Merge pull request #243 from KanchanaAradhya/t-systemvalidationchanges

Removed few classes & sql scripts,added json
tmobile · Jun 25, 2019 · 827a14f · 827a14f
2 parents 6cbde60 + 0f5d8a3
commit 827a14f
Show file tree

Hide file tree

Showing 10 changed files with 206 additions and 547 deletions.
diff --git a/installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json b/installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json
@@ -2110,5 +2110,159 @@
     "modifiedDate": "2019-06-10",
     "severity": "high",
     "category": "security"
-  } 
+  },
+  {
+    "ruleId": "PacMan_Check_MFA_RootUSer_version-1_Check_MFA_RootUser_account",
+    "ruleUUID": "aws_account_mfa_root_user",
+    "policyId": "PacMan_Check_MFA_RootUSer_version-1",
+    "ruleName": "Check_MFA_RootUser",
+    "targetType": "account",
+    "assetGroup": "aws",
+    "alexaKeyword": "Check_MFA_RootUser",
+    "ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[{\"key\":\"ruleKey\",\"value\":\"check-for-MFA-RootUser\",\"encrypt\":false},{\"key\":\"roleIdentifyingString\",\"value\":\"role\/pacbot_ro\",\"encrypt\":false}],\"ruleId\":\"PacMan_Check_MFA_RootUSer_version-1_Check_MFA_RootUser_account\",\"autofix\":false,\"alexaKeyword\":\"mfa\",\"ruleRestUrl\":\"\",\"targetType\":\"account\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_Check_MFA_RootUSer_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_account_mfa_root_user\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_account_mfa_root_user",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "MFA should be enabled for Root User",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "high",
+    "category": "security"
+  },
+  {
+    "ruleId": "PacMan_Centralized_CloudTrail_version-1_Centralized_Cloudtrail_account",
+    "ruleUUID": "aws_account_centralized-cloudtrial",
+    "policyId": "PacMan_Centralized_CloudTrail_version-1",
+    "ruleName": "Centralized_Cloudtrail",
+    "targetType": "account",
+    "assetGroup": "aws",
+    "alexaKeyword": "Centralized_Cloudtrail",
+    "ruleParams": "{\"params\":[{\"key\":\"ruleKey\",\"value\":\"check-cloudtrail-multiRegion-enabled\",\"encrypt\":false},{\"key\":\"inputCloudTrailName\",\"value\":\"\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_Centralized_CloudTrail_version-1_Centralized_Cloudtrail_account\",\"autofix\":false,\"alexaKeyword\":\"Centralized_Cloudtrail\",\"ruleRestUrl\":\"\",\"targetType\":\"account\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_Centralized_CloudTrail_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_account_centralized-cloudtrial\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_account_centralized-cloudtrial",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "Cloudtrail should be enabled in multi region",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "medium",
+    "category": "security"
+  },
+  {
+    "ruleId": "PacMan_ACMCertificate_Expiry_For_X_Days_version-1_ACMCertificate_Expiry_acmcertificate",
+    "ruleUUID": "aws_acmcertificate_expiry",
+    "policyId": "PacMan_ACMCertificate_Expiry_For_X_Days_version-1",
+    "ruleName": "ACMCertificate_Expiry",
+    "targetType": "acmcertificate",
+    "assetGroup": "aws",
+    "alexaKeyword": "ACMCertificate_Expiry",
+    "ruleParams": "{\"params\":[{\"key\":\"ruleKey\",\"value\":\"check-for-acm-certificate-expiry\",\"encrypt\":false},{\"key\":\"targetExpireDuration\",\"value\":\"90\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"governance\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_ACMCertificate_Expiry_For_X_Days_version-1_ACMCertificate_Expiry_acmcertificate\",\"autofix\":false,\"alexaKeyword\":\"ACMCertificate_Expiry\",\"ruleRestUrl\":\"\",\"targetType\":\"acmcertificate\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_ACMCertificate_Expiry_For_X_Days_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_acmcertificate_expiry\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_acmcertificate_expiry",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "ACM certificate should not expire in mentioned days from current date",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "high",
+    "category": "governance"
+  },
+  {
+    "ruleId": "PacMan_IAMCertificate_Expiry_For_X_Days_version-1_IAMCertificate_Expiry_For_X_Days_iamcertificate",
+    "ruleUUID": "aws_iamcertificate_expiry",
+    "policyId": "PacMan_IAMCertificate_Expiry_For_X_Days_version-1",
+    "ruleName": "IAMCertificate_Expiry_For_X_Days",
+    "targetType": "iamcertificate",
+    "assetGroup": "aws",
+    "alexaKeyword": "IAMCertificate_Expiry_For_X_Days",
