From 1150f2782a810f96f3a307de4d1a416db629238c Mon Sep 17 00:00:00 2001 From: MrSecure Date: Tue, 24 Apr 2018 21:02:41 -0700 Subject: [PATCH] mark Level 1 checks as such --- checks/check11 | 1 + checks/check110 | 3 ++- checks/check111 | 1 + checks/check112 | 3 ++- checks/check113 | 3 ++- checks/check115 | 3 ++- checks/check116 | 3 ++- checks/check117 | 3 ++- checks/check118 | 3 ++- checks/check119 | 1 + checks/check12 | 1 + checks/check120 | 3 ++- checks/check122 | 3 ++- checks/check123 | 3 ++- checks/check124 | 3 ++- checks/check13 | 1 + checks/check14 | 1 + checks/check15 | 3 ++- checks/check16 | 1 + checks/check17 | 1 + checks/check18 | 1 + checks/check19 | 3 ++- checks/check21 | 3 ++- checks/check23 | 3 ++- checks/check24 | 3 ++- checks/check25 | 3 ++- checks/check26 | 3 ++- checks/check31 | 3 ++- checks/check312 | 3 ++- checks/check313 | 3 ++- checks/check314 | 3 ++- checks/check315 | 1 + checks/check32 | 1 + checks/check33 | 3 ++- checks/check34 | 3 ++- checks/check35 | 3 ++- checks/check38 | 3 ++- 37 files changed, 63 insertions(+), 26 deletions(-) diff --git a/checks/check11 b/checks/check11 index 98a906b0..a72c704c 100644 --- a/checks/check11 +++ b/checks/check11 @@ -11,6 +11,7 @@ CHECK_ID_check11="1.1,1.01" CHECK_TITLE_check11="[check11] Avoid the use of the root account (Scored)" CHECK_SCORED_check11="SCORED" +CHECK_TYPE_check11="LEVEL1" CHECK_ALTERNATE_check101="check11" check11(){ diff --git a/checks/check110 b/checks/check110 index 1ab1fa3b..6f34b0f2 100644 --- a/checks/check110 +++ b/checks/check110 @@ -11,7 +11,8 @@ CHECK_ID_check110="1.10" CHECK_TITLE_check110="[check110] Ensure IAM password policy prevents password reuse: 24 or greater (Scored)" CHECK_SCORED_check110="SCORED" -CHECK_ALTERNATE_check110="check110" +CHECK_TYPE_check110="LEVEL1" +CHECK_ALTERNATE_check110="check110" check110(){ # "Ensure IAM password policy prevents password reuse: 24 or greater (Scored)" diff --git a/checks/check111 b/checks/check111 index 45973792..768ff1cc 100644 --- a/checks/check111 +++ b/checks/check111 @@ -11,6 +11,7 @@ CHECK_ID_check111="1.11" CHECK_TITLE_check111="[check111] Ensure IAM password policy expires passwords within 90 days or less (Scored)" CHECK_SCORED_check111="SCORED" +CHECK_TYPE_check111="LEVEL1" CHECK_ALTERNATE_check111="check111" check111(){ diff --git a/checks/check112 b/checks/check112 index b4bbcb53..f6fa9481 100644 --- a/checks/check112 +++ b/checks/check112 @@ -10,7 +10,8 @@ CHECK_ID_check112="1.12" CHECK_TITLE_check112="[check112] Ensure no root account access key exists (Scored)" -CHECK_SCORED_check112="SCORED" +CHECK_SCORED_check112="SCORED" +CHECK_TYPE_check112="LEVEL1" CHECK_ALTERNATE_check112="check112" check112(){ diff --git a/checks/check113 b/checks/check113 index 668bf25b..481daeef 100644 --- a/checks/check113 +++ b/checks/check113 @@ -11,7 +11,8 @@ CHECK_ID_check113="1.13" CHECK_TITLE_check113="[check113] Ensure MFA is enabled for the root account (Scored)" CHECK_SCORED_check113="SCORED" -CHECK_ALTERNATE_check113="check113" +CHECK_TYPE_check113="LEVEL1" +CHECK_ALTERNATE_check113="check113" check113(){ # "Ensure MFA is enabled for the root account (Scored)" diff --git a/checks/check115 b/checks/check115 index 08d10891..3fd9229c 100644 --- a/checks/check115 +++ b/checks/check115 @@ -11,7 +11,8 @@ CHECK_ID_check115="1.15" CHECK_TITLE_check115="[check115] Ensure security questions are registered in the AWS account (Not Scored)" CHECK_SCORED_check115="SCORED" -CHECK_ALTERNATE_check115="check115" +CHECK_TYPE_check115="LEVEL1" +CHECK_ALTERNATE_check115="check115" check115(){ # "Ensure security questions are registered in the AWS account (Not Scored)" diff --git a/checks/check116 b/checks/check116 index 6dbbc4c5..a70114ae 100644 --- a/checks/check116 +++ b/checks/check116 @@ -11,7 +11,8 @@ CHECK_ID_check116="1.16" CHECK_TITLE_check116="[check116] Ensure IAM policies are attached only to groups or roles (Scored)" CHECK_SCORED_check116="SCORED" -CHECK_ALTERNATE_check116="check116" +CHECK_TYPE_check116="LEVEL1" +CHECK_ALTERNATE_check116="check116" check116(){ # "Ensure IAM policies are attached only to groups or roles (Scored)" diff --git a/checks/check117 b/checks/check117 index 4550c1a1..4805a9fb 100644 --- a/checks/check117 +++ b/checks/check117 @@ -11,7 +11,8 @@ CHECK_ID_check117="1.17" CHECK_TITLE_check117="[check117] Enable detailed billing (Scored)" CHECK_SCORED_check117="SCORED" -CHECK_ALTERNATE_check117="check117" +CHECK_TYPE_check117="LEVEL1" +CHECK_ALTERNATE_check117="check117" check117(){ # "Enable detailed billing (Scored)" diff --git a/checks/check118 b/checks/check118 index d793c144..e6bb9ce9 100644 --- a/checks/check118 +++ b/checks/check118 @@ -11,7 +11,8 @@ CHECK_ID_check118="1.18" CHECK_TITLE_check118="[check118] Ensure IAM Master and IAM Manager roles are active (Scored)" CHECK_SCORED_check118="SCORED" -CHECK_ALTERNATE_check118="check118" +CHECK_TYPE_check118="LEVEL1" +CHECK_ALTERNATE_check118="check118" check118(){ # "Ensure IAM Master and IAM Manager roles are active (Scored)" diff --git a/checks/check119 b/checks/check119 index 6593fc30..b8549cec 100644 --- a/checks/check119 +++ b/checks/check119 @@ -11,6 +11,7 @@ CHECK_ID_check119="1.19" CHECK_TITLE_check119="[check119] Maintain current contact details (Scored)" CHECK_SCORED_check119="SCORED" +CHECK_TYPE_check119="LEVEL1" CHECK_ALTERNATE_check119="check119" check119(){ diff --git a/checks/check12 b/checks/check12 index a96aa30a..6a514071 100644 --- a/checks/check12 +++ b/checks/check12 @@ -11,6 +11,7 @@ CHECK_ID_check12="1.2,1.02" CHECK_TITLE_check12="[check12] Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)" CHECK_SCORED_check12="SCORED" +CHECK_TYPE_check12="LEVEL1" CHECK_ALTERNATE_check102="check12" check12(){ diff --git a/checks/check120 b/checks/check120 index b18bb767..17ca89f5 100644 --- a/checks/check120 +++ b/checks/check120 @@ -11,7 +11,8 @@ CHECK_ID_check120="1.20" CHECK_TITLE_check120="[check120] Ensure security contact information is registered (Scored)" CHECK_SCORED_check120="SCORED" -CHECK_ALTERNATE_check120="check120" +CHECK_TYPE_check120="LEVEL1" +CHECK_ALTERNATE_check120="check120" check120(){ # "Ensure security contact information is registered (Scored)" diff --git a/checks/check122 b/checks/check122 index 67c93c7e..70ad1100 100644 --- a/checks/check122 +++ b/checks/check122 @@ -11,7 +11,8 @@ CHECK_ID_check122="1.22" CHECK_TITLE_check122="[check122] Ensure a support role has been created to manage incidents with AWS Support (Scored)" CHECK_SCORED_check122="SCORED" -CHECK_ALTERNATE_check122="check122" +CHECK_TYPE_check122="LEVEL1" +CHECK_ALTERNATE_check122="check122" check122(){ # "Ensure a support role has been created to manage incidents with AWS Support (Scored)" diff --git a/checks/check123 b/checks/check123 index db96a737..9f20fddf 100644 --- a/checks/check123 +++ b/checks/check123 @@ -10,7 +10,8 @@ CHECK_ID_check123="1.23" CHECK_TITLE_check123="[check123] Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)" -CHECK_SCORED_check123="NOT_SCORED" +CHECK_SCORED_check123="NOT_SCORED" +CHECK_TYPE_check123="LEVEL1" CHECK_ALTERNATE_check123="check123" check123(){ diff --git a/checks/check124 b/checks/check124 index 0f99d55d..1c1637f3 100644 --- a/checks/check124 +++ b/checks/check124 @@ -11,7 +11,8 @@ CHECK_ID_check124="1.24" CHECK_TITLE_check124="[check124] Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)" CHECK_SCORED_check124="SCORED" -CHECK_ALTERNATE_check124="check124" +CHECK_TYPE_check124="LEVEL1" +CHECK_ALTERNATE_check124="check124" check124(){ # "Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)" diff --git a/checks/check13 b/checks/check13 index 18b4ed6f..64733cff 100644 --- a/checks/check13 +++ b/checks/check13 @@ -11,6 +11,7 @@ CHECK_ID_check13="1.3,1.03" CHECK_TITLE_check13="[check13] Ensure credentials unused for 90 days or greater are disabled (Scored)" CHECK_SCORED_check13="SCORED" +CHECK_TYPE_check13="LEVEL1" CHECK_ALTERNATE_check103="check13" check13(){ diff --git a/checks/check14 b/checks/check14 index 1ae4502f..ba30c25c 100644 --- a/checks/check14 +++ b/checks/check14 @@ -11,6 +11,7 @@ CHECK_ID_check14="1.4,1.04" CHECK_TITLE_check14="[check14] Ensure access keys are rotated every 90 days or less (Scored)" CHECK_SCORED_check14="SCORED" +CHECK_TYPE_check14="LEVEL1" CHECK_ALTERNATE_check104="check14" check14(){ diff --git a/checks/check15 b/checks/check15 index afc053ff..aedcba17 100644 --- a/checks/check15 +++ b/checks/check15 @@ -11,7 +11,8 @@ CHECK_ID_check15="1.5,1.05" CHECK_TITLE_check15="[check15] Ensure IAM password policy requires at least one uppercase letter (Scored)" CHECK_SCORED_check15="SCORED" -CHECK_ALTERNATE_check105="check15" +CHECK_TYPE_check15="LEVEL1" +CHECK_ALTERNATE_check105="check15" check15(){ # "Ensure IAM password policy requires at least one uppercase letter (Scored)" diff --git a/checks/check16 b/checks/check16 index b846e03d..de224521 100644 --- a/checks/check16 +++ b/checks/check16 @@ -11,6 +11,7 @@ CHECK_ID_check16="1.6,1.06" CHECK_TITLE_check16="[check16] Ensure IAM password policy require at least one lowercase letter (Scored)" CHECK_SCORED_check16="SCORED" +CHECK_TYPE_check16="LEVEL1" CHECK_ALTERNATE_check106="check16" check16(){ diff --git a/checks/check17 b/checks/check17 index 8ee31da2..f344c759 100644 --- a/checks/check17 +++ b/checks/check17 @@ -11,6 +11,7 @@ CHECK_ID_check17="1.7,1.07" CHECK_TITLE_check17="[check17] Ensure IAM password policy require at least one symbol (Scored)" CHECK_SCORED_check17="SCORED" +CHECK_TYPE_check17="LEVEL1" CHECK_ALTERNATE_check107="check17" check17(){ diff --git a/checks/check18 b/checks/check18 index 62ebc22c..2abb0df0 100644 --- a/checks/check18 +++ b/checks/check18 @@ -11,6 +11,7 @@ CHECK_ID_check18="1.8,1.08" CHECK_TITLE_check18="[check18] Ensure IAM password policy require at least one number (Scored)" CHECK_SCORED_check18="SCORED" +CHECK_TYPE_check19="LEVEL1" CHECK_ALTERNATE_check18="check18" check18(){ diff --git a/checks/check19 b/checks/check19 index 57f18460..6e924ae8 100644 --- a/checks/check19 +++ b/checks/check19 @@ -11,7 +11,8 @@ CHECK_ID_check19="1.9,1.09" CHECK_TITLE_check19="[check19] Ensure IAM password policy requires minimum length of 14 or greater (Scored)" CHECK_SCORED_check19="SCORED" -CHECK_ALTERNATE_check109="check19" +CHECK_TYPE_check19="LEVEL1" +CHECK_ALTERNATE_check109="check19" check19(){ # "Ensure IAM password policy requires minimum length of 14 or greater (Scored)" diff --git a/checks/check21 b/checks/check21 index 82d6c904..67bf20f2 100644 --- a/checks/check21 +++ b/checks/check21 @@ -11,7 +11,8 @@ CHECK_ID_check21="2.1,2.01" CHECK_TITLE_check21="[check21] Ensure CloudTrail is enabled in all regions (Scored)" CHECK_SCORED_check21="SCORED" -CHECK_ALTERNATE_check201="check21" +CHECK_TYPE_check21="LEVEL1" +CHECK_ALTERNATE_check201="check21" check21(){ # "Ensure CloudTrail is enabled in all regions (Scored)" diff --git a/checks/check23 b/checks/check23 index e79a2924..63ccd4d7 100644 --- a/checks/check23 +++ b/checks/check23 @@ -11,7 +11,8 @@ CHECK_ID_check23="2.3,2.03" CHECK_TITLE_check23="[check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)" CHECK_SCORED_check23="SCORED" -CHECK_ALTERNATE_check203="check23" +CHECK_TYPE_check23="LEVEL1" +CHECK_ALTERNATE_check203="check23" check23(){ # "Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)" diff --git a/checks/check24 b/checks/check24 index 89b2a966..35185035 100644 --- a/checks/check24 +++ b/checks/check24 @@ -11,7 +11,8 @@ CHECK_ID_check24="2.4,2.04" CHECK_TITLE_check24="[check24] Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)" CHECK_SCORED_check24="SCORED" -CHECK_ALTERNATE_check204="check24" +CHECK_TYPE_check24="LEVEL1" +CHECK_ALTERNATE_check204="check24" check24(){ # "Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)" diff --git a/checks/check25 b/checks/check25 index be0ff7cb..d8d81732 100644 --- a/checks/check25 +++ b/checks/check25 @@ -11,7 +11,8 @@ CHECK_ID_check25="2.5,2.05" CHECK_TITLE_check25="[check25] Ensure AWS Config is enabled in all regions (Scored)" CHECK_SCORED_check25="SCORED" -CHECK_ALTERNATE_check205="check25" +CHECK_TYPE_check25="LEVEL1" +CHECK_ALTERNATE_check205="check25" check25(){ # "Ensure AWS Config is enabled in all regions (Scored)" diff --git a/checks/check26 b/checks/check26 index 7cc86dce..5d19c2c6 100644 --- a/checks/check26 +++ b/checks/check26 @@ -11,7 +11,8 @@ CHECK_ID_check26="2.6,2.06" CHECK_TITLE_check26="[check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)" CHECK_SCORED_check26="SCORED" -CHECK_ALTERNATE_check206="check26" +CHECK_TYPE_check26="LEVEL1" +CHECK_ALTERNATE_check206="check26" check26(){ # "Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)" diff --git a/checks/check31 b/checks/check31 index 5a2b0512..5b4f769d 100644 --- a/checks/check31 +++ b/checks/check31 @@ -11,7 +11,8 @@ CHECK_ID_check31="3.1,3.01" CHECK_TITLE_check31="[check31] Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)" CHECK_SCORED_check31="SCORED" -CHECK_ALTERNATE_check301="check31" +CHECK_TYPE_check31="LEVEL1" +CHECK_ALTERNATE_check301="check31" check31(){ # "Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)" diff --git a/checks/check312 b/checks/check312 index f1f29b84..90edd1eb 100644 --- a/checks/check312 +++ b/checks/check312 @@ -10,7 +10,8 @@ CHECK_ID_check312="3.12" CHECK_TITLE_check312="[check312] Ensure a log metric filter and alarm exist for changes to network gateways (Scored)" -CHECK_SCORED_check312="SCORED" +CHECK_SCORED_check312="SCORED" +CHECK_TYPE_check312="LEVEL1" CHECK_ALTERNATE_check312="check312" check312(){ diff --git a/checks/check313 b/checks/check313 index 5a9fed6f..8c54983f 100644 --- a/checks/check313 +++ b/checks/check313 @@ -10,7 +10,8 @@ CHECK_ID_check313="3.13" CHECK_TITLE_check313="[check313] Ensure a log metric filter and alarm exist for route table changes (Scored)" -CHECK_SCORED_check313="SCORED" +CHECK_SCORED_check313="SCORED" +CHECK_TYPE_check313="LEVEL1" CHECK_ALTERNATE_check313="check313" check313(){ diff --git a/checks/check314 b/checks/check314 index 9ef23dc0..8a7ab7c1 100644 --- a/checks/check314 +++ b/checks/check314 @@ -10,7 +10,8 @@ CHECK_ID_check314="3.14" CHECK_TITLE_check314="[check314] Ensure a log metric filter and alarm exist for VPC changes (Scored)" -CHECK_SCORED_check314="SCORED" +CHECK_SCORED_check314="SCORED" +CHECK_TYPE_check314="LEVEL1" CHECK_ALTERNATE_check314="check314" check314(){ diff --git a/checks/check315 b/checks/check315 index cec444cd..5672b27f 100644 --- a/checks/check315 +++ b/checks/check315 @@ -11,6 +11,7 @@ CHECK_ID_check315="3.15" CHECK_TITLE_check315="[check315] Ensure appropriate subscribers to each SNS topic (Not Scored)" CHECK_SCORED_check315="SCORED" +CHECK_TYPE_check315="LEVEL1" CHECK_ALTERNATE_check315="check315" check315(){ diff --git a/checks/check32 b/checks/check32 index d6a17789..04c26703 100644 --- a/checks/check32 +++ b/checks/check32 @@ -11,6 +11,7 @@ CHECK_ID_check32="3.2,3.02" CHECK_TITLE_check32="[check32] Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)" CHECK_SCORED_check32="SCORED" +CHECK_TYPE_check32="LEVEL1" CHECK_ALTERNATE_check302="check32" check32(){ diff --git a/checks/check33 b/checks/check33 index bec9d695..90d5c51a 100644 --- a/checks/check33 +++ b/checks/check33 @@ -11,7 +11,8 @@ CHECK_ID_check33="3.3,3.03" CHECK_TITLE_check33="[check33] Ensure a log metric filter and alarm exist for usage of root account (Scored)" CHECK_SCORED_check33="SCORED" -CHECK_ALTERNATE_check303="check33" +CHECK_TYPE_check33="LEVEL1" +CHECK_ALTERNATE_check303="check33" check33(){ # "Ensure a log metric filter and alarm exist for usage of root account (Scored)" diff --git a/checks/check34 b/checks/check34 index 57ce435e..a88f92eb 100644 --- a/checks/check34 +++ b/checks/check34 @@ -11,7 +11,8 @@ CHECK_ID_check34="3.4,3.04" CHECK_TITLE_check34="[check34] Ensure a log metric filter and alarm exist for IAM policy changes (Scored)" CHECK_SCORED_check34="SCORED" -CHECK_ALTERNATE_check304="check34" +CHECK_TYPE_check34="LEVEL1" +CHECK_ALTERNATE_check304="check34" check34(){ # "Ensure a log metric filter and alarm exist for IAM policy changes (Scored)" diff --git a/checks/check35 b/checks/check35 index c41aafd4..38c4eb33 100644 --- a/checks/check35 +++ b/checks/check35 @@ -11,7 +11,8 @@ CHECK_ID_check35="3.5,3.05" CHECK_TITLE_check35="[check35] Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)" CHECK_SCORED_check35="SCORED" -CHECK_ALTERNATE_check305="check35" +CHECK_TYPE_check35="LEVEL1" +CHECK_ALTERNATE_check305="check35" check35(){ # "Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)" diff --git a/checks/check38 b/checks/check38 index 8d06f323..bd5f0fee 100644 --- a/checks/check38 +++ b/checks/check38 @@ -11,7 +11,8 @@ CHECK_ID_check38="3.8,3.08" CHECK_TITLE_check38="[check38] Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)" CHECK_SCORED_check38="SCORED" -CHECK_ALTERNATE_check308="check38" +CHECK_TYPE_check38="LEVEL1" +CHECK_ALTERNATE_check308="check38" check38(){ # "Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"