release/v1.14.0

Release notes:

Upgraded the pytest version from 6.0.1 to 7.2.0

release/v1.13.0

Release notes:

Updated AWS remediation jobs due to change CIS 1.5.0 audit steps::

• Restrict unsecured HTTP requests for S3 Bucket (aws_s3_bucket_policy_allow_https) Rule ID: 688d093c-3b8d-11eb-adc1-0242ac120002

release/v1.12.0

Release notes:

Bug fixes (Azure Remediation jobs):

• Close Port 22 for a Network Security Group (azure_network_security_group_close_port_22) Rule ID: 5c8c26847a550e1fb6560cab
• Close Port 3389 for a Network Security Group (azure_network_security_group_close_port_3389) Rule ID: 5c8c267e7a550e1fb6560c9c
• Close Port 22 for a VM (azure_vm_close_port_22) Rule ID: d7a3ad03-860c-4928-9ba8-789e84a835be

release/v1.11.0

Release notes:

Bug fixes (Azure Remediation jobs):

• Close Port 22 for a Network Security Group (azure_netw - Close Port 3389 for a Network Security Group (azure_network_security_group_close_port_3389) Rule ID: 5c8c267e7a550e1fb6560c9c
• Restrict UDP access from Internet (azure_security_udp_access_restricted_from_internet) Rule ID: 4e27676b-7e87-4e2e-b756-28c96ed4fdf8
• Close Port 22 for a VM (azure_vm_close_port_22) Rule ID: d7a3ad03-860c-4928-9ba8-789e84a835be
• Enable DDoS protection for Virtual Network (azure_security_center_enable_ddos_protection) Rule ID: 3abf3147-ea53-4302-b237-caab4d764c77

Bug fixes (AWS Remediation jobs):

• Enable encryption for Cloudtrail logs (aws_cloudtrail_logs_encrypted) Rule ID: 5c8c25e47a550e1fb6560bac
• Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID: 1ec4a1f2-3e08-11eb-b378-0242ac130002
• Close Port 11211 for all Security Groups associated with an EC2 Instance (aws_ec2_close_port_11211) Rule ID: bd9d77b6-635d-4e06-9760-8957d8eaeb38
• Configure default Security Group to restrict all access (aws_ec2_default_security_group_traffic) Rule ID: 5c8c25f37a550e1fb6560bca
• Set minimum password length for an AWS account (aws_iam_password_policy_min_length) Rule ID: 5c8c260b7a550e1fb6560bf4
• Set Password Reuse Prevention Policy for an AWS Account (aws_iam_password_reuse_prevention) Rule ID: 5c8c26107a550e1fb6560bfc
• Enables KMS automated key rotation (aws_kms_key_rotates) Rule ID: 5c8c26217a550e1fb6560c12
• Close Port 1433 for all Security Groups associated with an EC2 Instance (ec2_close_port_1433) Rule ID - 5c8c26417a550e1fb6560c3d
• Close Port 1521 for all Security Groups associated with an EC2 Instance (ec2_close_port_1521) Rule ID - 5c8c26417a550e1fb6560c3e
• Close Port 20 for all Security Groups associated with an EC2 Instance (ec2_close_port_20) Rule ID - 5c8c263d7a550e1fb6560c39
• Close Port 21 for all Security Groups associated with an EC2 Instance (ec2_close_port_21) Rule ID - 5c8c263d7a550e1fb6560c3a
• Close Port 22 for all Security Groups associated with an EC2 Instance (ec2_close_port_22) Rule ID - 5c8c26417a550e1fb6560c3f
• Close Port 23 for all Security Groups associated with an EC2 Instance (ec2_close_port_23) Rule ID - 5c8c263e7a550e1fb6560c3b
• Close Port 27017 for all Security Groups associated with an EC2 Instance (ec2_close_port_27017) Rule ID - 5c8c26427a550e1fb6560c40
• Close Port 3306 for all Security Groups associated with an EC2 Instance (ec2_close_port_3306) Rule ID - 5c8c26427a550e1fb6560c41
• Close Port 3389 for all Security Groups associated with an EC2 Instance (ec2_close_port_3389) Rule ID - 5c8c26437a550e1fb6560c42
• Close Port 5439 for all Security Groups associated with an EC2 Instance (ec2_close_port_5439) Rule ID - 5c8c26447a550e1fb6560c44
• Close Port 5601 for all Security Groups associated with an EC2 Instance (ec2_close_port_5601) Rule ID - 4823ede0-7bed-4af0-a182-81c2ada80203
• Close Port 8080 for all Security Groups associated with an EC2 Instance (ec2_close_port_8080) Rule ID - 5c8c26407a550e1fb6560c3c
• Close Port 9200, 9300 for all Security Groups associated with an EC2 Instance (ec2_close_port_9200_9300) Rule ID - 04700175-adbe-49e1-bc7a-bc9605597ce2
• Enable S3 Access Logging (s3_enable_access_logging) Rule ID - 5c8c265e7a550e1fb6560c67
• Close Port 22 for a Security Group (security_group_close_port_22) Rule ID - 5c8c25ec7a550e1fb6560bbe
• Close Port 3389 for a Security Group (security_group_close_port_3389) Rule ID - 5c8c25ef7a550e1fb6560bc4
• Close Port 5432 for a Security Group (security_group_close_port_5432) Rule ID - 5c8c25f07a550e1fb6560bc6

release/v1.10.0

Release notes:

New AWS remediation jobs:

• Close Port 11211 for all Security Groups associated with an EC2 Instance (aws_ec2_close_port_11211) Rule ID: bd9d77b6-635d-4e06-9760-8957d8eaeb38
• Disable public access to RDS Snapshots (aws_rds_snapshot_remove_publicaccess) Rule ID: 5c8c26487a550e1fb6560c4a
• Remove S3 Public Admin ACL (aws_s3_remove_fullaccess_authenticatedusers) Rule ID: 5c8c26567a550e1fb6560c5d

release/v1.9.0

Release notes:

Fixed import bugs for Azure remediation jobs:

• Encrypt SQL Server TDE protector with CMK (azure_sql_tde_protector_encrypted_cmk) Rule ID: 7406e56f-bbf0-4571-8e50-21bd344e0fdb
• Enable SQL Server Auditing (azure_sql_auditing_on_server) Rule ID: 5c8c268a7a550e1fb6560cb9
• Enable Threat Detection for SQL Database Server (azure_sql_threat_detection_on_server) Rule ID: 5c8c26947a550e1fb6560cce
• Set Advanced Threat Protection Types to all for SQL Server (azure_sql_threat_detection_types_all_server) Rule ID: 5c8c26977a550e1fb6560cd6
• Enable Enforce SSL connection for MySQL Server (azure_mysql_enforce_ssl_connection_enable) Rule ID: 677cbf2f-3096-4111-af16-05da43d95d80
• Enable Enforce SSL connection for PostgreSQL Server (azure_postgresql_enforce_ssl_connection_enable) Rule ID: e25a319c-0ca7-4e6a-b4b9-19beba480b3b
• Disable PostgreSQL server access from Azure services (azure_postgresql_allow_access_to_azure_service_disabled) Rule ID: 9b7b5a71-5eaa-4418-a6b0-17f796e8ebaa

Upgraded the py version from 1.9.0 to 1.10.0

release/v1.8.0

Release notes:

New remediation jobs added for AWS:

• Configure the EBS volume snapshot as private (ebs_private_snapshot) Rule ID - 2cdb8877-7ac3-4483-9ed0-1e792171d125
• Enable automatic minor version upgrade for RDS DBInstance (rds_enable_version_update) Rule ID - 5c8c264a7a550e1fb6560c4c
• Disable public access to RDS DBInstances (rds_remove_public_endpoint) Rule ID - 5c8c26467a550e1fb6560c48
• Encrypt Kinesis data stream (kinesis_encrypt_stream) Rule ID - ce603728-d631-4bae-8657-c22da6e5944e
• Set minimum password length for an AWS account (aws_iam_password_policy_min_length) Rule ID - 5c8c260b7a550e1fb6560bf4
• Set Password Reuse Prevention Policy for an AWS Account (aws_iam_password_reuse_prevention) Rule ID - 5c8c26107a550e1fb6560bfc
• Delete Expired IAM Server Certificate (aws_iam_server_certificate_expired) Rule ID - 7fe4eb28-3b82-11eb-adc1-0242ac120002
• Configure default Security Group to restrict all access (aws_ec2_default_security_group_traffic) Rule ID - 5c8c25f37a550e1fb6560bca
• Close Port 1433 for all Security Groups associated with an EC2 Instance (ec2_close_port_1433) Rule ID - 5c8c26417a550e1fb6560c3d
• Close Port 1521 for all Security Groups associated with an EC2 Instance (ec2_close_port_1521) Rule ID - 5c8c26417a550e1fb6560c3e
• Close Port 20 for all Security Groups associated with an EC2 Instance (ec2_close_port_20) Rule ID - 5c8c263d7a550e1fb6560c39
• Close Port 21 for all Security Groups associated with an EC2 Instance (ec2_close_port_21) Rule ID - 5c8c263d7a550e1fb6560c3a
• Close Port 23 for all Security Groups associated with an EC2 Instance (ec2_close_port_23) Rule ID - 5c8c263e7a550e1fb6560c3b
• Close Port 27017 for all Security Groups associated with an EC2 Instance (ec2_close_port_27017) Rule ID - 5c8c26427a550e1fb6560c40
• Close Port 3306 for all Security Groups associated with an EC2 Instance (ec2_close_port_3306) Rule ID - 5c8c26427a550e1fb6560c41
• Close Port 5439 for all Security Groups associated with an EC2 Instance (ec2_close_port_5439) Rule ID - 5c8c26447a550e1fb6560c44
• Close Port 5601 for all Security Groups associated with an EC2 Instance (ec2_close_port_5601) Rule ID - 4823ede0-7bed-4af0-a182-81c2ada80203
• Close Port 8080 for all Security Groups associated with an EC2 Instance (ec2_close_port_8080) Rule ID - 5c8c26407a550e1fb6560c3c
• Close Port 9200, 9300 for all Security Groups associated with an EC2 Instance (ec2_close_port_9200_9300) Rule ID - 04700175-adbe-49e1-bc7a-bc9605597ce2

