From a9d064912203807b9d9980c9bb53fa29b3bc9b43 Mon Sep 17 00:00:00 2001 From: Pablo Pagani Date: Tue, 23 Mar 2021 15:19:23 -0300 Subject: [PATCH] added risk, remediation doc and epics to firts 3 checks --- checks/check11 | 4 ++++ checks/check12 | 4 ++++ checks/check13 | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/checks/check11 b/checks/check11 index c6cf4aef..d8040e41 100644 --- a/checks/check11 +++ b/checks/check11 @@ -16,6 +16,10 @@ CHECK_SEVERITY_check11="High" CHECK_ASFF_TYPE_check11="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" CHECK_ALTERNATE_check101="check11" CHECK_SERVICENAME_check11="iam" +CHECK_RISK_check11='The "root" account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.' +CHECK_REMEDIATION_check11='Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.' +CHECK_DOC_check11='http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html' +CHECK_CAF_EPIC_check11='IAM' check11(){ # "Avoid the use of the root account (Scored)." diff --git a/checks/check12 b/checks/check12 index 6d1a1975..1d8f572f 100644 --- a/checks/check12 +++ b/checks/check12 @@ -18,6 +18,10 @@ CHECK_ASFF_RESOURCE_TYPE_check12="AwsIamUser" CHECK_ALTERNATE_check102="check12" CHECK_ASFF_COMPLIANCE_TYPE_check12="ens-op.acc.5.aws.iam.1" CHECK_SERVICENAME_check12="iam" +CHECK_RISK_check12='Unauthorized access to this critical account if password is not secure or it is disclosed in any way.' +CHECK_REMEDIATION_check12='Enable MFA for root account. is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.' +CHECK_DOC_check12='https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html' +CHECK_CAF_EPIC_check12='IAM' check12(){ # "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)" diff --git a/checks/check13 b/checks/check13 index 14da7201..80388de1 100644 --- a/checks/check13 +++ b/checks/check13 @@ -18,6 +18,10 @@ CHECK_ASFF_RESOURCE_TYPE_check13="AwsIamUser" CHECK_ALTERNATE_check103="check13" CHECK_ASFF_COMPLIANCE_TYPE_check13="ens-op.acc.1.aws.iam.3 ens-op.acc.5.aws.iam.4" CHECK_SERVICENAME_check13="iam" +CHECK_RISK_check13='AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.' +CHECK_REMEDIATION_check13='Use the credential report to ensure password_last_changed is less than 90 days ago.' +CHECK_DOC_check13='https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html' +CHECK_CAF_EPIC_check13='IAM' check13(){ check_creds_used_in_last_days 90