Skip to content

Releases: vmware-samples/secureclouds-remediation-jobs

release/v1.14.0

20 Dec 15:12
ceef077
Compare
Choose a tag to compare

Release notes:

Upgraded the pytest version from 6.0.1 to 7.2.0

release/v1.13.0

08 Dec 14:10
54e2c93
Compare
Choose a tag to compare

Release notes:

Updated AWS remediation jobs due to change CIS 1.5.0 audit steps::

  • Restrict unsecured HTTP requests for S3 Bucket (aws_s3_bucket_policy_allow_https) Rule ID: 688d093c-3b8d-11eb-adc1-0242ac120002

release/v1.12.0

16 May 15:33
463dc3a
Compare
Choose a tag to compare

Release notes:

Bug fixes (Azure Remediation jobs):

  • Close Port 22 for a Network Security Group (azure_network_security_group_close_port_22) Rule ID: 5c8c26847a550e1fb6560cab
  • Close Port 3389 for a Network Security Group (azure_network_security_group_close_port_3389) Rule ID: 5c8c267e7a550e1fb6560c9c
  • Close Port 22 for a VM (azure_vm_close_port_22) Rule ID: d7a3ad03-860c-4928-9ba8-789e84a835be

release/v1.11.0

11 Apr 17:23
79e3f32
Compare
Choose a tag to compare

Release notes:

Bug fixes (Azure Remediation jobs):

  • Close Port 22 for a Network Security Group (azure_netw - Close Port 3389 for a Network Security Group (azure_network_security_group_close_port_3389) Rule ID: 5c8c267e7a550e1fb6560c9c
  • Restrict UDP access from Internet (azure_security_udp_access_restricted_from_internet) Rule ID: 4e27676b-7e87-4e2e-b756-28c96ed4fdf8
  • Close Port 22 for a VM (azure_vm_close_port_22) Rule ID: d7a3ad03-860c-4928-9ba8-789e84a835be
  • Enable DDoS protection for Virtual Network (azure_security_center_enable_ddos_protection) Rule ID: 3abf3147-ea53-4302-b237-caab4d764c77

Bug fixes (AWS Remediation jobs):

