Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … #93
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…3306, 5439, 5601, 8080, 9200 and 9300
|
Everything looks good but I see that you have not added the unit test for these remediations job. Please add unit test and update the tox and main Readme file as well. You should run tox as a final test to see if all the requirements are specified. In Readme update the list of supported remediation jobs. |
… pkg from ec2_close_port_20.py
|
I have included the unit test for each of the scripts, updated tox.ini, and ran the tox to ensure the unit tests passed. |
|
Add changes to the README.md to the PR. |
kshrutik
reviewed
May 12, 2021
README.md
Outdated
| @@ -134,6 +134,17 @@ The table below lists all the supported jobs with their links. | |||
| | 21. | 688d093c-3b8d-11eb-adc1-0242ac120002 | S3 bucket should allow only HTTPS requests | [aws-s3-bucket-policy-allow-https](remediation_worker/jobs/aws_s3_bucket_policy_allow_https) | | |||
| | 22. | 09639b9d-98e8-493b-b8a4-916775a7dea9 | SQS queue policy should restricted access to required users | [aws-sqs-queue-publicly-accessible](remediation_worker/jobs/aws_sqs_queue_publicly_accessible) | | |||
| | 23. | 1ec4a1f2-3e08-11eb-b378-0242ac130002 | Network ACL should restrict administration ports (3389 and 22) from public access | [aws-ec2-administration-ports-ingress-allowed](remediation_worker/jobs/aws_ec2_administration_ports_ingress_allowed) | | |||
| | 24. | 5c8c263d7a550e1fb6560c39 | EC2 instance should restrict public access to SSH port (20) | [ec2-close-port-20](remediation_worker/jobs/ec2_close_port_20) | | |||
| | 25. | 4823ede0-7bed-4af0-a182-81c2ada80203 | EC2 instance should restrict public access to SSH port (5601) | [ec2-close-port-5601](remediation_worker/jobs/ec2_close_port_5601) | | |||
There was a problem hiding this comment.
Rule Name for port 5601 is this - EC2 instance should restrict public access to Kibana port (5601)
Correct the rule names for all the other entries as well. Also, check if you are using the correct rule name and rule id in all the readme files.
There was a problem hiding this comment.
sorry my bad... i copied and pasted from port 22. I updated the README accordingly to individual port's README.
Thanks for catching this.
kshrutik
approved these changes
May 13, 2021
nandeshguru
approved these changes
May 21, 2021
nandeshguru
pushed a commit
that referenced
this pull request
Aug 6, 2021
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com>
Manmohan-Tyagi
pushed a commit
that referenced
this pull request
Sep 9, 2021
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
Sep 17, 2021
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
Oct 1, 2021
* Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
Oct 1, 2021
* Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
Apr 11, 2022
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
May 16, 2022
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) * PLA-38601 - Fixed azure security port jobs (#128) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result * PLA-38601 - Add all the required source checks for azure security group port rules Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
Dec 8, 2022
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) * PLA-38601 - Fixed azure security port jobs (#128) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result * PLA-38601 - Add all the required source checks for azure security group port rules * PLA-45823 - Updated remediation job to restrict unsecured HTTP requests for S3 Bucket (#131) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com>
kshrutik
added a commit
that referenced
this pull request
Dec 20, 2022
* Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) * Initial commit for aws s3 remove full access to authenticated users (#118) * Initial commit for aws s3 remove full access to authenticated users * Correct the ruleid, minimum permissions, removed the botocore.exceptions.ClientError as put_bucket_acl doesnot throw exception and created test case * Updated the main readme and tox.ini file * Included a try catch exception block in the remediation job and added test case for exception case * Aws rds snapshot remove publicaccess (#117) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws rds snapshots remove public access * Updated the filename and testing steps in the readme * Corrected the ruleid, added unit test and modified the remediation logic to change the errorcode to the snapshot relevant errorcode and check if all is present in the attribute value list instead of direct equality check as attribute values is a list * Updated tox.ini * Corrected the ruleid in the remediation