mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
44 lines
1.4 KiB
JSON
44 lines
1.4 KiB
JSON
{
|
|
"Provider": "aws",
|
|
"CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
|
|
"CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.",
|
|
"CheckType": "Data Protection",
|
|
"ServiceName": "ec2",
|
|
"SubServiceName": "securitygroup",
|
|
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
|
"Severity": "low",
|
|
"ResourceType": "AwsEc2SecurityGroup",
|
|
"Description": "Extended Description",
|
|
"Risk": "If Security groups are not properly configured the attack surface is increased.",
|
|
"RelatedUrl": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html",
|
|
"Remediation": {
|
|
"Code": {
|
|
"CLI": "cli command or URL to the cli command location.",
|
|
"NativeIaC": "code or URL to the code location.",
|
|
"Other": "cli command or URL to the cli command location.",
|
|
"Terraform": "code or URL to the code location."
|
|
},
|
|
"Recommendation": {
|
|
"Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.",
|
|
"Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html"
|
|
}
|
|
},
|
|
"Categories": [
|
|
"cat1",
|
|
"cat2"
|
|
],
|
|
"Tags": {
|
|
"Tag1Key": "value",
|
|
"Tag2Key": "value"
|
|
},
|
|
"DependsOn": [
|
|
"othercheck1",
|
|
"othercheck2"
|
|
],
|
|
"RelatedTo": [
|
|
"othercheck3",
|
|
"othercheck4"
|
|
],
|
|
"Notes": "additional information"
|
|
}
|