prowler icon indicating copy to clipboard operation
prowler copied to clipboard

Published 20 hours ago verified publisher icon prowler-cloud

feat(ec2): improve EC2 Security Groups checks logic by checking if any instance is attached

Open sergargar opened this issue 10 months ago • 2 comments

Description

Improve EC2 Security Groups checks logic by checking if any instance is attached.

  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_any_port
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21
  • [x] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_udp_port_kerberos_88
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_udp_port_ldap_389_636
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cifs_139_445
  • [ ] ec2_securitygroup_allow_ingress_from_internet_to_custom_tcp_port

Also changing the severity with the following cases:

  1. medium -> Security group XXX has SSH port 22 open to the Internet but it is not attached.
  2. high -> EC2 Instance XXX has SSH exposed to 0.0.0.0/0 on private ip address XXX.
  3. high -> EC2 Instance XXX has SSH exposed to 0.0.0.0/0 on public ip address XXX.
  4. critical -> EC2 Instance XXX has SSH exposed to 0.0.0.0/0 on public ip address XXX within public subnet XXX.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

sergargar avatar Apr 24 '24 11:04 sergargar

Please @jfagoagas, review if the logic and functions used for the first check is correct in order to do the same for the rest of the checks.

sergargar avatar Apr 24 '24 11:04 sergargar

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 85.54%. Comparing base (a138d29) to head (b8c7c44). Report is 573 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3852      +/-   ##
==========================================
+ Coverage   85.46%   85.54%   +0.07%     
==========================================
  Files         737      741       +4     
  Lines       22811    22915     +104     
==========================================
+ Hits        19496    19602     +106     
+ Misses       3315     3313       -2

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Apr 24 '24 11:04 codecov[bot]

Closed by https://github.com/prowler-cloud/prowler/pull/4029

sergargar avatar May 21 '24 18:05 sergargar