Skip to content

Commit

Permalink
Merge pull request #6315 from Checkmarx/remove_cis_related_code
Browse files Browse the repository at this point in the history 
Removing CIS related code
  • Loading branch information
@gabriel-cx
gabriel-cx authored Apr 28, 2023
2 parents ebc1ab8 + 0ba3111 commit 4c63caf
Show file tree
Hide file tree
Showing 127 changed files with 1,127 additions and 1,495 deletions.
2 changes: 1 addition & 1 deletion assets/queries/dockerCompose/restart_policy_on_failure_not_set_to_5/metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"queryName": "Restart Policy On Failure Not Set To 5",
"severity": "MEDIUM",
"category": "Build Process",
"descriptionText": "Attribute 'restart:on-failure' should be set to 5. Restart policies in general should be used, and 5 retries is the recommended by CIS.",
"descriptionText": "Attribute 'restart:on-failure' should be set to 5. Restart policies in general should be used.",
"descriptionUrl": "https://docs.docker.com/config/containers/start-containers-automatically/#use-a-restart-policy",
"platform": "DockerCompose",
"descriptionID": "d21fff2e"
Expand Down
20 changes: 10 additions & 10 deletions ...terraform/aws/cloudwatch_aws_config_configuration_changes_alarm_missing/test/negative1.tf
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
resource "aws_cloudwatch_log_metric_filter" "CIS_AWS_Config_Change_Metric_Filter" {
name = "CIS-AWSConfigChanges"
resource "aws_cloudwatch_log_metric_filter" "AWS_Config_Change_Metric_Filter" {
name = "AWSConfigChanges"
pattern = "{ ($.eventSource = \"config.amazonaws.com\") && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-AWSConfigChanges"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWSConfigChanges"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
resource "aws_cloudwatch_metric_alarm" "CIS_AWS_Config_Change_CW_Alarm" {
alarm_name = "CIS-3.9-AWSConfigChanges"
resource "aws_cloudwatch_metric_alarm" "AWS_Config_Change_CW_Alarm" {
alarm_name = "AWSConfigChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.CIS_AWS_Config_Change_Metric_Filter.id
namespace = "CIS_Metric_Alarm_Namespace"
metric_name = aws_cloudwatch_log_metric_filter.AWS_Config_Change_Metric_Filter.id
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_description = "Monitoring changes to AWS Config configuration will help ensure sustained visibility of configuration items within the AWS account."
alarm_actions = [aws_sns_topic.CIS_Alerts_SNS_Topic.arn]
alarm_actions = [aws_sns_topic.Alerts_SNS_Topic.arn]
insufficient_data_actions = []
}
18 changes: 9 additions & 9 deletions ...terraform/aws/cloudwatch_aws_config_configuration_changes_alarm_missing/test/positive1.tf
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
resource "aws_cloudwatch_log_metric_filter" "CIS_AWS_Config_Change_Metric_Filter" {
name = "CIS-AWSConfigChanges"
resource "aws_cloudwatch_log_metric_filter" "AWS_Config_Change_Metric_Filter" {
name = "AWSConfigChanges"
pattern = "{ ($.eventSource = \"config.amazonaws.com\") && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-AWSConfigChanges"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWSConfigChanges"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
resource "aws_cloudwatch_metric_alarm" "CIS_AWS_Config_Change_CW_Alarm" {
alarm_name = "CIS-3.9-AWSConfigChanges"
resource "aws_cloudwatch_metric_alarm" "AWS_Config_Change_CW_Alarm" {
alarm_name = "AWSConfigChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = "XXXX NOT YOUR FILTER XXXX"
namespace = "CIS_Metric_Alarm_Namespace"
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_description = "Monitoring changes to AWS Config configuration will help ensure sustained visibility of configuration items within the AWS account."
alarm_actions = [aws_sns_topic.CIS_Alerts_SNS_Topic.arn]
alarm_actions = [aws_sns_topic.Alerts_SNS_Topic.arn]
insufficient_data_actions = []
}
20 changes: 10 additions & 10 deletions ...terraform/aws/cloudwatch_aws_config_configuration_changes_alarm_missing/test/positive2.tf
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
resource "aws_cloudwatch_log_metric_filter" "cis_no_mfa_console_signin_metric_filter" {
name = "CIS-ConsoleSigninWithoutMFA"
resource "aws_cloudwatch_log_metric_filter" "no_mfa_console_signin_metric_filter" {
name = "ConsoleSigninWithoutMFA"
pattern = "{ ($.eventName = \"ConsoleLogin\") && ($.additionalEventData.MFAUsed != \"Yes\") }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-ConsoleSigninWithoutMFA"
namespace = "CIS_Metric_Alarm_Namespace"
name = "ConsoleSigninWithoutMFA"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}