+    "ruleParams": "{\"params\":[{\"key\":\"ruleKey\",\"value\":\"check-for-iam-certificate-expiry\",\"encrypt\":false},{\"key\":\"targetExpireDuration\",\"value\":\"90\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"governance\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_IAMCertificate_Expiry_For_X_Days_version-1_IAMCertificate_Expiry_For_X_Days_iamcertificate\",\"autofix\":false,\"alexaKeyword\":\"IAMCertificate_Expiry_For_X_Days\",\"ruleRestUrl\":\"\",\"targetType\":\"iamcertificate\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_IAMCertificate_Expiry_For_X_Days_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_iamcertificate_expiry\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_iamcertificate_expiry",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "IAM certificate should not expire in mentioned days from current date",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "high",
+    "category": "governance"
+  },
+  {
+    "ruleId": "PacMan_ELB_Access_Logs_version-1_AppLB_Access_Logs_appelb",
+    "ruleUUID": "aws_appelb_access_logs",
+    "policyId": "PacMan_ELB_Access_Logs_version-1",
+    "ruleName": "AppLB_Access_Logs",
+    "targetType": "appelb",
+    "assetGroup": "aws",
+    "alexaKeyword": "AppLB_Access_Logs",
+    "ruleParams": "{\"params\":[{\"key\":\"ruleKey\",\"value\":\"check-for-access-log-for-elb\",\"encrypt\":false},{\"key\":\"accessLogBucketName\",\"value\":\"\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"governance\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_ELB_Access_Logs_version-1_AppLB_Access_Logs_appelb\",\"autofix\":false,\"alexaKeyword\":\"AppLBAccessLogs\",\"ruleRestUrl\":\"\",\"targetType\":\"appelb\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_ELB_Access_Logs_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_appelb_access_logs\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_appelb_access_logs",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "Access log should be enabled to App ELB and attached to mentioned bucket",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "high",
+    "category": "governance"
+  },
+  {
+    "ruleId": "PacMan_ELB_Access_Logs_version-1_ClassicLB_Access_Logs_classicelb",
+    "ruleUUID": "aws_classicelb_access_logs",
+    "policyId": "PacMan_ELB_Access_Logs_version-1",
+    "ruleName": "ClassicLB_Access_Logs",
+    "targetType": "classicelb",
+    "assetGroup": "aws",
+    "alexaKeyword": "ClassicLB_Access_Logs",
+    "ruleParams": "{\"params\":[{\"key\":\"ruleKey\",\"value\":\"check-for-access-log-for-elb\",\"encrypt\":false},{\"key\":\"accessLogBucketName\",\"value\":\"\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"governance\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_ELB_Access_Logs_version-1_ClassicLB_Access_Logs_classicelb\",\"autofix\":false,\"alexaKeyword\":\"ClassicLBAccessLogs\",\"ruleRestUrl\":\"\",\"targetType\":\"classicelb\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_ELB_Access_Logs_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_classicelb_access_logs\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_classicelb_access_logs",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "Access log should be enabled to Classic ELB and attached to mentioned bucket",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "high",
+    "category": "governance"
+  },
+  {
+    "ruleId": "PacMan_CloudFront_AccessLogs_version-1_CloudFront_AccessLogs_cloudfront",
+    "ruleUUID": "aws_cloudfront_accesslogs",
+    "policyId": "PacMan_CloudFront_AccessLogs_version-1",
+    "ruleName": "CloudFront_AccessLogs",
+    "targetType": "cloudfront",
+    "assetGroup": "aws",
+    "alexaKeyword": "CloudFront_AccessLogs",
+    "ruleParams": "{\"params\":[{\"key\":\"ruleKey\",\"value\":\"check-access-log-for-cloudfront\",\"encrypt\":false},{\"key\":\"accessLogBucketName\",\"value\":\"\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"governance\",\"key\":\"ruleCategory\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_CloudFront_AccessLogs_version-1_CloudFront_AccessLogs_cloudfront\",\"autofix\":false,\"alexaKeyword\":\"CloudFront_AccessLogs\",\"ruleRestUrl\":\"\",\"targetType\":\"cloudfront\",\"pac_ds\":\"aws\",\"policyId\":\"PacMan_CloudFront_AccessLogs_version-1\",\"assetGroup\":\"aws\",\"ruleUUID\":\"aws_cloudfront_accesslogs\",\"ruleType\":\"ManageRule\"}",
+    "ruleFrequency": "0 * * * ? *",
+    "ruleExecutable": "",
+    "ruleRestUrl": "",
+    "ruleType": "ManageRule",
+    "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/aws_cloudfront_accesslogs",
+    "status": "ENABLED",
+    "userId": "asgc",
+    "displayName": "Access log should be enabled to cloudfront and attached to mentioned bucket",
+    "createdDate": "2019-06-10",
+    "modifiedDate": "2019-06-10",
+    "severity": "high",
+    "category": "governance"
+  }
 ]