Damia Blog

Damia English Blog

Archives

Blogroll

  • Damia Spanish blog
  • Edith Apple Blog

How to monitor changes on the Amazon AWS firewall rules

February 1, 2015 by damia

If you have your cloud infraestructure on Amazon AWS for audit and control purposes you may want monitor when the firewall rules of any of your security groups have changed.

With this script you will get notified when any of the security groups are modified.


# AWS credentials
export EC2_KEYPAIR=GIJDUYE75JRHFJEJEBHFHEJE88E8ZGGG # name only, not the file name
export EC2_URL=https://ec2.eu-west-1.amazonaws.com
export EC2_PRIVATE_KEY=$HOME/.certs/pk-GIJDUYE75JRHFJEJEBHFHEJE88E8ZGGG.pem
export EC2_CERT=$HOME/.certs/cert-GIJDUYE75JRHFJEJEBHFHEJE88E8ZGGG.pem
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
# aws commands
ec2-describe-group > /home/ubuntu/.audi/group.txt
diff /home/ubuntu/.audi/group.txt /home/ubuntu/.audi/group-old.txt> /home/ubuntu/.audi/diff.txt
if test `cat /home/ubuntu/.audi/diff.txt|wc -l` != 0 ; then
cat /home/ubuntu/.audi/diff.txt|mail -s FW_AMAZON alert@bpmalert.com ;
/usr/local/bin/msg2mobile FW_AMAZON `cat diff.txt |grep PERMISSION|awk '{print($4)}'|head -1`;
fi
mv /home/ubuntu/.audi/group.txt /home/ubuntu/.audi/group-old.txt

All the magic is done with the ec2-describe-group command, storing the current state and watching for differences.

Facebooktwitterredditpinterestlinkedinmail

Filed Under: monitoring

Archives

  • November 2016
  • December 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • May 2014
  • July 2012
  • September 2010
  • August 2010
  • April 2010
  • March 2010