resource "aws_cloudwatch_metric_alarm" "cis_no_mfa_console_signin_cw_alarm" {
alarm_name = "CIS-3.2-ConsoleSigninWithoutMFA"
resource "aws_cloudwatch_metric_alarm" "no_mfa_console_signin_cw_alarm" {
alarm_name = "ConsoleSigninWithoutMFA"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.cis_no_mfa_console_signin_metric_filter.id
namespace = "CIS_Metric_Alarm_Namespace"
metric_name = aws_cloudwatch_log_metric_filter.no_mfa_console_signin_metric_filter.id
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_description = "Monitoring for single-factor console logins will increase visibility into accounts that are not protected by MFA."
alarm_actions = [aws_sns_topic.CIS_Alerts_SNS_Topic.arn]
alarm_actions = [aws_sns_topic.Alerts_SNS_Topic.arn]
insufficient_data_actions = []
}
18 changes: 9 additions & 9 deletions ...terraform/aws/cloudwatch_aws_config_configuration_changes_alarm_missing/test/positive3.tf
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
resource "aws_cloudwatch_log_metric_filter" "CIS_AWS_Config_Change_Metric_Filter" {
name = "CIS-AWSConfigChanges"
resource "aws_cloudwatch_log_metric_filter" "AWS_Config_Change_Metric_Filter" {
name = "AWSConfigChanges"
pattern = "{ ($.eventSource = \"config.amazonaws.com\") && (($.eventName=StopConfigurationRecorder)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-AWSConfigChanges"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWSConfigChanges"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
resource "aws_cloudwatch_metric_alarm" "CIS_AWS_Config_Change_CW_Alarm" {
alarm_name = "CIS-3.9-AWSConfigChanges"
resource "aws_cloudwatch_metric_alarm" "AWS_Config_Change_CW_Alarm" {
alarm_name = "AWSConfigChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = "XXXX NOT YOUR FILTER XXXX"
namespace = "CIS_Metric_Alarm_Namespace"
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_description = "Monitoring changes to AWS Config configuration will help ensure sustained visibility of configuration items within the AWS account."
alarm_actions = [aws_sns_topic.CIS_Alerts_SNS_Topic.arn]
alarm_actions = [aws_sns_topic.Alerts_SNS_Topic.arn]
insufficient_data_actions = []
}
18 changes: 9 additions & 9 deletions ...terraform/aws/cloudwatch_aws_config_configuration_changes_alarm_missing/test/positive4.tf
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
resource "aws_cloudwatch_log_metric_filter" "CIS_AWS_Config_Change_Metric_Filter" {
name = "CIS-AWSConfigChanges"
resource "aws_cloudwatch_log_metric_filter" "AWS_Config_Change_Metric_Filter" {
name = "AWSConfigChanges"
pattern = "{ ($.eventSource = \"config.amazonaws.com\") || (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-AWSConfigChanges"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWSConfigChanges"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
resource "aws_cloudwatch_metric_alarm" "CIS_AWS_Config_Change_CW_Alarm" {
alarm_name = "CIS-3.9-AWSConfigChanges"
resource "aws_cloudwatch_metric_alarm" "AWS_Config_Change_CW_Alarm" {
alarm_name = "AWSConfigChanges"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = "XXXX NOT YOUR FILTER XXXX"
namespace = "CIS_Metric_Alarm_Namespace"
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_description = "Monitoring changes to AWS Config configuration will help ensure sustained visibility of configuration items within the AWS account."
alarm_actions = [aws_sns_topic.CIS_Alerts_SNS_Topic.arn]
alarm_actions = [aws_sns_topic.Alerts_SNS_Topic.arn]
insufficient_data_actions = []
}
28 changes: 14 additions & 14 deletions ...ueries/terraform/aws/cloudwatch_aws_organizations_changes_missing_alarm/test/negative1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,35 @@ provider "aws" {
region = "us-east-2"
}