Updated remediation jobs for AWS:

• Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID - 1ec4a1f2-3e08-11eb-b378-0242ac130002
• Close Port 22 for all Security Groups associated with an EC2 Instance (ec2_close_port_22) Rule ID - 5c8c26417a550e1fb6560c3f
• Close Port 3389 for all Security Groups associated with an EC2 Instance (ec2_close_port_3389) Rule ID - 5c8c26437a550e1fb6560c42
• Close Port 22 for a Security Group (security_group_close_port_22) Rule ID - 5c8c25ec7a550e1fb6560bbe
• Close Port 3389 for a Security Group (security_group_close_port_3389) Rule ID - 5c8c25ef7a550e1fb6560bc4
• Close Port 5432 for a Security Group (security_group_close_port_5432) Rule ID - 5c8c25f07a550e1fb6560bc6

release/v1.7.0

Release notes:

New remediation jobs added for Azure:

• Disable PostgreSQL server access from Azure services (azure_postgresql_allow_access_to_azure_service_disabled) Rule ID: 9b7b5a71-5eaa-4418-a6b0-17f796e8ebaa
• Restrict UDP access from Internet (azure_security_udp_access_restricted_from_internet) Rule ID: 4e27676b-7e87-4e2e-b756-28c96ed4fdf8
• Encrypt SQL Server TDE protector with CMK (azure_sql_tde_protector_encrypted_cmk) Rule ID: 7406e56f-bbf0-4571-8e50-21bd344e0fdb

New remediation jobs added for AWS:

• Remove Network ACL Rules that allows public access to administration ports (3389 and 22) (aws_ec2_administration_ports_ingress_allowed) Rule ID: 1ec4a1f2-3e08-11eb-b378-0242ac130002
• Restrict unsecured HTTP requests for S3 Bucket (aws_s3_bucket_policy_allow_https) Rule ID: 688d093c-3b8d-11eb-adc1-0242ac120002
• Remove SQS Queue Public Access (aws_sqs_queue_publicly_accessible) Rule ID: 09639b9d-98e8-493b-b8a4-916775a7dea9

Updated list of supported remediation jobs in the Readme file with new jobs.

release/v1.6.0

Release notes:

New remediation jobs added for Azure:

• Set Expiry date for Azure Key Vault Key (azure_key_vault_expiry_date_set_for_all_keys) Rule ID: 5c8c26677a550e1fb6560c6e
• Set Expiry date for Azure Key Vault Secret (azure_key_vault_expiry_date_set_for_all_secrets) Rule ID: 5c8c26687a550e1fb6560c70
• Enable Soft Delete and Purge Protection for Key Vault (azure_key_vault_is_recoverable) Rule ID: e2090e34-3580-4088-a815-2ead6a72700f
• Enable Enforce SSL connection for MySQL Server (azure_mysql_enforce_ssl_connection_enable) Rule ID: 677cbf2f-3096-4111-af16-05da43d95d80
• Enable Enforce SSL connection for PostgreSQL Server (azure_postgresql_enforce_ssl_connection_enable) Rule ID: e25a319c-0ca7-4e6a-b4b9-19beba480b3b
• Set Advanced Threat Protection Types to all for SQL Server (azure_sql_threat_detection_types_all_server) Rule ID: 5c8c26977a550e1fb6560cd6
• Enable Trusted Microsoft Services for Storage Account access (azure_storage_trusted_microsoft_services_access_enabled) Rule ID: 7ba94354-ab4c-11ea-bb37-0242ac130002

Updated list of supported remediation jobs in the Readme file

release/v1.5.0

Release notes:

New remediation jobs added for AWS:

• Enable encryption for Cloudtrail logs (aws_cloudtrail_logs_encrypted) Rule ID: 5c8c25e47a550e1fb6560bac
• Enables KMS automated key rotation (aws_kms_key_rotates) Rule ID: 5c8c26217a550e1fb6560c12
• Remove Cloudtrail S3 Bucket Public Access (aws_s3_cloudtrail_public_access) Rule ID: 5c8c265d7a550e1fb6560c65

Updated remediation jobs for AWS:

• Enable S3 Access Logging job is updated to encrypt the target S3 Bucket and has an updated Readme

Added list of supported remediation jobs to the Readme