diff --git a/README.md b/README.md index 9e09942..8393fcb 100644 --- a/README.md +++ b/README.md @@ -43,13 +43,8 @@ The worker executes jobs in a fashion similar to running `python ./s3-remove-pub The finding payload is in the form: ```$json { - "cloudAccount": { - "provider": , - "roleArn": , - "subscriptionId": , - "applicationId": - }, "notificationInfo": { + "CloudAccountID" : , "RuleID": , "RuleName": , "RuleDisplayName": , diff --git a/remediation_worker/jobs/ec2_close_port_22/README.md b/remediation_worker/jobs/ec2_close_port_22/README.md index bdc9436..54c0278 100644 --- a/remediation_worker/jobs/ec2_close_port_22/README.md +++ b/remediation_worker/jobs/ec2_close_port_22/README.md @@ -2,6 +2,14 @@ This job blocks public access to port 22 for both IPv4 and IPv6 for all security groups associated with an EC2 instance. +### Applicable Rule + +##### Rule ID: +5c8c26417a550e1fb6560c3f + +##### Rule Name: +An EC2 instance's SSH port (22) is accessible from the public Internet for any source address + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/ec2_close_port_3389/README.md b/remediation_worker/jobs/ec2_close_port_3389/README.md index 130f5f6..6245d6f 100644 --- a/remediation_worker/jobs/ec2_close_port_3389/README.md +++ b/remediation_worker/jobs/ec2_close_port_3389/README.md @@ -2,6 +2,14 @@ This job blocks public access to port 3389 for both IPv4 and IPv6 for all security groups associated with an EC2 instance. +### Applicable Rule + +##### Rule ID: +5c8c26437a550e1fb6560c42 + +##### Rule Name: +An EC2 instance's Remote Desktop port (3389) is accessible from the public Internet for any source address + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/rds_backup_retention_30_days/README.md b/remediation_worker/jobs/rds_backup_retention_30_days/README.md index f013160..386a614 100644 --- a/remediation_worker/jobs/rds_backup_retention_30_days/README.md +++ b/remediation_worker/jobs/rds_backup_retention_30_days/README.md @@ -4,6 +4,14 @@ This job makes the RDS backup retention period 30 days. It first tries to modify the retention period of the DB instance. If that fails, it will try to set the retention period of the DB cluster that the instance belongs to. +### Applicable Rule + +##### Rule ID: +5c8c264a7a550e1fb6560c4d + +##### Rule Name: +The RDS backup retention period is less than 30 days + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/s3_enable_access_logging/README.md b/remediation_worker/jobs/s3_enable_access_logging/README.md index f8f32b1..6ecd058 100644 --- a/remediation_worker/jobs/s3_enable_access_logging/README.md +++ b/remediation_worker/jobs/s3_enable_access_logging/README.md @@ -2,6 +2,14 @@ This job enables access logging for an S3 bucket. +### Applicable Rule + +##### Rule ID: +5c8c265e7a550e1fb6560c67 + +##### Rule Name: +S3 access logging is not enabled + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/s3_enable_default_encryption/README.md b/remediation_worker/jobs/s3_enable_default_encryption/README.md index e8165db..53adcfd 100644 --- a/remediation_worker/jobs/s3_enable_default_encryption/README.md +++ b/remediation_worker/jobs/s3_enable_default_encryption/README.md @@ -2,6 +2,14 @@ This job enables default encryption for an S3 bucket using AES256. +### Applicable Rule + +##### Rule ID: +1d187035-9fff-48b2-a7c3-ffc56a4da5e6 + +##### Rule Name: +An S3 bucket default encryption is not enabled + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/s3_remove_public_access/README.md b/remediation_worker/jobs/s3_remove_public_access/README.md index 602599a..6d98c45 100644 --- a/remediation_worker/jobs/s3_remove_public_access/README.md +++ b/remediation_worker/jobs/s3_remove_public_access/README.md @@ -2,6 +2,24 @@ This job blocks public access to an S3 bucket. +### Applicable Rule + +##### Rule ID: +* 5c8c26507a550e1fb6560c57 +* 5c8c26517a550e1fb6560c59 +* 5c8c26537a550e1fb6560c5a +* 5c8c26537a550e1fb6560c5b +* 5c8c26547a550e1fb6560c5c +* 5c8c26637a550e1fb6560c6b + +##### Rule Name: +* An S3 bucket is configured so that all users have unrestricted permissions +* Read access to an S3 bucket is unrestricted +* An S3 bucket is configured to allow all users to read permissions +* Write access to an S3 bucket is unrestricted +* An S3 bucket is configured to allow unrestricted access control changes +* The S3 bucket policy allows unrestricted get access + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/s3_remove_public_admin_acl/README.md b/remediation_worker/jobs/s3_remove_public_admin_acl/README.md index 3e46299..ee89274 100644 --- a/remediation_worker/jobs/s3_remove_public_admin_acl/README.md +++ b/remediation_worker/jobs/s3_remove_public_admin_acl/README.md @@ -2,6 +2,14 @@ This job will remove the public "write bucket permissions" permission. All other ACL permissions will be left alone. This means that if "AllUsers" have access to FULL_CONTROL, the permissions will be changed to allow "READ", "WRITE", and "READ_ACP" rather than "FULL_CONTROL" which includes "WRITE_ACP". +### Applicable Rule + +##### Rule ID: +5c8c26617a550e1fb6560c69 + +##### Rule Name: +The S3 bucket policy allows unrestricted access + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/security_group_close_port_22/README.md b/remediation_worker/jobs/security_group_close_port_22/README.md index 671f0bf..112feaa 100644 --- a/remediation_worker/jobs/security_group_close_port_22/README.md +++ b/remediation_worker/jobs/security_group_close_port_22/README.md @@ -2,6 +2,14 @@ This job blocks public access to port 22 for both IPv4 and IPv6. +### Applicable Rule + +##### Rule ID: +5c8c25ec7a550e1fb6560bbe + +##### Rule Name: +A security group's SSH port (22) is accessible through any source address + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/security_group_close_port_3389/README.md b/remediation_worker/jobs/security_group_close_port_3389/README.md index 41d3865..b431123 100644 --- a/remediation_worker/jobs/security_group_close_port_3389/README.md +++ b/remediation_worker/jobs/security_group_close_port_3389/README.md @@ -2,6 +2,14 @@ This job blocks public access to port 3389 for both IPv4 and IPv6. +### Applicable Rule + +##### Rule ID: +5c8c25ef7a550e1fb6560bc4 + +##### Rule Name: +A security group's Remote Desktop port (3389) is accessible through any source address + ## Getting Started ### Prerequisites diff --git a/remediation_worker/jobs/security_group_close_port_5432/README.md b/remediation_worker/jobs/security_group_close_port_5432/README.md index 41c68af..f4682b9 100644 --- a/remediation_worker/jobs/security_group_close_port_5432/README.md +++ b/remediation_worker/jobs/security_group_close_port_5432/README.md @@ -2,6 +2,14 @@ This job blocks public access to port 5432 for both IPv4 and IPv6. +### Applicable Rule + +##### Rule ID: +5c8c25f07a550e1fb6560bc6 + +##### Rule Name: +A security group's PostgreSQL Server port (5432) is accessible through any source address + ## Getting Started ### Prerequisites