resource "aws_cloudwatch_log_group" "CIS_CloudWatch_LogsGroup" {
name = "CIS_CloudWatch_LogsGroup"
resource "aws_cloudwatch_log_group" "CloudWatch_LogsGroup" {
name = "CloudWatch_LogsGroup"
}

resource "aws_sns_topic" "cis_alerts_sns_topic" {
name = "cis-alerts-sns-topic"
resource "aws_sns_topic" "alerts_sns_topic" {
name = "alerts-sns-topic"
}

resource "aws_cloudwatch_metric_alarm" "cis_aws_organizations" {
alarm_name = "CIS-4.15-AWS-Organizations"
resource "aws_cloudwatch_metric_alarm" "aws_organizations" {
alarm_name = "AWS-Organizations"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.cis_aws_organizations.id
namespace = "CIS_Metric_Alarm_Namespace"
metric_name = aws_cloudwatch_log_metric_filter.aws_organizations.id
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_actions = [aws_sns_topic.cis_alerts_sns_topic.arn]
alarm_actions = [aws_sns_topic.alerts_sns_topic.arn]
insufficient_data_actions = []
}

resource "aws_cloudwatch_log_metric_filter" "cis_aws_organizations" {
name = "CIS-4.15-AWS-Organizations"
resource "aws_cloudwatch_log_metric_filter" "aws_organizations" {
name = "AWS-Organizations"
pattern = "{ ($.eventSource = \"organizations.amazonaws.com\") && (($.eventName = AcceptHandshake) || ($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = PutBucketLifecycle) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUni)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-4.15-AWS-Organizations"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWS-Organizations"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
26 changes: 13 additions & 13 deletions ...ueries/terraform/aws/cloudwatch_aws_organizations_changes_missing_alarm/test/positive1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,35 @@ provider "aws" {
region = "us-east-2"
}

resource "aws_cloudwatch_log_group" "CIS_CloudWatch_LogsGroup" {
name = "CIS_CloudWatch_LogsGroup"
resource "aws_cloudwatch_log_group" "CloudWatch_LogsGroup" {
name = "CloudWatch_LogsGroup"
}

resource "aws_sns_topic" "cis_alerts_sns_topic" {
name = "cis-alerts-sns-topic"
resource "aws_sns_topic" "alerts_sns_topic" {
name = "alerts-sns-topic"
}

resource "aws_cloudwatch_metric_alarm" "cis_aws_organizations" {
alarm_name = "CIS-4.15-AWS-Organizations"
resource "aws_cloudwatch_metric_alarm" "aws_organizations" {
alarm_name = "AWS-Organizations"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = "OTHER FILTER"
namespace = "CIS_Metric_Alarm_Namespace"
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_actions = [aws_sns_topic.cis_alerts_sns_topic.arn]
alarm_actions = [aws_sns_topic.alerts_sns_topic.arn]
insufficient_data_actions = []
}

resource "aws_cloudwatch_log_metric_filter" "cis_aws_organizations" {
name = "CIS-4.15-AWS-Organizations"
resource "aws_cloudwatch_log_metric_filter" "aws_organizations" {
name = "AWS-Organizations"
pattern = "{ ($.eventSource = \"organizations.amazonaws.com\") && (($.eventName = \"AcceptHandshake\") || ($.eventName = 'AttachPolicy') || ($.eventName = CreateAccount) || ($.eventName = PutBucketLifecycle) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUni)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-4.15-AWS-Organizations"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWS-Organizations"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
28 changes: 14 additions & 14 deletions ...ueries/terraform/aws/cloudwatch_aws_organizations_changes_missing_alarm/test/positive2.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,35 @@ provider "aws" {
region = "us-east-2"
}

resource "aws_cloudwatch_log_group" "CIS_CloudWatch_LogsGroup" {
name = "CIS_CloudWatch_LogsGroup"
resource "aws_cloudwatch_log_group" "CloudWatch_LogsGroup" {
name = "CloudWatch_LogsGroup"
}

resource "aws_sns_topic" "cis_alerts_sns_topic" {
name = "cis-alerts-sns-topic"
resource "aws_sns_topic" "alerts_sns_topic" {
name = "alerts-sns-topic"
}

