mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
5e479a5050
* chore: exclude metadata * chore: exclude metadata * chore: no prettify * chore: no prettify
56 lines
1.6 KiB
JSON
56 lines
1.6 KiB
JSON
{
|
|
"Provider": "aws",
|
|
"CheckID": "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
|
|
"CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.",
|
|
"CheckType": "Data Protection",
|
|
"ServiceName": "ec2",
|
|
"SubServiceName": "securitygroup",
|
|
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
|
"Severity": "low",
|
|
"ResourceType": "AwsEc2SecurityGroup",
|
|
"Description": "Extended Description",
|
|
"Risk": "If Security groups are not properly configured the attack surface is increased.",
|
|
"RelatedUrl": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html",
|
|
"Remediation": {
|
|
"Code": {
|
|
"CLI": "cli command or URL to the cli command location.",
|
|
"NativeIaC": "code or URL to the code location.",
|
|
"Other": "cli command or URL to the cli command location.",
|
|
"Terraform": "code or URL to the code location."
|
|
},
|
|
"Recommendation": {
|
|
"Text": "Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.",
|
|
"Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html"
|
|
}
|
|
},
|
|
"Categories": [
|
|
"cat1",
|
|
"cat2"
|
|
],
|
|
"Tags": {
|
|
"Tag1Key": "value",
|
|
"Tag2Key": "value"
|
|
},
|
|
"DependsOn": [
|
|
"othercheck1",
|
|
"othercheck2"
|
|
],
|
|
"RelatedTo": [
|
|
"othercheck3",
|
|
"othercheck4"
|
|
],
|
|
"Notes": "additional information",
|
|
"Compliance": [
|
|
{
|
|
"Control": [
|
|
"4.1"
|
|
],
|
|
"Framework": "CIS-AWS",
|
|
"Group": [
|
|
"level2"
|
|
],
|
|
"Version": "1.4"
|
|
}
|
|
]
|
|
}
|