Added a bunch of rules and rule path creators.

This commit is contained in:
VakarisZ 2020-09-23 10:16:53 +03:00
parent f462fcc842
commit c792f2f34c
23 changed files with 260 additions and 3 deletions

View File

@ -0,0 +1,11 @@
from enum import Enum
class CloudTrailRules(Enum):
# Logging
CLOUDTRAIL_DUPLICATED_GLOBAL_SERVICES_LOGGING = 'cloudtrail-duplicated-global-services-logging'
CLOUDTRAIL_NO_DATA_LOGGING = 'cloudtrail-no-data-logging'
CLOUDTRAIL_NO_GLOBAL_SERVICES_LOGGING = 'cloudtrail-no-global-services-logging'
CLOUDTRAIL_NO_LOG_FILE_VALIDATION = 'cloudtrail-no-log-file-validation'
CLOUDTRAIL_NO_LOGGING = 'cloudtrail-no-logging'
CLOUDTRAIL_NOT_CONFIGURED = 'cloudtrail-not-configured'

View File

@ -0,0 +1,6 @@
from enum import Enum
class CloudWatchRules(Enum):
# Logging
CLOUDWATCH_ALARM_WITHOUT_ACTIONS = 'cloudwatch-alarm-without-actions'

View File

@ -2,6 +2,7 @@ from enum import Enum
class EC2Rules(Enum): class EC2Rules(Enum):
# Ports
SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all' SECURITY_GROUP_ALL_PORTS_TO_ALL = 'ec2-security-group-opens-all-ports-to-all'
SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all' SECURITY_GROUP_OPENS_TCP_PORT_TO_ALL = 'ec2-security-group-opens-TCP-port-to-all'
SECURITY_GROUP_OPENS_UDP_PORT_TO_ALL = 'ec2-security-group-opens-UDP-port-to-all' SECURITY_GROUP_OPENS_UDP_PORT_TO_ALL = 'ec2-security-group-opens-UDP-port-to-all'
@ -20,3 +21,7 @@ class EC2Rules(Enum):
SECURITY_GROUP_OPENS_PLAINTEXT_PORT_FTP = 'ec2-security-group-opens-plaintext-port-FTP' SECURITY_GROUP_OPENS_PLAINTEXT_PORT_FTP = 'ec2-security-group-opens-plaintext-port-FTP'
SECURITY_GROUP_OPENS_PLAINTEXT_PORT_TELNET = 'ec2-security-group-opens-plaintext-port-Telnet' SECURITY_GROUP_OPENS_PLAINTEXT_PORT_TELNET = 'ec2-security-group-opens-plaintext-port-Telnet'
SECURITY_GROUP_OPENS_PORT_RANGE = 'ec2-security-group-opens-port-range' SECURITY_GROUP_OPENS_PORT_RANGE = 'ec2-security-group-opens-port-range'
# Encryption
EC2_EBS_SNAPSHOT_NOT_ENCRYPTED = 'ec2-ebs-snapshot-not-encrypted'
EC2_EBS_VOLUME_NOT_ENCRYPTED = 'ec2-ebs-volume-not-encrypted'

View File

@ -0,0 +1,6 @@
from enum import Enum
class ELBRules(Enum):
# Logging
ELB_NO_ACCESS_LOGS = 'elb-no-access-logs'

View File

@ -0,0 +1,10 @@
from enum import Enum
class ELBv2Rules(Enum):
# Encryption
ELBV2_LISTENER_ALLOWING_CLEARTEXT = 'elbv2-listener-allowing-cleartext'
ELBV2_OLDER_SSL_POLICY = 'elbv2-older-ssl-policy'
# Logging
ELBV2_NO_ACCESS_LOGS = 'elbv2-no-access-logs'

