Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PLA-29459 - Update Readme and tox file #104

Merged
merged 2 commits into from
Aug 4, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ The table below lists all the supported jobs with their links.
| 21. | 688d093c-3b8d-11eb-adc1-0242ac120002 | S3 bucket should allow only HTTPS requests | [aws-s3-bucket-policy-allow-https](remediation_worker/jobs/aws_s3_bucket_policy_allow_https) |
| 22. | 09639b9d-98e8-493b-b8a4-916775a7dea9 | SQS queue policy should restricted access to required users | [aws-sqs-queue-publicly-accessible](remediation_worker/jobs/aws_sqs_queue_publicly_accessible) |
| 23. | 1ec4a1f2-3e08-11eb-b378-0242ac130002 | Network ACL should restrict administration ports (3389 and 22) from public access | [aws-ec2-administration-ports-ingress-allowed](remediation_worker/jobs/aws_ec2_administration_ports_ingress_allowed) |
| 24. | ce603728-d631-4bae-8657-c22da6e5944e | Kinesis data stream should be encrypted
| 24. | ce603728-d631-4bae-8657-c22da6e5944e | Kinesis data stream should be encrypted | [kinesis-encrypt-stream](remediation_worker/jobs/kinesis_encrypt_stream) |
| 25. | 5c8c263d7a550e1fb6560c39 | EC2 instance should restrict public access to FTP data port (20) | [ec2-close-port-20](remediation_worker/jobs/ec2_close_port_20) |
| 26. | 4823ede0-7bed-4af0-a182-81c2ada80203 | EC2 instance should restrict public access to Kibana (5601) | [ec2-close-port-5601](remediation_worker/jobs/ec2_close_port_5601) |
| 27. | 5c8c26427a550e1fb6560c41 | EC2 instance should restrict public access to MySQL server port (3306) | [ec2-close-port-3306](remediation_worker/jobs/ec2_close_port_3306) |
Expand All @@ -149,6 +149,10 @@ The table below lists all the supported jobs with their links.
| 36. | 2cdb8877-7ac3-4483-9ed0-1e792171d125 | EBS volume snapshot should be private | [ebs-private-snapshot](remediation_worker/jobs/ebs_private_snapshot) |
| 37. | 5c8c26467a550e1fb6560c48 | RDS instance should restrict public access | [rds-remove-public-endpoint](remediation_worker/jobs/rds_remove_public_endpoint) |
| 38. | 5c8c264a7a550e1fb6560c4c | RDS should have automatic minor version upgrades enabled | [rds-enable-version-update](remediation_worker/jobs/rds_enable_version_update) |
| 39. | 5c8c25f37a550e1fb6560bca | EC2 VPC default security group should restrict all access | [aws-ec2-default-security-group-traffic](remediation_worker/jobs/aws_ec2_default_security_group_traffic) |
| 40. | 5c8c260b7a550e1fb6560bf4 | IAM password policy should set a minimum length | [aws-iam-password-policy-min-length](remediation_worker/jobs/aws_iam_password_policy_min_length) |
| 41. | 5c8c26107a550e1fb6560bfc | IAM password policy should prevent password reuse | [aws-iam-password-reuse-prevention](remediation_worker/jobs/aws_iam_password_reuse_prevention) |
| 42. | 7fe4eb28-3b82-11eb-adc1-0242ac120002 | IAM server certificates that are expired should be removed | [aws-iam-server-certificate-expired](remediation_worker/jobs/aws_iam_server_certificate_expired) |

## Contributing
The Secure State team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq).
Expand Down
54 changes: 39 additions & 15 deletions tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,21 @@
minversion = 3.6.0
skip_missing_interpreters = true
envlist =
unit-ec2-close-port-5601
unit-ec2-close-port-5439
unit-ec2-close-port-3306
unit-ec2-close-port-27017
unit-ec2-close-port-23
unit-ec2-close-port-21
unit-ec2-close-port-20
unit-ec2-close-port-1521
unit-ec2-close-port-1433
unit-ec2-close-port-8080
unit-ec2-close-port-8200-9300
unit-aws-ec2-default-security-group-traffic
unit-aws-iam-password-policy-min-length
unit-aws-iam-password-reuse-prevention
unit-aws-iam-server-certificate-expired
unit-ec2-close-port-5601
unit-ec2-close-port-5439
unit-ec2-close-port-3306
unit-ec2-close-port-27017
unit-ec2-close-port-23
unit-ec2-close-port-21
unit-ec2-close-port-20
unit-ec2-close-port-1521
unit-ec2-close-port-1433
unit-ec2-close-port-8080
unit-ec2-close-port-8200-9300
unit-security-group-close-port-5432
unit-s3-remove-public-admin-acl
unit-s3-enable-access-logging
Expand Down Expand Up @@ -52,10 +56,10 @@ envlist =
unit-azure-postgresql-allow-access-to-azure-service-disabled
unit-aws-s3-bucket-policy-allow-https
unit-aws-sqs-queue-publicly-accessible
unit-ebs-private-snapshot
unit-rds-remove-public-endpoint
unit-rds_enable_version_update
unit-kinesis-encrypt-stream
unit-ebs-private-snapshot
unit-rds-remove-public-endpoint
unit-rds_enable_version_update
unit-kinesis-encrypt-stream


[testenv]
Expand Down Expand Up @@ -390,3 +394,23 @@ deps = -r remediation_worker/jobs/ec2_close_port_9200_9300/requirements-dev.txt
changedir = test
pytest --capture=no --basetemp="{envtmpdir}" unit/test_ec2_close_port_8080.py
deps = -r remediation_worker/jobs/ec2_close_port_8080/requirements-dev.txt

[testenv:unit-aws-ec2-default-security-group-traffic]
changedir = test
pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_ec2_default_security_group_traffic.py
deps = -r remediation_worker/jobs/aws_ec2_default_security_group_traffic/requirements-dev.txt

[testenv:unit-aws-iam-password-policy-min-length]
changedir = test
pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_iam_password_policy_min_length.py
deps = -r remediation_worker/jobs/aws_iam_password_policy_min_length/requirements-dev.txt

[testenv:unit-aws-iam-password-reuse-prevention]
changedir = test
pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_iam_password_reuse_prevention.py
deps = -r remediation_worker/jobs/aws_iam_password_reuse_prevention/requirements-dev.txt

[testenv:unit-aws-iam-server-certificate-expired]
changedir = test
pytest --capture=no --basetemp="{envtmpdir}" unit/test_aws_iam_server_certificate_expired.py
deps = -r remediation_worker/jobs/aws_iam_server_certificate_expired/requirements-dev.txt