Comments (6)
ramimac
commented on August 24, 2024
potential misconfigurations:
1.22 [check122] Ensure IAM policies that allow full "*:*" administrative privileges are not created (Scored)
PASS! No custom policies found
7.6 [extra76] Ensure there are no EC2 AMIs set as Public (Not Scored) (Not part of CIS benchmark)
7.7 [extra77] Ensure there are no ECR repositories set as Public (Not Scored) (Not part of CIS benchmark)
7.8 [extra78] Ensure there are no Public Accessible RDS instances (Not Scored) (Not part of CIS benchmark)
7.14 [extra714] Check if CloudFront distributions have logging enabled (Not Scored) (Not part of CIS benchmark)
7.15 [extra715] Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)
7.16 [extra716] Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)
7.20 [extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail (Not Scored) (Not part of CIS benchmark)
7.22 [extra722] Check if API Gateway has logging enabled (Not Scored) (Not part of CIS benchmark)
7.23 [extra723] Check if RDS Snapshots are public (Not Scored) (Not part of CIS benchmark)
7.24 [extra724] Check if ACM certificates have Certificate Transparency logging enabled (Not Scored) (Not part of CIS benchmark)
7.30 [extra730] Check if ACM Certificates are about to expire in 7 days or less (Not Scored) (Not part of CIS benchmark)
7.32 [extra732] Check if Geo restrictions are enabled in CloudFront distributions (Not Scored) (Not part of CIS benchmark)
7.36 [extra736] Check exposed KMS keys (Not Scored) (Not part of CIS benchmark)
7.37 [extra737] Check KMS keys with key rotation disabled (Not Scored) (Not part of CIS benchmark)
7.38 [extra738] Check if CloudFront distributions are set to HTTPS (Not Scored) (Not part of CIS benchmark)
7.40 [extra740] Check if EBS snapshots are encrypted (Not Scored) (Not part of CIS benchmark)
7.42 [extra742] Find secrets in CloudFormation outputs (Not Scored) (Not part of CIS benchmark)
7.62 [extra762] Find obsolete Lambda runtimes (Not Scored) (Not part of CIS benchmark)
from sadcloud.
ramimac
commented on August 24, 2024
check76 unsupported currently https://stackoverflow.com/questions/50937756/terraform-set-ami-permissions-to-public
from sadcloud.
ramimac
commented on August 24, 2024
check762 unsupported. deprecated runtimes can not be created
from sadcloud.
ramimac
commented on August 24, 2024
check742: use example AKIAIOSFODNN7EXAMPLE
Outputs:
sadcloudsecret:
Description: This should trigger any secret checks
Value: AKIAIOSFODNN7EXAMPLE
Export:
Name: AKIAIOSFODNN7EXAMPLE
from sadcloud.
ramimac
commented on August 24, 2024
check 723 is blocked by an open issue hashicorp/terraform-provider-aws#3860
from sadcloud.
ramimac
commented on August 24, 2024
4.4 [check44] Ensure routing tables for VPC peering are "least access"
7.27 [extra727] Check if SQS queues have policy set as Public (Not Scored) (Not part of CIS benchmark)
7.28 [extra728] Check if SQS queues have Server Side Encryption enabled (Not Scored) (Not part of CIS benchmark)
from sadcloud.
Related Issues (14)
- Refactor to use shared VPC
- Expand ScoutSuite AWS coverage HOT 1
- Add AWS coverage based on cloudmapper HOT 3
- Add documentation for adding findings
- Add support for Azure
- Add support for GCP
- Add example audits of all_findings HOT 1
- Add auto self-destruction capability HOT 1
- Add support for CloudFront
- Add coverage for Parliament
- Terraform Version, subnet_ids Not Recognized HOT 1
- the "list" function was deprecated in Terraform v0.12 HOT 1
- redshift module fails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sadcloud.