View File

@ -0,0 +1,39 @@
from enum import Enum
class IAMRules(Enum):
# Authentication/authorization
IAM_USER_NO_ACTIVE_KEY_ROTATION = 'iam-user-no-Active-key-rotation'
IAM_PASSWORD_POLICY_MINIMUM_LENGTH = 'iam-password-policy-minimum-length'
IAM_PASSWORD_POLICY_NO_EXPIRATION = 'iam-password-policy-no-expiration'
IAM_PASSWORD_POLICY_REUSE_ENABLED = 'iam-password-policy-reuse-enabled'
IAM_USER_WITH_PASSWORD_AND_KEY = 'iam-user-with-password-and-key'
IAM_ASSUME_ROLE_LACKS_EXTERNAL_ID_AND_MFA = 'iam-assume-role-lacks-external-id-and-mfa'
IAM_USER_WITHOUT_MFA = 'iam-user-without-mfa'
IAM_ROOT_ACCOUNT_NO_MFA = 'iam-root-account-no-mfa'
IAM_ROOT_ACCOUNT_WITH_ACTIVE_KEYS = 'iam-root-account-with-active-keys'
IAM_USER_NO_INACTIVE_KEY_ROTATION = 'iam-user-no-Inactive-key-rotation'
IAM_USER_WITH_MULTIPLE_ACCESS_KEYS = 'iam-user-with-multiple-access-keys'
# Least privilege
IAM_ASSUME_ROLE_POLICY_ALLOWS_ALL = 'iam-assume-role-policy-allows-all'
IAM_EC2_ROLE_WITHOUT_INSTANCES = 'iam-ec2-role-without-instances'
IAM_GROUP_WITH_INLINE_POLICIES = 'iam-group-with-inline-policies'
IAM_GROUP_WITH_NO_USERS = 'iam-group-with-no-users'
IAM_INLINE_GROUP_POLICY_ALLOWS_IAM_PASSROLE = 'iam-inline-group-policy-allows-iam-PassRole'
IAM_INLINE_GROUP_POLICY_ALLOWS_NOTACTIONS = 'iam-inline-group-policy-allows-NotActions'
IAM_INLINE_GROUP_POLICY_ALLOWS_STS_ASSUMEROLE = 'iam-inline-group-policy-allows-sts-AssumeRole'
IAM_INLINE_ROLE_POLICY_ALLOWS_IAM_PASSROLE = 'iam-inline-role-policy-allows-iam-PassRole'
IAM_INLINE_ROLE_POLICY_ALLOWS_NOTACTIONS = 'iam-inline-role-policy-allows-NotActions'
IAM_INLINE_ROLE_POLICY_ALLOWS_STS_ASSUMEROLE = 'iam-inline-role-policy-allows-sts-AssumeRole'
IAM_INLINE_USER_POLICY_ALLOWS_IAM_PASSROLE = 'iam-inline-user-policy-allows-iam-PassRole'
IAM_INLINE_USER_POLICY_ALLOWS_NOTACTIONS = 'iam-inline-user-policy-allows-NotActions'
IAM_INLINE_USER_POLICY_ALLOWS_STS_ASSUMEROLE = 'iam-inline-user-policy-allows-sts-AssumeRole'
IAM_MANAGED_POLICY_ALLOWS_IAM_PASSROLE = 'iam-managed-policy-allows-iam-PassRole'
IAM_MANAGED_POLICY_ALLOWS_NOTACTIONS = 'iam-managed-policy-allows-NotActions'
IAM_MANAGED_POLICY_ALLOWS_STS_ASSUMEROLE = 'iam-managed-policy-allows-sts-AssumeRole'
IAM_MANAGED_POLICY_NO_ATTACHMENTS = 'iam-managed-policy-no-attachments'
IAM_ROLE_WITH_INLINE_POLICIES = 'iam-role-with-inline-policies'
IAM_ROOT_ACCOUNT_USED_RECENTLY = 'iam-root-account-used-recently'
IAM_ROOT_ACCOUNT_WITH_ACTIVE_CERTS = 'iam-root-account-with-active-certs'
IAM_USER_WITH_INLINE_POLICIES = 'iam-user-with-inline-policies'

View File

@ -0,0 +1,11 @@
from enum import Enum
class RDSRules(Enum):
# Encryption
RDS_INSTANCE_STORAGE_NOT_ENCRYPTED = 'rds-instance-storage-not-encrypted'
# Data loss prevention
RDS_INSTANCE_BACKUP_DISABLED = 'rds-instance-backup-disabled'
RDS_INSTANCE_SHORT_BACKUP_RETENTION_PERIOD = 'rds-instance-short-backup-retention-period'
RDS_INSTANCE_SINGLE_AZ = 'rds-instance-single-az'

View File

@ -0,0 +1,6 @@
from enum import Enum
class RedshiftRules(Enum):
# Encryption
REDSHIFT_CLUSTER_DATABASE_NOT_ENCRYPTED = 'redshift-cluster-database-not-encrypted'

