-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial commit for aws s3 remove full access to authenticated users #118
Initial commit for aws s3 remove full access to authenticated users #118
Conversation
@sreedevikr, you must sign our contributor license agreement before your changes are merged. Click here to sign the agreement. If you are a VMware employee, read this for further instruction. |
### Applicable Rule | ||
|
||
##### Rule ID: | ||
5c8c26617a550e1fb6560c69 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rule Id for s3 full access for authenticated users is this - 5c8c26567a550e1fb6560c5d
5c8c26617a550e1fb6560c69 | ||
|
||
##### Rule Name: | ||
The S3 bucket policy allows unrestricted access |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"S3 bucket should not give full access to all authenticated users" - this is the rule name.
|
||
### Prerequisites | ||
|
||
The provided AWS credential must have access to `s3:PutBucketPublicAccessBlock`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The provided AWS credential must have access to s3:GetBucketAcl
and s3:PutBucketAcl
:rtype: int | ||
:raises: botocore.exceptions.ClientError | ||
""" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add try and except block to handle exception
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kshrutik Thanks for the review comments . I have included the fix for the review comments. Could you please review .
Please add unit test |
Also, can you please update the main readme file and the tox file? Run the tox file and verify if the unit tests are passing. |
…ons.ClientError as put_bucket_acl doesnot throw exception and created test case
… test case for exception case
@kshrutik Thanks for the review comments.Updated the main readme and the tox file |
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com>
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) * PLA-38601 - Fixed azure security port jobs (#128) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result * PLA-38601 - Add all the required source checks for azure security group port rules Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com>
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) * PLA-38601 - Fixed azure security port jobs (#128) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result * PLA-38601 - Add all the required source checks for azure security group port rules * PLA-45823 - Updated remediation job to restrict unsecured HTTP requests for S3 Bucket (#131) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com>
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) * PLA-38601 - Fixed azure security port jobs (#128) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result * PLA-38601 - Add all the required source checks for azure security group port rules * PLA-45823 - Updated remediation job to restrict unsecured HTTP requests for S3 Bucket (#131) * PLA-88313 - Updated pytest version (#133) Co-authored-by: Shrutika Kulkarni <kshrutika@kshrutikaHMD6R.vmware.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <kshrutika@kshrutikaHMD6R.vmware.com>
The commit includes the code changes for removing the full access privileges for aws authenticated users. Please provide us more information about the rule id , we have not updated the rule id for this remediation.