Skip to content
This repository was archived by the owner on Jul 22, 2021. It is now read-only.
This repository was archived by the owner on Jul 22, 2021. It is now read-only.

CIS-3.10-SecurityGroupChanges failed in AWS but passed here #96

Open
Open
CIS-3.10-SecurityGroupChanges failed in AWS but passed here#96
@azhurbilo

Description

@azhurbilo
azhurbilo
opened on Apr 28, 2020

CIS-3.10-SecurityGroupChanges failed in AWS but passed here

previously when I set pattern which described in guide - CIS Score PASSED

pattern        = "{ $.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup }"

but when I add additional filter by terraform user CIS Score FAILED in AWS console.

pattern        = "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) && ($.userIdentity.userName NOT EXISTS || $.userIdentity.userName != \"terraform\") }"

But running "python aws-cis-foundation-benchmark-checklist.py" show that 3.10 Passed.

Where I can find real CIS score algorithms?
Can I extend rule pattern to filter false positives?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions