From 5e479a5050ec5238608c9737afb7d3d2c51091f0 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Wed, 3 Aug 2022 12:07:36 +0200 Subject: [PATCH] Prwlr 750 exclude metadata json order (#1301) * chore: exclude metadata * chore: exclude metadata * chore: no prettify * chore: no prettify --- .pre-commit-config.yaml | 1 + check_sample.metadata.json | 68 ++++++++++--------- .../ec2_ebs_public_snapshot.metadata.json | 26 +++---- .../ec2_ebs_snapshots_encrypted.metadata.json | 26 +++---- .../ec2_instance_public_ip.metadata.json | 26 +++---- ...cl_allow_ingress_tcp_port_22.metadata.json | 48 ++++++------- ..._allow_ingress_tcp_port_3389.metadata.json | 48 ++++++------- ...ss_from_internet_to_any_port.metadata.json | 25 ++++--- ...from_internet_to_tcp_port_22.metadata.json | 48 ++++++------- ...om_internet_to_tcp_port_3389.metadata.json | 48 ++++++------- ...ernet_to_tcp_port_mysql_3306.metadata.json | 26 +++---- ...to_tcp_port_oracle_1521_2483.metadata.json | 27 ++++---- ...dministrator_access_with_mfa.metadata.json | 26 +++---- .../iam_avoid_root_usage.metadata.json | 48 ++++++------- ..._disable_30_days_credentials.metadata.json | 26 +++---- .../iam_no_root_access_key.metadata.json | 48 ++++++------- ...am_root_hardware_mfa_enabled.metadata.json | 48 ++++++------- .../iam_root_mfa_enabled.metadata.json | 48 ++++++------- ...am_rotate_access_key_90_days.metadata.json | 48 ++++++------- ...am_user_hardware_mfa_enabled.metadata.json | 26 +++---- ...r_mfa_enabled_console_access.metadata.json | 26 +++---- ...m_user_two_active_access_key.metadata.json | 26 +++---- .../s3_bucket_object_versioning.metadata.json | 26 +++---- ...erver_access_logging_enabled.metadata.json | 26 +++---- 24 files changed, 422 insertions(+), 417 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e1ae02a2..afbfe3dc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,6 +12,7 @@ repos: - id: no-commit-to-branch - id: pretty-format-json args: ['--autofix'] + exclude: .metadata.json ## BASH - repo: https://github.com/koalaman/shellcheck-precommit rev: v0.8.0 diff --git a/check_sample.metadata.json b/check_sample.metadata.json index 5d28dc74..55a070d0 100644 --- a/check_sample.metadata.json +++ b/check_sample.metadata.json @@ -1,34 +1,15 @@ { - "Categories": [ - "cat1", - "cat2" - ], + "Provider": "aws", "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", "CheckType": "Data Protection", - "Compliance": [ - { - "Control": [ - "4.1" - ], - "Framework": "CIS-AWS", - "Group": [ - "level2" - ], - "Version": "1.4" - } - ], - "DependsOn": [ - "othercheck1", - "othercheck2" - ], + "ServiceName": "ec2", + "SubServiceName": "securitygroup", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "low", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Extended Description", - "Notes": "additional information", - "Provider": "aws", - "RelatedTo": [ - "othercheck3", - "othercheck4" - ], + "Risk": "If Security groups are not properly configured the attack surface is increased.", "RelatedUrl": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html", "Remediation": { "Code": { @@ -42,10 +23,33 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "If Security groups are not properly configured the attack surface is increased.", - "ServiceName": "ec2", - "Severity": "low", - "SubServiceName": "securitygroup" + "Categories": [ + "cat1", + "cat2" + ], + "Tags": { + "Tag1Key": "value", + "Tag2Key": "value" + }, + "DependsOn": [ + "othercheck1", + "othercheck2" + ], + "RelatedTo": [ + "othercheck3", + "othercheck4" + ], + "Notes": "additional information", + "Compliance": [ + { + "Control": [ + "4.1" + ], + "Framework": "CIS-AWS", + "Group": [ + "level2" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json b/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json index d0758853..d1686692 100644 --- a/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json +++ b/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_ebs_public_snapshot", "CheckTitle": "Ensure there are no EBS Snapshots set as Public.", "CheckType": "Data Protection", - "Compliance": [], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "ebs-snapshots", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "critical", + "ResourceType": "AwsEc2Snapshot", "Description": "Ensure there are no EBS Snapshots set as Public.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2Snapshot", - "Risk": "When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.", - "ServiceName": "ec2", - "Severity": "critical", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json b/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json index f38cf4ec..1b868f94 100644 --- a/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json +++ b/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_ebs_snapshots_encrypted", "CheckTitle": "Check if EBS snapshots are encrypted.", "CheckType": "Data Protection", - "Compliance": [], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "ebs-snapshots", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsEc2Snapshot", "Description": "Check if EBS snapshots are encrypted.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2Snapshot", - "Risk": "Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.", - "ServiceName": "ec2", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json b/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json index 13323c15..88c795a0 100644 --- a/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json +++ b/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_instance_public_ip", "CheckTitle": "Check for EC2 Instances with Public IP.", "CheckType": "Infrastructure Security", - "Compliance": [], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "instances", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Check for EC2 Instances with Public IP.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.", - "ServiceName": "ec2", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json index 5a3a60fb..77c6acf0 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_networkacl_allow_ingress_tcp_port_22", "CheckTitle": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", "CheckType": "Infrastructure Security", - "Compliance": [ - { - "Control": [ - "4.5" - ], - "Framework": "CIS-AWS", - "Group": [ - "level2" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "networkacls", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2NetworkAcl", "Description": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2NetworkAcl", - "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "4.5" + ], + "Framework": "CIS-AWS", + "Group": [ + "level2" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json index 457cd206..bb228814 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_networkacl_allow_ingress_tcp_port_3389", "CheckTitle": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", "CheckType": "Infrastructure Security", - "Compliance": [ - { - "Control": [ - "4.6" - ], - "Framework": "CIS-AWS", - "Group": [ - "level2" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "networkacls", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2NetworkAcl", "Description": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2NetworkAcl", - "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "4.6" + ], + "Framework": "CIS-AWS", + "Group": [ + "level2" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json index ce551974..940bfb6e 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json @@ -1,14 +1,14 @@ { - "Categories": [], "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_any_port", "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", "CheckType": "Infrastructure Security", - "Compliance": [], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "securitygroups", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "If Security groups are not properly configured the attack surface is increased.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +22,13 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "If Security groups are not properly configured the attack surface is increased.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json index a360f7d1..e14990e9 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", "CheckType": "Infrastructure Security", - "Compliance": [ - { - "Control": [ - "4.1" - ], - "Framework": "CIS-AWS", - "Group": [ - "level2" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "securitygroups", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "If Security groups are not properly configured the attack surface is increased.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "If Security groups are not properly configured the attack surface is increased.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "4.1" + ], + "Framework": "CIS-AWS", + "Group": [ + "level2" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json index 0edea2d2..cf51b4dc 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", "CheckType": "Infrastructure Security", - "Compliance": [ - { - "Control": [ - "4.2" - ], - "Framework": "CIS-AWS", - "Group": [ - "level2" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "securitygroups", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "If Security groups are not properly configured the attack surface is increased.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "If Security groups are not properly configured the attack surface is increased.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "4.2" + ], + "Framework": "CIS-AWS", + "Group": [ + "level2" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json index 5c2a864e..9844b0d3 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306", "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", "CheckType": "Infrastructure Security", - "Compliance": [], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "If Security groups are not properly configured the attack surface is increased.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "If Security groups are not properly configured the attack surface is increased.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json index 73ccdfbd..4b5f1436 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json @@ -1,14 +1,16 @@ { - "Categories": [], + "Provider": "aws", + "CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483", "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", "CheckType": "Infrastructure Security", - "Compliance": [], - "DependsOn": [], + "ServiceName": "ec2", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsEc2SecurityGroup", "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "If Security groups are not properly configured the attack surface is increased.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +24,13 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsEc2SecurityGroup", - "Risk": "If Security groups are not properly configured the attack surface is increased.", - "ServiceName": "ec2", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json b/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json index 4bfb7439..4d99f1bd 100644 --- a/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json +++ b/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_administrator_access_with_mfa", "CheckTitle": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled", "CheckType": "Infrastructure Security", - "Compliance": [], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsIamUser", "Description": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Policy may allow Anonymous users to perform actions.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "Policy may allow Anonymous users to perform actions.", - "ServiceName": "iam", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json b/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json index d89c8e03..4c66d0d8 100644 --- a/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json +++ b/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_avoid_root_usage", "CheckTitle": "Avoid the use of the root accounts", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [ - { - "Control": [ - "1.1" - ], - "Framework": "CIS-AWS", - "Group": [ - "level1" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsIamUser", "Description": "Avoid the use of the root account", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.", - "ServiceName": "iam", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "1.1" + ], + "Framework": "CIS-AWS", + "Group": [ + "level1" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json b/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json index 3565eac2..52c0d0fc 100644 --- a/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json +++ b/providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_disable_30_days_credentials", "CheckTitle": "Ensure credentials unused for 30 days or greater are disabled", "CheckType": "Software and Configuration Checks", - "Compliance": [], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsIamUser", "Description": "Ensure credentials unused for 30 days or greater are disabled", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.", - "ServiceName": "iam", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json b/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json index 93024fec..b4ea0cec 100644 --- a/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json +++ b/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_no_root_access_key", "CheckTitle": "Ensure no root account access key exists", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [ - { - "Control": [ - "1.12" - ], - "Framework": "CIS-AWS", - "Group": [ - "level1" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "critical", + "ResourceType": "AwsIamUser", "Description": "Ensure no root account access key exists", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "ServiceName": "iam", - "Severity": "critical", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "1.12" + ], + "Framework": "CIS-AWS", + "Group": [ + "level1" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json b/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json index 2a0d2113..2c1b0388 100644 --- a/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json +++ b/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_root_hardware_mfa_enabled", "CheckTitle": "Ensure hardware MFA is enabled for the root account", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [ - { - "Control": [ - "1.14" - ], - "Framework": "CIS-AWS", - "Group": [ - "level1" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "critical", + "ResourceType": "AwsIamUser", "Description": "Ensure hardware MFA is enabled for the root account", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with a hardware MFA.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with a hardware MFA.", - "ServiceName": "iam", - "Severity": "critical", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "1.14" + ], + "Framework": "CIS-AWS", + "Group": [ + "level1" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json b/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json index d9876e5e..bb67b755 100644 --- a/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json +++ b/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_root_mfa_enabled", "CheckTitle": "Ensure MFA is enabled for the root account", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [ - { - "Control": [ - "1.13" - ], - "Framework": "CIS-AWS", - "Group": [ - "level1" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "critical", + "ResourceType": "AwsIamUser", "Description": "Ensure MFA is enabled for the root account", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.", - "ServiceName": "iam", - "Severity": "critical", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "1.13" + ], + "Framework": "CIS-AWS", + "Group": [ + "level1" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json b/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json index b889b5ec..c2166510 100644 --- a/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json +++ b/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json @@ -1,25 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_rotate_access_key_90_days", "CheckTitle": "Ensure access keys are rotated every 90 days or less", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [ - { - "Control": [ - "1.4" - ], - "Framework": "CIS-AWS", - "Group": [ - "level1" - ], - "Version": "1.4" - } - ], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsIamUser", "Description": "Ensure access keys are rotated every 90 days or less", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", "RelatedUrl": "", "Remediation": { "Code": { @@ -33,14 +23,24 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.", - "ServiceName": "iam", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [ + { + "Control": [ + "1.4" + ], + "Framework": "CIS-AWS", + "Group": [ + "level1" + ], + "Version": "1.4" + } + ] } diff --git a/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json b/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json index 55c222db..579b4467 100644 --- a/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json +++ b/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_user_hardware_mfa_enabled", "CheckTitle": "Check if IAM users have Hardware MFA enabled.", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsIamUser", "Description": "Check if IAM users have Hardware MFA enabled.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Hardware MFA is preferred over virtual MFA.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "Hardware MFA is preferred over virtual MFA.", - "ServiceName": "iam", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json b/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json index 5b642c9f..ec274760 100644 --- a/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json +++ b/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_user_mfa_enabled_console_access", "CheckTitle": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "high", + "ResourceType": "AwsIamUser", "Description": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "Unauthorized access to this critical account if password is not secure or it is disclosed in any way.", - "ServiceName": "iam", - "Severity": "high", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json b/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json index 2a01985e..eec7b7e4 100644 --- a/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json +++ b/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "iam_user_two_active_access_key", "CheckTitle": "Check if IAM users have two active access keys", "CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark", - "Compliance": [], - "DependsOn": [], + "ServiceName": "iam", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsIamUser", "Description": "Check if IAM users have two active access keys", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Access Keys could be lost or stolen. It creates a critical risk.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsIamUser", - "Risk": "Access Keys could be lost or stolen. It creates a critical risk.", - "ServiceName": "iam", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.metadata.json b/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.metadata.json index 2d08173b..a5484fdb 100644 --- a/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.metadata.json +++ b/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "s3_bucket_object_versioning", "CheckTitle": "Check if S3 buckets have object versioning enabled", "CheckType": "Data Protection", - "Compliance": [], - "DependsOn": [], + "ServiceName": "s3", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsS3Bucket", "Description": "Check if S3 buckets have object versioning enabled", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "With versioning, you can easily recover from both unintended user actions and application failures.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev-retired/Versioning.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsS3Bucket", - "Risk": "With versioning, you can easily recover from both unintended user actions and application failures.", - "ServiceName": "s3", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] } diff --git a/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json b/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json index 310ea9ce..9e58ce05 100644 --- a/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json +++ b/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json @@ -1,14 +1,15 @@ { - "Categories": [], + "Provider": "aws", "CheckID": "s3_bucket_server_access_logging_enabled", "CheckTitle": "Check if S3 buckets have server access logging enabled", "CheckType": "Logging and Monitoring", - "Compliance": [], - "DependsOn": [], + "ServiceName": "s3", + "SubServiceName": "", + "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", + "Severity": "medium", + "ResourceType": "AwsS3Bucket", "Description": "Check if S3 buckets have server access logging enabled", - "Notes": "", - "Provider": "aws", - "RelatedTo": [], + "Risk": "Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.", "RelatedUrl": "", "Remediation": { "Code": { @@ -22,14 +23,13 @@ "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" } }, - "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "ResourceType": "AwsS3Bucket", - "Risk": "Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.", - "ServiceName": "s3", - "Severity": "medium", - "SubServiceName": "", + "Categories": [], "Tags": { "Tag1Key": "value", "Tag2Key": "value" - } + }, + "DependsOn": [], + "RelatedTo": [], + "Notes": "", + "Compliance": [] }