folders/65/36ql7p2d5cb2v7p85qwp3cxc0000gn/T/prowler.cred_report-XXXXXX.VFdXVMRF
+ exit 0
+ cleanTemp
+ [[ 0 -ne 1 ]]
+ rm -fr /var/folders/65/36ql7p2d5cb2v7p85qwp3cxc0000gn/T/prowler.cred_report-XXXXXX.VFdXVMRF

I have omitted redundant information like groups and controls details.

[toniblyx]

Ok, this is now fixed in branch 2.5.1