  • Enable encryption for Cloudtrail logs (aws_cloudtrail_logs_encrypted) Rule ID: 5c8c25e47a550e1fb6560bac
  • Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID: 1ec4a1f2-3e08-11eb-b378-0242ac130002
  • Close Port 11211 for all Security Groups associated with an EC2 Instance (aws_ec2_close_port_11211) Rule ID: bd9d77b6-635d-4e06-9760-8957d8eaeb38
  • Configure default Security Group to restrict all access (aws_ec2_default_security_group_traffic) Rule ID: 5c8c25f37a550e1fb6560bca
  • Set minimum password length for an AWS account (aws_iam_password_policy_min_length) Rule ID: 5c8c260b7a550e1fb6560bf4
  • Set Password Reuse Prevention Policy for an AWS Account (aws_iam_password_reuse_prevention) Rule ID: 5c8c26107a550e1fb6560bfc
  • Enables KMS automated key rotation (aws_kms_key_rotates) Rule ID: 5c8c26217a550e1fb6560c12
  • Close Port 1433 for all Security Groups associated with an EC2 Instance (ec2_close_port_1433) Rule ID - 5c8c26417a550e1fb6560c3d
  • Close Port 1521 for all Security Groups associated with an EC2 Instance (ec2_close_port_1521) Rule ID - 5c8c26417a550e1fb6560c3e
  • Close Port 20 for all Security Groups associated with an EC2 Instance (ec2_close_port_20) Rule ID - 5c8c263d7a550e1fb6560c39
  • Close Port 21 for all Security Groups associated with an EC2 Instance (ec2_close_port_21) Rule ID - 5c8c263d7a550e1fb6560c3a
  • Close Port 22 for all Security Groups associated with an EC2 Instance (ec2_close_port_22) Rule ID - 5c8c26417a550e1fb6560c3f
  • Close Port 23 for all Security Groups associated with an EC2 Instance (ec2_close_port_23) Rule ID - 5c8c263e7a550e1fb6560c3b
  • Close Port 27017 for all Security Groups associated with an EC2 Instance (ec2_close_port_27017) Rule ID - 5c8c26427a550e1fb6560c40
  • Close Port 3306 for all Security Groups associated with an EC2 Instance (ec2_close_port_3306) Rule ID - 5c8c26427a550e1fb6560c41
  • Close Port 3389 for all Security Groups associated with an EC2 Instance (ec2_close_port_3389) Rule ID - 5c8c26437a550e1fb6560c42
  • Close Port 5439 for all Security Groups associated with an EC2 Instance (ec2_close_port_5439) Rule ID - 5c8c26447a550e1fb6560c44
  • Close Port 5601 for all Security Groups associated with an EC2 Instance (ec2_close_port_5601) Rule ID - 4823ede0-7bed-4af0-a182-81c2ada80203
  • Close Port 8080 for all Security Groups associated with an EC2 Instance (ec2_close_port_8080) Rule ID - 5c8c26407a550e1fb6560c3c
  • Close Port 9200, 9300 for all Security Groups associated with an EC2 Instance (ec2_close_port_9200_9300) Rule ID - 04700175-adbe-49e1-bc7a-bc9605597ce2
  • Enable S3 Access Logging (s3_enable_access_logging) Rule ID - 5c8c265e7a550e1fb6560c67
  • Close Port 22 for a Security Group (security_group_close_port_22) Rule ID - 5c8c25ec7a550e1fb6560bbe
  • Close Port 3389 for a Security Group (security_group_close_port_3389) Rule ID - 5c8c25ef7a550e1fb6560bc4
  • Close Port 5432 for a Security Group (security_group_close_port_5432) Rule ID - 5c8c25f07a550e1fb6560bc6

release/v1.10.0

18 Feb 16:52
0ed8427
Compare
Choose a tag to compare

Release notes:

New AWS remediation jobs:

  • Close Port 11211 for all Security Groups associated with an EC2 Instance (aws_ec2_close_port_11211) Rule ID: bd9d77b6-635d-4e06-9760-8957d8eaeb38
  • Disable public access to RDS Snapshots (aws_rds_snapshot_remove_publicaccess) Rule ID: 5c8c26487a550e1fb6560c4a
  • Remove S3 Public Admin ACL (aws_s3_remove_fullaccess_authenticatedusers) Rule ID: 5c8c26567a550e1fb6560c5d

release/v1.9.0

17 Sep 16:08
84c9a51
Compare
Choose a tag to compare

Release notes:

Fixed import bugs for Azure remediation jobs:

  • Encrypt SQL Server TDE protector with CMK (azure_sql_tde_protector_encrypted_cmk) Rule ID: 7406e56f-bbf0-4571-8e50-21bd344e0fdb
  • Enable SQL Server Auditing (azure_sql_auditing_on_server) Rule ID: 5c8c268a7a550e1fb6560cb9
  • Enable Threat Detection for SQL Database Server (azure_sql_threat_detection_on_server) Rule ID: 5c8c26947a550e1fb6560cce
  • Set Advanced Threat Protection Types to all for SQL Server (azure_sql_threat_detection_types_all_server) Rule ID: 5c8c26977a550e1fb6560cd6
  • Enable Enforce SSL connection for MySQL Server (azure_mysql_enforce_ssl_connection_enable) Rule ID: 677cbf2f-3096-4111-af16-05da43d95d80
  • Enable Enforce SSL connection for PostgreSQL Server (azure_postgresql_enforce_ssl_connection_enable) Rule ID: e25a319c-0ca7-4e6a-b4b9-19beba480b3b
  • Disable PostgreSQL server access from Azure services (azure_postgresql_allow_access_to_azure_service_disabled) Rule ID: 9b7b5a71-5eaa-4418-a6b0-17f796e8ebaa

