-
Notifications
You must be signed in to change notification settings - Fork 497
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
updated with new resource_type format (#33)
- Loading branch information
1 parent
7d83f8e
commit 8cd6ee1
Showing
322 changed files
with
5,864 additions
and
5,402 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 21 additions & 20 deletions
41
pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0227.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,23 @@ | ||
{ | ||
"name": "port22OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port22OpenToInternet", | ||
"portNumber": 22, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Security Groups - Unrestricted Specific Ports - (SSH,22)", | ||
"reference_id": "AC_AWS_0227", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0227" | ||
"name": "port22OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true, | ||
"aws_security_group_rule": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port22OpenToInternet", | ||
"portNumber": 22, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Security Groups - Unrestricted Specific Ports - (SSH,22)", | ||
"reference_id": "AC_AWS_0227", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0227" | ||
} |
41 changes: 21 additions & 20 deletions
41
pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0228.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,23 @@ | ||
{ | ||
"name": "port80OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port80OpenToInternet", | ||
"portNumber": 80, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Security Groups - Unrestricted Specific Ports - (HTTP,80)", | ||
"reference_id": "AC_AWS_0228", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0228" | ||
"name": "port80OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true, | ||
"aws_security_group_rule": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port80OpenToInternet", | ||
"portNumber": 80, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Security Groups - Unrestricted Specific Ports - (HTTP,80)", | ||
"reference_id": "AC_AWS_0228", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0228" | ||
} |
41 changes: 21 additions & 20 deletions
41
pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0229.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,23 @@ | ||
{ | ||
"name": "port443OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port443OpenToInternet", | ||
"portNumber": 443, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "LOW", | ||
"description": "Security Groups - Unrestricted Specific Ports - (HTTPS,443)", | ||
"reference_id": "AC_AWS_0229", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0229" | ||
"name": "port443OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true, | ||
"aws_security_group_rule": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port443OpenToInternet", | ||
"portNumber": 443, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "LOW", | ||
"description": "Security Groups - Unrestricted Specific Ports - (HTTPS,443)", | ||
"reference_id": "AC_AWS_0229", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0229" | ||
} |
41 changes: 21 additions & 20 deletions
41
pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0230.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,23 @@ | ||
{ | ||
"name": "port3389OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port3389OpenToInternet", | ||
"portNumber": 3389, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Security Groups - Unrestricted Specific Ports - remote desktop port (TCP,3389)", | ||
"reference_id": "AC_AWS_0230", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0230" | ||
"name": "port3389OpenToInternet", | ||
"file": "portOpenToInternet.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true, | ||
"aws_security_group_rule": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "port3389OpenToInternet", | ||
"portNumber": 3389, | ||
"prefix": "", | ||
"protocol": "tcp", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Security Groups - Unrestricted Specific Ports - remote desktop port (TCP,3389)", | ||
"reference_id": "AC_AWS_0230", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0230" | ||
} |
37 changes: 19 additions & 18 deletions
37
pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0231.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,21 @@ | ||
{ | ||
"name": "unrestrictedIngressAccess", | ||
"file": "unrestrictedIngressAccess.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "unrestrictedIngressAccess", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols", | ||
"reference_id": "AC_AWS_0231", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0231" | ||
"name": "unrestrictedIngressAccess", | ||
"file": "unrestrictedIngressAccess.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true, | ||
"aws_security_group_rule": true | ||
}, | ||
"template_args": { | ||
"defaultValue": "<cidr>", | ||
"name": "unrestrictedIngressAccess", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols", | ||
"reference_id": "AC_AWS_0231", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0231" | ||
} |
35 changes: 18 additions & 17 deletions
35
pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0232.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,20 @@ | ||
{ | ||
"name": "defaultSGNotRestrictsAllTraffic", | ||
"file": "defaultSGNotRestrictsAllTraffic.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true | ||
}, | ||
"template_args": { | ||
"name": "defaultSGNotRestrictsAllTraffic", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Ensure no default security groups are used as they allow ingress from 0.0.0.0/0 to ALL ports and protocols", | ||
"reference_id": "AC_AWS_0232", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0232" | ||
"name": "defaultSGNotRestrictsAllTraffic", | ||
"file": "defaultSGNotRestrictsAllTraffic.rego", | ||
"policy_type": "aws", | ||
"resource_type": { | ||
"aws_security_group": true, | ||
"aws_security_group_rule": true | ||
}, | ||
"template_args": { | ||
"name": "defaultSGNotRestrictsAllTraffic", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Ensure no default security groups are used as they allow ingress from 0.0.0.0/0 to ALL ports and protocols", | ||
"reference_id": "AC_AWS_0232", | ||
"category": "Infrastructure Security", | ||
"version": 2, | ||
"id": "AC_AWS_0232" | ||
} |
Oops, something went wrong.