resource "aws_cloudwatch_metric_alarm" "cis_aws_organizations" {
alarm_name = "CIS-4.15-AWS-Organizations"
resource "aws_cloudwatch_metric_alarm" "aws_organizations" {
alarm_name = "AWS-Organizations"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.cis_aws_organizations.id
namespace = "CIS_Metric_Alarm_Namespace"
metric_name = aws_cloudwatch_log_metric_filter.aws_organizations.id
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_actions = [aws_sns_topic.cis_alerts_sns_topic.arn]
alarm_actions = [aws_sns_topic.alerts_sns_topic.arn]
insufficient_data_actions = []
}

resource "aws_cloudwatch_log_metric_filter" "cis_aws_organizations" {
name = "CIS-4.15-AWS-Organizations"
resource "aws_cloudwatch_log_metric_filter" "aws_organizations" {
name = "AWS-Organizations"
pattern = "{ ($.eventSource = \"organizations.amazonaws.com\") && (($.eventName = AttachPolicy) || ($.eventName = CreateAccount) || ($.eventName = PutBucketLifecycle) || ($.eventName = CreateOrganizationalUnit) || ($.eventName = CreatePolicy) || ($.eventName = DeclineHandshake) || ($.eventName = DeleteOrganization) || ($.eventName = DeleteOrganizationalUnit) || ($.eventName = DeletePolicy) || ($.eventName = DetachPolicy) || ($.eventName = DisablePolicyType) || ($.eventName = EnablePolicyType) || ($.eventName = InviteAccountToOrganization) || ($.eventName = LeaveOrganization) || ($.eventName = MoveAccount) || ($.eventName = RemoveAccountFromOrganization) || ($.eventName = UpdatePolicy) || ($.eventName = UpdateOrganizationalUni)) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-4.15-AWS-Organizations"
namespace = "CIS_Metric_Alarm_Namespace"
name = "AWS-Organizations"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
28 changes: 14 additions & 14 deletions assets/queries/terraform/aws/cloudwatch_changes_to_nacl_alarm_missing/test/negative1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,35 +2,35 @@ provider "aws" {
region = "us-east-2"
}

resource "aws_cloudwatch_log_group" "CIS_CloudWatch_LogsGroup" {
name = "CIS_CloudWatch_LogsGroup"
resource "aws_cloudwatch_log_group" "CloudWatch_LogsGroup" {
name = "CloudWatch_LogsGroup"
}

resource "aws_sns_topic" "cis_alerts_sns_topic" {
name = "cis-alerts-sns-topic"
resource "aws_sns_topic" "alerts_sns_topic" {
name = "alerts-sns-topic"
}

resource "aws_cloudwatch_metric_alarm" "cis_changes_nacl" {
alarm_name = "CIS-4.11-Changes-NACL"
resource "aws_cloudwatch_metric_alarm" "changes_nacl" {
alarm_name = "Changes-NACL"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = aws_cloudwatch_log_metric_filter.cis_changes_nacl.id
namespace = "CIS_Metric_Alarm_Namespace"
metric_name = aws_cloudwatch_log_metric_filter.changes_nacl.id
namespace = "Metric_Alarm_Namespace"
period = "300"
statistic = "Sum"
threshold = "1"
alarm_actions = [aws_sns_topic.cis_alerts_sns_topic.arn]
alarm_actions = [aws_sns_topic.alerts_sns_topic.arn]
insufficient_data_actions = []
}

resource "aws_cloudwatch_log_metric_filter" "cis_changes_nacl" {
name = "CIS-4.11-Changes-NACL"
resource "aws_cloudwatch_log_metric_filter" "changes_nacl" {
name = "Changes-NACL"
pattern = "{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }"
log_group_name = aws_cloudwatch_log_group.CIS_CloudWatch_LogsGroup.name
log_group_name = aws_cloudwatch_log_group.CloudWatch_LogsGroup.name

metric_transformation {
name = "CIS-4.11-Changes-NACL"
namespace = "CIS_Metric_Alarm_Namespace"
name = "Changes-NACL"
namespace = "Metric_Alarm_Namespace"
value = "1"
}
}
Loading

0 comments on commit 4c63caf

Please sign in to comment.