-
Notifications
You must be signed in to change notification settings - Fork 1
/
divvy_security_rule_dns_open_to_world.json
68 lines (68 loc) · 1.89 KB
/
divvy_security_rule_dns_open_to_world.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
{
"uuid": "divvy.security_rule_dns_open_to_world",
"name": "Global DNS ports open to the world",
"category": "Security",
"description": "Identify TCP/UDP port 53 open to the world",
"instructions": {
"actions": [
{
"config": {},
"name": "divvy.action.mark_non_compliant",
"run_when_result_is": true
}
],
"filters": [
{
"config": {
"direction": [
"ingress"
]
},
"name": "divvy.filter.access_rule_direction"
},
{
"config": {
"access_list_types": [
"security_group",
"network_acl"
]
},
"name": "divvy.filter.access_list_type"
},
{
"config": {
"protocols": [
"tcp",
"udp",
"all"
]
},
"name": "divvy.filter.access_rule_ip_protocol"
},
{
"config": {
"ports": [
"53"
]
},
"name": "divvy.filter.access_rule_ports"
},
{
"config": {
"action": "allow"
},
"name": "divvy.filter.access_rule_action"
},
{
"config": {},
"name": "divvy.filter.network_open_to_world"
}
],
"groups": [],
"hookpoints": ["divvycloud.resource.created"],
"ondemand_enabled": true,
"resource_types": [
"resourceaccesslistrule"
]
}
}