readme Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Aws ec2 close port 11211 (#116) * Release/v1.8.0 (#106) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Release/v1.9.0 (#113) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, … (#93) * Initial commit for ec2 close port for 1433, 1521, 20, 21, 23, 27017, 3306, 5439, 5601, 8080, 9200 and 9300 * Checking in unit test and tox.ini, made modification to remove common pkg from ec2_close_port_20.py * Checking in README with addition aws close port rules * Update README with correct port names for the new scripts * PLA-26195 - Handled PrincipalNotFound Exception in sql auditing job (#98) * PLA-24844 - Remediation job to restrict default security group access (#85) * PLA-24844 - Remediation job to restrict default security group access * PLA-24844 - Remediation job to restrict default security group access * Updated the remediation job code * PLA-25429 - Remediation job to set password reuse prevention policy (#89) * PLA-25429 - Remediation job to set password reuse prevention policy * PLA-25429 - Updated unit test * Updated the remediation job code * PLA-25428 - Remediation Job to set minimum password length (#90) * PLA-25430 - Remediation Job to delete expired server certificate (#96) * Initial commit for kinesis_encrypt_stream (#97) * Initial commit for kinesis_encrypt_stream * modified to add a return and exception to kinesis_encrypt_stream.py and unit testcases for remediate * remove print * update README.md * update README.md * remove format in kinesis_encrypt_stream.py * update README with a correct instruction to run the script and add a missing error loggin Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> * PLA-26855 - Updated azure remediation jobs to wait for the poller result (#99) * PLA-26855 - Updated azure remediation jobs to wait for the poller result * PLA-26855 - Update azure jobs to poll continuously and log the status * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_versi… (#101) * Initial commit for aws 3 jobs: ebs_private_snapshot, rds_enable_version_update, rds_remove_public_endpoint * Update ebs_private_snapshot.py * Incorporated comments and inputs from PR review * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * PLA-29176 - Fix remediation jobs for port rules (#102) * PLA-29176 - Fix remediation jobs for port rules * PLA-29176 - updated requirements * PLA-29176 - Updated the public instance port remediation jobs * PLA-29176 - Fixed readme file * PLA-29176 - Fixed comments * PLA-29176 - Updated all the AWS port rule remediation jobs * PLA-29176 - Fixed requirements-dev file * PLA-29176 - Added comments * PLA-29459 - Update Readme and tox file (#104) * PLA-29459 - Update Readme and tox file * PLA-29459 - Updated readme * Fixed requirements file (#105) * PLA-28074 - Update py version from 1.9.0 to 1.10.0 (#108) * Fix import issues in azure jobs (#107) Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Initial commit for aws ec2 close port 11211 * Updated readme file to reflect the correct python file name * Updates to readme to use the relevant python file * Update the ruleid to use the right one and create unit test case for closing port 11211 for ec2 * Updated the main readme and the tox file * Fixed the readme file by adding back the aws_iam_server_certificate_expired block and then including the aws_ec2_close_port_11211 Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <73834811+kshrutik@users.noreply.github.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> * Modified the remediation logic to check for protocol udp instead of tcp as the remediation is for closing the open udp port for memcache (#119) * Fixed RDS Snapshot remove public access remediation job (#120) * PLA-35232 - Fixed remediation jobs that does not report failures (#124) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result (#125) * PLA-38601 - Fixed azure security port jobs (#128) * PLA-38601 - Fixed azure remediation jobs to wait for the poller result * PLA-38601 - Add all the required source checks for azure security group port rules * PLA-45823 - Updated remediation job to restrict unsecured HTTP requests for S3 Bucket (#131) * PLA-88313 - Updated pytest version (#133) Co-authored-by: Shrutika Kulkarni <kshrutika@kshrutikaHMD6R.vmware.com> Co-authored-by: lytran2000 <44222483+lytran2000@users.noreply.github.com> Co-authored-by: sreedevikr <90842270+sreedevikr@users.noreply.github.com> Co-authored-by: Vikramjeet Singh <58273802+vikramsinghvirdi@users.noreply.github.com> Co-authored-by: Shrutika Kulkarni <kshrutika@kshrutikaHMD6R.vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…3306, 5439, 5601, 8080, 9200 and 9300.
The code were replicated from ec2 close port 22. Please review and approve for checkins.