Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release/v1.13.0 #132

Merged
merged 24 commits into from
Dec 8, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
9993eaf
Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, …
lytran2000 May 21, 2021
a0a2d04
PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (…
kshrutik Jun 29, 2021
b82785d
PLA-24844 - Remediation job to restrict default security group access…
kshrutik Jul 29, 2021
5df0afa
PLA-25429 - Remediation job to set password reuse prevention policy (…
kshrutik Jul 29, 2021
4db26ff
PLA-25428 - Remediation Job to set minimum password length (#90)
kshrutik Jul 29, 2021
1c7f19e
PLA-25430 - Remediation Job to delete expired server certificate (#96)
kshrutik Jul 29, 2021
09f6aaa
Initial commit for kinesis_encrypt_stream (#97)
lytran2000 Jul 29, 2021
80e9588
PLA-26855 - Updated azure remediation jobs to wait for the poller res…
kshrutik Jul 29, 2021
a7300a7
Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi…
lytran2000 Aug 3, 2021
96cede7
PLA-29176 - Fix remediation jobs for port rules (#102)
kshrutik Aug 4, 2021
12bb9c4
PLA-29459 - Update Readme and tox file (#104)
kshrutik Aug 4, 2021
32ac5f1
Fixed requirements file (#105)
kshrutik Aug 5, 2021
e9a67a2
PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108)
kshrutik Sep 3, 2021
3f0183d
Fix import issues in azure jobs (#107)
kshrutik Sep 3, 2021
794a731
Initial commit for aws s3 remove full access to authenticated users (…
sreedevikr Oct 1, 2021
416e121
Aws rds snapshot remove publicaccess (#117)
sreedevikr Oct 1, 2021
5c1c872
Aws ec2 close port 11211 (#116)
sreedevikr Oct 1, 2021
9ae113f
Modified the remediation logic to check for protocol udp instead of t…
sreedevikr Oct 5, 2021
aac016e
Fixed RDS Snapshot remove public access remediation job (#120)
kshrutik Jan 31, 2022
8ae846d
PLA-35232 - Fixed remediation jobs that does not report failures (#124)
kshrutik Mar 30, 2022
966d98d
PLA-38601 - Fixed azure remediation jobs to wait for the poller resul…
kshrutik Apr 6, 2022
52daae6
PLA-38601 - Fixed azure security port jobs (#128)
kshrutik May 13, 2022
f5d0266
PLA-45823 - Updated remediation job to restrict unsecured HTTP reques…
kshrutik Dec 5, 2022
fc8847e
Merge branch 'master' into release/v1.13.0
kshrutik Dec 5, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ The table below lists all the supported jobs with their links.
| 44. | 5c8c26487a550e1fb6560c4a | RDS snapshot should restrict public access | [aws-rds-snapshot-remove-publicaccess](remediation_worker/jobs/aws_rds_snapshot_remove_publicaccess) |
| 45. | 5c8c26567a550e1fb6560c5d | S3 bucket should not give full access to all authenticated users | [aws_s3_remove_fullaccess_authenticatedusers](remediation_worker/jobs/aws_s3_remove_fullaccess_authenticatedusers) |


## Contributing
The Secure State team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq).
All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ def remediate(self, client, security_group_id, region, cloud_account_id):
except Exception as e:
logging.error(f"{str(e)}")
raise

return 0

def run(self, args):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ def remediate(self, client, cloud_account_id, bucket_name):
"Sid": "Restrict Non-https Requests",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Action": "s3:*",
"Resource": f"arn:aws:s3:::{bucket_name}/*",
"Condition": {"Bool": {"aws:SecureTransport": "false"}},
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ def remediate(self, client, instance_id):
except Exception as e:
logging.error(f"{str(e)}")
raise

return 0

def run(self, args):
Expand Down
2 changes: 1 addition & 1 deletion test/unit/test_aws_s3_bucket_policy_allow_https.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ def test_remediate_success(self):
"Sid": "Restrict Non-https Requests",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket_name/*",
"Condition": {"Bool": {"aws:SecureTransport": "false"}},
},
Expand Down
1 change: 1 addition & 0 deletions tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ envlist =
unit-aws_s3_remove_fullaccess_authenticatedusers



[testenv]
passenv =
# Prevent Python bytecode files from being created
Expand Down