Upgraded the py version from 1.9.0 to 1.10.0

release/v1.8.0

07 Aug 01:37
f8159ff
Compare
Choose a tag to compare

Release notes:

New remediation jobs added for AWS:

  • Configure the EBS volume snapshot as private (ebs_private_snapshot) Rule ID - 2cdb8877-7ac3-4483-9ed0-1e792171d125
  • Enable automatic minor version upgrade for RDS DBInstance (rds_enable_version_update) Rule ID - 5c8c264a7a550e1fb6560c4c
  • Disable public access to RDS DBInstances (rds_remove_public_endpoint) Rule ID - 5c8c26467a550e1fb6560c48
  • Encrypt Kinesis data stream (kinesis_encrypt_stream) Rule ID - ce603728-d631-4bae-8657-c22da6e5944e
  • Set minimum password length for an AWS account (aws_iam_password_policy_min_length) Rule ID - 5c8c260b7a550e1fb6560bf4
  • Set Password Reuse Prevention Policy for an AWS Account (aws_iam_password_reuse_prevention) Rule ID - 5c8c26107a550e1fb6560bfc
  • Delete Expired IAM Server Certificate (aws_iam_server_certificate_expired) Rule ID - 7fe4eb28-3b82-11eb-adc1-0242ac120002
  • Configure default Security Group to restrict all access (aws_ec2_default_security_group_traffic) Rule ID - 5c8c25f37a550e1fb6560bca
  • Close Port 1433 for all Security Groups associated with an EC2 Instance (ec2_close_port_1433) Rule ID - 5c8c26417a550e1fb6560c3d
  • Close Port 1521 for all Security Groups associated with an EC2 Instance (ec2_close_port_1521) Rule ID - 5c8c26417a550e1fb6560c3e
  • Close Port 20 for all Security Groups associated with an EC2 Instance (ec2_close_port_20) Rule ID - 5c8c263d7a550e1fb6560c39
  • Close Port 21 for all Security Groups associated with an EC2 Instance (ec2_close_port_21) Rule ID - 5c8c263d7a550e1fb6560c3a
  • Close Port 23 for all Security Groups associated with an EC2 Instance (ec2_close_port_23) Rule ID - 5c8c263e7a550e1fb6560c3b
  • Close Port 27017 for all Security Groups associated with an EC2 Instance (ec2_close_port_27017) Rule ID - 5c8c26427a550e1fb6560c40
  • Close Port 3306 for all Security Groups associated with an EC2 Instance (ec2_close_port_3306) Rule ID - 5c8c26427a550e1fb6560c41
  • Close Port 5439 for all Security Groups associated with an EC2 Instance (ec2_close_port_5439) Rule ID - 5c8c26447a550e1fb6560c44
  • Close Port 5601 for all Security Groups associated with an EC2 Instance (ec2_close_port_5601) Rule ID - 4823ede0-7bed-4af0-a182-81c2ada80203
  • Close Port 8080 for all Security Groups associated with an EC2 Instance (ec2_close_port_8080) Rule ID - 5c8c26407a550e1fb6560c3c
  • Close Port 9200, 9300 for all Security Groups associated with an EC2 Instance (ec2_close_port_9200_9300) Rule ID - 04700175-adbe-49e1-bc7a-bc9605597ce2

Updated remediation jobs for AWS:

  • Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID - 1ec4a1f2-3e08-11eb-b378-0242ac130002
  • Close Port 22 for all Security Groups associated with an EC2 Instance (ec2_close_port_22) Rule ID - 5c8c26417a550e1fb6560c3f
  • Close Port 3389 for all Security Groups associated with an EC2 Instance (ec2_close_port_3389) Rule ID - 5c8c26437a550e1fb6560c42
  • Close Port 22 for a Security Group (security_group_close_port_22) Rule ID - 5c8c25ec7a550e1fb6560bbe
  • Close Port 3389 for a Security Group (security_group_close_port_3389) Rule ID - 5c8c25ef7a550e1fb6560bc4
  • Close Port 5432 for a Security Group (security_group_close_port_5432) Rule ID - 5c8c25f07a550e1fb6560bc6

release/v1.7.0

10 May 17:17
c958afc
Compare
Choose a tag to compare

Release notes:

New remediation jobs added for Azure:

  • Disable PostgreSQL server access from Azure services (azure_postgresql_allow_access_to_azure_service_disabled) Rule ID: 9b7b5a71-5eaa-4418-a6b0-17f796e8ebaa
  • Restrict UDP access from Internet (azure_security_udp_access_restricted_from_internet) Rule ID: 4e27676b-7e87-4e2e-b756-28c96ed4fdf8
  • Encrypt SQL Server TDE protector with CMK (azure_sql_tde_protector_encrypted_cmk) Rule ID: 7406e56f-bbf0-4571-8e50-21bd344e0fdb

New remediation jobs added for AWS:

  • Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID: 1ec4a1f2-3e08-11eb-b378-0242ac130002
  • Restrict unsecured HTTP requests for S3 Bucket (aws_s3_bucket_policy_allow_https) Rule ID: 688d093c-3b8d-11eb-adc1-0242ac120002
  • Remove SQS Queue Public Access (aws_sqs_queue_publicly_accessible) Rule ID: 09639b9d-98e8-493b-b8a4-916775a7dea9

Updated list of supported remediation jobs in the Readme file with new jobs.

release/v1.6.0

14 Apr 18:59
d9c0834
Compare
Choose a tag to compare

Release notes:

New remediation jobs added for Azure:

  • Set Expiry date for Azure Key Vault Key (azure_key_vault_expiry_date_set_for_all_keys) Rule ID: 5c8c26677a550e1fb6560c6e
  • Set Expiry date for Azure Key Vault Secret (azure_key_vault_expiry_date_set_for_all_secrets) Rule ID: 5c8c26687a550e1fb6560c70
  • Enable Soft Delete and Purge Protection for Key Vault (azure_key_vault_is_recoverable) Rule ID: e2090e34-3580-4088-a815-2ead6a72700f
  • Enable Enforce SSL connection for MySQL Server (azure_mysql_enforce_ssl_connection_enable) Rule ID: 677cbf2f-3096-4111-af16-05da43d95d80
  • Enable Enforce SSL connection for PostgreSQL Server (azure_postgresql_enforce_ssl_connection_enable) Rule ID: e25a319c-0ca7-4e6a-b4b9-19beba480b3b
  • Set Advanced Threat Protection Types to all for SQL Server (azure_sql_threat_detection_types_all_server) Rule ID: 5c8c26977a550e1fb6560cd6
  • Enable Trusted Microsoft Services for Storage Account access (azure_storage_trusted_microsoft_services_access_enabled) Rule ID: 7ba94354-ab4c-11ea-bb37-0242ac130002

Updated list of supported remediation jobs in the Readme file

release/v1.5.0

17 Mar 19:41
f754338
Compare
Choose a tag to compare

Release notes:

New remediation jobs added for AWS:

  • Enable encryption for Cloudtrail logs (aws_cloudtrail_logs_encrypted) Rule ID: 5c8c25e47a550e1fb6560bac
  • Enables KMS automated key rotation (aws_kms_key_rotates) Rule ID: 5c8c26217a550e1fb6560c12
  • Remove Cloudtrail S3 Bucket Public Access (aws_s3_cloudtrail_public_access) Rule ID: 5c8c265d7a550e1fb6560c65

Updated remediation jobs for AWS:

  • Enable S3 Access Logging job is updated to encrypt the target S3 Bucket and has an updated Readme

Added list of supported remediation jobs to the Readme