From 059d86b0c2bb916a16f5c6b58a98bb913f568364 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Fri, 25 Sep 2020 12:48:53 +0300 Subject: [PATCH] Added the rest of rules to Service Security finding --- .../cc/services/zero_trust/scoutsuite/consts/findings.py | 7 ++++++- .../zero_trust/scoutsuite/consts/rule_names/elbv2_rules.py | 3 +++ .../zero_trust/scoutsuite/consts/rule_names/rds_rules.py | 4 ++++ .../scoutsuite/consts/rule_names/redshift_rules.py | 3 +++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/findings.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/findings.py index c818d6725..ebb3d7018 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/findings.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/findings.py @@ -161,9 +161,14 @@ class LOGGING: test = zero_trust_consts.TEST_SCOUTSUITE_LOGGING + class SERVICE_SECURITY: rules = [ - CloudformationRules.CLOUDFORMATION_STACK_WITH_ROLE + CloudformationRules.CLOUDFORMATION_STACK_WITH_ROLE, + ELBv2Rules.ELBV2_HTTP_REQUEST_SMUGGLING, + RDSRules.RDS_INSTANCE_CA_CERTIFICATE_DEPRECATED, + RDSRules.RDS_INSTANCE_NO_MINOR_UPGRADE, + RedshiftRules.REDSHIFT_CLUSTER_NO_VERSION_UPGRADE ] test = zero_trust_consts.TEST_SCOUTSUITE_SERVICE_SECURITY diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/elbv2_rules.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/elbv2_rules.py index da5e1f64e..0d2d97681 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/elbv2_rules.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/elbv2_rules.py @@ -11,3 +11,6 @@ class ELBv2Rules(Enum): # Data loss prevention ELBV2_NO_DELETION_PROTECTION = 'elbv2-no-deletion-protection' + + # Service security + ELBV2_HTTP_REQUEST_SMUGGLING = 'elbv2-http-request-smuggling' diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/rds_rules.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/rds_rules.py index f68400120..fc7af9876 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/rds_rules.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/rds_rules.py @@ -13,3 +13,7 @@ class RDSRules(Enum): # Firewalls RDS_SECURITY_GROUP_ALLOWS_ALL = 'rds-security-group-allows-all' RDS_SNAPSHOT_PUBLIC = 'rds-snapshot-public' + + # Service security + RDS_INSTANCE_CA_CERTIFICATE_DEPRECATED = 'rds-instance-ca-certificate-deprecated' + RDS_INSTANCE_NO_MINOR_UPGRADE = 'rds-instance-no-minor-upgrade' diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/redshift_rules.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/redshift_rules.py index 203b24f23..5df21d981 100644 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/redshift_rules.py +++ b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/consts/rule_names/redshift_rules.py @@ -14,3 +14,6 @@ class RedshiftRules(Enum): # Logging REDSHIFT_PARAMETER_GROUP_LOGGING_DISABLED = 'redshift-parameter-group-logging-disabled' + + # Service security + REDSHIFT_CLUSTER_NO_VERSION_UPGRADE = 'redshift-cluster-no-version-upgrade'