View File

@ -0,0 +1,14 @@
from enum import Enum
class S3Rules(Enum):
# Encryption
S3_BUCKET_ALLOWING_CLEARTEXT = 's3-bucket-allowing-cleartext'
S3_BUCKET_NO_DEFAULT_ENCRYPTION = 's3-bucket-no-default-encryption'
# Data loss prevention
S3_BUCKET_NO_MFA_DELETE = 's3-bucket-no-mfa-delete'
S3_BUCKET_NO_VERSIONING = 's3-bucket-no-versioning'
# Logging
S3_BUCKET_NO_LOGGING = 's3-bucket-no-logging'

View File

@ -0,0 +1,6 @@
from enum import Enum
class VPCRules(Enum):
# Logging
VPC_SUBNET_WITHOUT_FLOW_LOG = 'vpc-subnet-without-flow-log'

View File

@ -6,4 +6,28 @@ FINDINGS = 'findings'
class SERVICE_TYPES(Enum): class SERVICE_TYPES(Enum):
ACM = 'acm'
AWSLAMBDA = 'awslambda'
CLOUDFORMATION = 'cloudformation'
CLOUSDTRAIL = 'cloudtrail'
CLOUDWATCH = 'cloudwatch'
CONFIG = 'config'
DIRECTCONNECT = 'directconnect'
EC2 = 'ec2' EC2 = 'ec2'
EFS = 'efs'
ELASTICACHE = 'elasticache'
ELB = 'elb'
ELBv2 = 'elbv2'
EMR = 'emr'
IAM = 'iam'
KMS = 'kms'
RDS = 'rds'
REDSHIFT = 'redshift'
ROUTE53 = 'route53'
S3 = 's3'
SES = 'ses'
SNS = 'sns'
SQS = 'sqs'
VPC = 'vpc'
SECRETSMANAGER = 'secretsmanager'

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudtrail_rules import CloudTrailRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class CloudTrailRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUSDTRAIL
supported_rules = CloudTrailRules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.cloudwatch_rules import CloudWatchRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class CloudWatchRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.CLOUDWATCH
supported_rules = CloudWatchRules

View File

@ -1,4 +1,4 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.ec2_rules import EC2Rules from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.ec2_rules import EC2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \ from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \ from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elb_rules import ELBRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class ELBRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.ELB
supported_rules = ELBRules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.elbv2_rules import ELBv2Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class ELBv2RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.ELBv2
supported_rules = ELBv2Rules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.iam_rules import IAMRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class IAMRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.IAM
supported_rules = IAMRules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.rds_rules import RDSRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class RDSRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.RDS
supported_rules = RDSRules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.redshift_rules import RedshiftRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class RedshiftRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.REDSHIFT
supported_rules = RedshiftRules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.s3_rules import S3Rules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class S3RulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.S3
supported_rules = S3Rules

View File

@ -0,0 +1,11 @@
from monkey_island.cc.services.zero_trust.scoutsuite.consts.rule_names.vpc_rules import VPCRules
from monkey_island.cc.services.zero_trust.scoutsuite.consts.service_consts import \
SERVICE_TYPES
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.abstract_rule_path_creator import \
AbstractRulePathCreator
class VPCRulePathCreator(AbstractRulePathCreator):
service_type = SERVICE_TYPES.VPC
supported_rules = VPCRules

View File

@ -1,4 +1,24 @@
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.ec2_rule_path_creator import \ from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.cloudtrail_rule_path_creator import \
CloudTrailRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.cloudwatch_rule_path_creator import \
CloudWatchRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.ec2_rule_path_creator import \
EC2RulePathCreator EC2RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.elb_rule_path_creator import \
ELBRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.elbv2_rule_path_creator import \
ELBv2RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.iam_rule_path_creator import \
IAMRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.rds_rule_path_creator import \
RDSRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.redshift_rule_path_creator import \
RedshiftRulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.s3_rule_path_creator import \
S3RulePathCreator
from monkey_island.cc.services.zero_trust.scoutsuite.data_parsing.rule_path_building.rule_path_creators.vpc_rule_path_creator import \
VPCRulePathCreator
RULE_PATH_CREATORS_LIST = [EC2RulePathCreator] RULE_PATH_CREATORS_LIST = [EC2RulePathCreator, ELBv2RulePathCreator, RDSRulePathCreator, RedshiftRulePathCreator,
S3RulePathCreator, IAMRulePathCreator, CloudTrailRulePathCreator, ELBRulePathCreator,
VPCRulePathCreator, CloudWatchRulePathCreator]