Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release/v1.7.0 #94

Merged
merged 8 commits into from
May 10, 2021
Merged

Release/v1.7.0 #94

merged 8 commits into from
May 10, 2021

Conversation

kshrutik
Copy link
Contributor

@kshrutik kshrutik commented May 5, 2021

Release notes:

  • New remediation jobs added for Azure:
  • Disable PostgreSQL server access from Azure services (azure_postgresql_allow_access_to_azure_service_disabled) Rule ID: 9b7b5a71-5eaa-4418-a6b0-17f796e8ebaa
  • Restrict UDP access from Internet (azure_security_udp_access_restricted_from_internet) Rule ID: 4e27676b-7e87-4e2e-b756-28c96ed4fdf8
  • Encrypt SQL Server TDE protector with CMK (azure_sql_tde_protector_encrypted_cmk) Rule ID: 7406e56f-bbf0-4571-8e50-21bd344e0fdb
  • New remediation jobs added for AWS:
  • Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID: 1ec4a1f2-3e08-11eb-b378-0242ac130002
  • Restrict unsecured HTTP requests for S3 Bucket (aws_s3_bucket_policy_allow_https) Rule ID: 688d093c-3b8d-11eb-adc1-0242ac120002
  • Remove SQS Queue Public Access (aws_sqs_queue_publicly_accessible) Rule ID: 09639b9d-98e8-493b-b8a4-916775a7dea9
  • Updated list of supported remediation jobs in the Readme file with new jobs.

kshrutik added 8 commits April 14, 2021 22:49
@kshrutik
Changed SecureState to Secure State in Readme file (#77)
e393248
@kshrutik
PLA-24843 - Remediation job to remove SQS queue public access (#79)
550660c
@kshrutik
PLA-23988 - Remediation job to restrict UDP access from the internet (#…
1c9474b 
…68)

* PLA-23988 - Remediation job to restrict UDP access from internet

* PLA-23988 - Updated remediation job to delete all the udp public access rules
@kshrutik
PLA-24842 - Remediation job to configure S3 bucket to allow only http…
4a75e21 
…s requests (#78)
@kshrutik
PLA-24469 - Remediation job to encrypt SQL TDE protector with cmk (#73)
841daf5
@kshrutik
PLA-24470 - Remediation job to disable azure services access for Post…
abade9b 
…greSQL (#74)
@kshrutik
PLA-23438 - Remediation Job to remove network acl rules that allow pu…
5ea7ba9 
…blic access to administration ports (#56)

* PLA-23438 - Remediation Job to remove network acl rules that allow public access to administration ports

* PLA-23438 - Fixed the remediation job

* PLA-23438 - Updated the Remediation job to remove network acl rules that allows public access to administration ports

* PLA-23438 - Updated the remediation job

* Updated the code

* Updated the permissions

* Added Comments
@kshrutik
Updated readme and tox file (#91)
9236983 
* Updated readme and tox file

* Fixed the remediation code to handle NoBucketPolicy exception
vikramsinghvirdi
vikramsinghvirdi approved these changes May 6, 2021
View reviewed changes
Copy link
Contributor

@vikramsinghvirdi vikramsinghvirdi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vikramsinghvirdi vikramsinghvirdi merged commit c958afc into master May 10, 2021
@vikramsinghvirdi vikramsinghvirdi deleted the release/v1.7.0 branch May 10, 2021 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhavalnanduvmware dhavalnanduvmware dhavalnanduvmware approved these changes

@vikramsinghvirdi vikramsinghvirdi vikramsinghvirdi approved these changes

@nandeshguru nandeshguru nandeshguru approved these changes

@OfficePop OfficePop Awaiting requested review from OfficePop

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kshrutik @nandeshguru @vikramsinghvirdi @dhavalnanduvmware @vmwclabot