top of page
Search

Azure Cybersecurity Labs - Part Five

  • Jul 17, 2024
  • 2 min read

Updated: 5 days ago


A circle with gears in it sandwiched between a shield with a circle with gears on top of it with the title "Azure Cybersecurity Labs"
A circle with gears in it sandwiched between a shield with a circle with gears on top of it with the title "Azure Cybersecurity Labs"

Azure Cybersecurity Labs - Part Five

Next up is Azure Cybersecurity Labs - Part Five. Checkov is a static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations that may lead to security or compliance problems. Checkov includes more than 750 predefined policies to check for common misconfiguration issues. Checkov also supports the creation and contribution of custom policies.


Supported IaC types

Checkov scans these IaC file types:


  • Terraform (for AWS, GCP, Azure and OCI)

  • CloudFormation (including AWS SAM)

  • Azure Resource Manager (ARM)

  • Serverless framework

  • Helm charts

  • Kubernetes

  • Docker


This lab shows how to install Checkov, run a scan, and analyze the results.


Install Pip3 and Python

pip3 is the official package manager and pip command for Python 3. It enables the installation and management of third-party software packages with features and functionality not found in the Python standard library. Pip3 installs packages from PyPI (Python Package Index).


You can get it by installing the latest version of Python here.


Install Checkov From PyPI Using Pip


pip3 install checkov

Make a Terraform Directory and Move There


mkdir ~/checkov-example
cd ~/checkov-example

Create main.tf file with VS Code


code main.tf

Paste Code into File, Save, then Exit


resource "aws_s3_bucket" "foo-bucket" {
# same resource configuration as previous example, but acl set for public access.
acl = "public-read"
}
data "aws_caller_identity" "current" {}

Format the file


terraform fmt

Execute Checkov


Make sure you're in the directory where your Terraform is.


checkov -f main.tf

Results

checkov result
Checkov result showing failed check

It's that simple. As you can see, Checkov runs and it notes that there were 8 failed checks, including Public read access enabled. If you click on the link, it will take you to a guide that explains the failure in more detail and teaches you how to fix it.


Checkov checks for all standard configuration and security errors in your Terraform code BEFORE deploying it. Anytime you download a Terraform script to execute in your environment, you will want to run Checkov to ensure that it meets your standards for configuration.


In the next blog, wrapping up this series, we will check a Terraform configuration file for issues with Checkov, deploy it to Azure, and use the open-source tool Prowler to perform a security best practices assessment of your Azure environment. The report generated can be used to present your recommendations for remediation to small and medium-sized businesses.


You will now be able to create a gig on Fiverr, Upwork, or the likes and conduct low-cost cloud security assessments. Remember to continue your education to pass the Terraform Associate exam.





tyler wall founder cyber now education




Comments

Get Your Dream Cybersecurity Job

Cyber NOW

Courses  :  Certifications  :  Cyber Range  :  Job Boards  :  Knowledge Base  :  Webinars  :  WhatsApp Community

Jump Start Your SOC Analyst Career

Get the new book, Jump-start Your SOC Analyst Career, authored by Tyler Wall.  

 

Winner of the 2024 Cybersecurity Excellence Awards in the category of Best Cybersecurity Book!

  • LinkedIn
  • Facebook

Contact us

bottom of page