diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json index cde678f9a7..babc127efd 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.json +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -7235,7 +7235,7 @@ { "id": "./security/aws/aws_config_enabled/aws_config_enabled.pt", "name": "AWS Regions Without Config Fully Enabled", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7309,7 +7309,7 @@ { "id": "./security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt", "name": "AWS Unencrypted EBS Volumes", - "version": "5.0.0", + "version": "5.0.1", "providers": [ { "name": "aws", @@ -7346,7 +7346,7 @@ { "id": "./security/aws/elb_unencrypted/aws_elb_encryption.pt", "name": "AWS Elastic Load Balancers With Unencrypted Listeners", - "version": "4.0.0", + "version": "4.0.1", "providers": [ { "name": "aws", @@ -7393,7 +7393,7 @@ { "id": "./security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt", "name": "AWS Regions Without Access Analyzer Enabled", - "version": "4.0.0", + "version": "4.0.1", "providers": [ { "name": "aws", @@ -7430,7 +7430,7 @@ { "id": "./security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt", "name": "AWS IAM Expired SSL/TLS Certificates", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7462,7 +7462,7 @@ { "id": "./security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt", "name": "AWS IAM Root User Account Without Hardware MFA", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7499,7 +7499,7 @@ { "id": "./security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt", "name": "AWS IAM User Accounts Without MFA", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7536,7 +7536,7 @@ { "id": "./security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt", "name": "AWS IAM Root User Account Without MFA", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7573,7 +7573,7 @@ { "id": "./security/aws/iam_min_password_length/iam_min_password_length.pt", "name": "AWS IAM Insufficient Required Password Length", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7605,7 +7605,7 @@ { "id": "./security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt", "name": "AWS IAM Attached Admin Policies", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7642,7 +7642,7 @@ { "id": "./security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt", "name": "AWS IAM Root Account Access Keys", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7674,7 +7674,7 @@ { "id": "./security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt", "name": "AWS IAM Root User Doing Everyday Tasks", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7711,7 +7711,7 @@ { "id": "./security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt", "name": "AWS IAM Users With Multiple Active Access Keys", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7748,7 +7748,7 @@ { "id": "./security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt", "name": "AWS IAM Password Policy Not Restricting Password Reuse", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7780,7 +7780,7 @@ { "id": "./security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt", "name": "AWS IAM Users With Old Access Keys", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7817,7 +7817,7 @@ { "id": "./security/aws/iam_support_role_created/iam_support_role_created.pt", "name": "AWS IAM Account Missing Support Role", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7854,7 +7854,7 @@ { "id": "./security/aws/iam_unused_creds/iam_unused_creds.pt", "name": "AWS Unused IAM Credentials", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7891,7 +7891,7 @@ { "id": "./security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt", "name": "AWS IAM Users With Directly-Attached Policies", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7933,7 +7933,7 @@ { "id": "./security/aws/kms_rotation/kms_rotation.pt", "name": "AWS Customer Managed Keys (CMKs) Without Rotation Enabled", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -7975,7 +7975,7 @@ { "id": "./security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs.pt", "name": "AWS Internet-Accessible Elastic Load Balancers", - "version": "4.0.0", + "version": "4.0.1", "providers": [ { "name": "aws", @@ -8028,7 +8028,7 @@ { "id": "./security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt", "name": "AWS CloudTrails Not Integrated With CloudWatch", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8065,7 +8065,7 @@ { "id": "./security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt", "name": "AWS CloudTrail S3 Buckets Without Access Logging", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8107,7 +8107,7 @@ { "id": "./security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt", "name": "AWS Publicly Accessible CloudTrail S3 Buckets", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8154,7 +8154,7 @@ { "id": "./security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt", "name": "AWS CloudTrails Without Object-level Events Logging Enabled", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8191,7 +8191,7 @@ { "id": "./security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt", "name": "AWS CloudTrails Without Encrypted Logs", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8223,7 +8223,7 @@ { "id": "./security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt", "name": "AWS CloudTrail Not Enabled In All Regions", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8265,7 +8265,7 @@ { "id": "./security/aws/log_file_validation_enabled/log_file_validation_enabled.pt", "name": "AWS CloudTrails Without Log File Validation Enabled", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8297,7 +8297,7 @@ { "id": "./security/aws/public_buckets/aws_public_buckets.pt", "name": "AWS Open S3 Buckets", - "version": "3.1", + "version": "3.1.1", "providers": [ { "name": "aws", @@ -8339,7 +8339,7 @@ { "id": "./security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt", "name": "AWS Publicly Accessible RDS Instances", - "version": "5.0.0", + "version": "5.0.1", "providers": [ { "name": "aws", @@ -8393,7 +8393,7 @@ { "id": "./security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt", "name": "AWS Unencrypted RDS Instances", - "version": "4.0.0", + "version": "4.0.1", "providers": [ { "name": "aws", @@ -8441,7 +8441,7 @@ { "id": "./security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt", "name": "AWS S3 Buckets Accepting HTTP Requests", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8488,7 +8488,7 @@ { "id": "./security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt", "name": "AWS S3 Buckets Without Server Access Logging", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8541,7 +8541,7 @@ { "id": "./security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt", "name": "AWS S3 Buckets Without Public Access Blocked", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8588,7 +8588,7 @@ { "id": "./security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt", "name": "AWS S3 Buckets Without MFA Delete Enabled", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8635,7 +8635,7 @@ { "id": "./security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt", "name": "AWS S3 Buckets Without Default Encryption Configuration", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "aws", @@ -8694,7 +8694,7 @@ { "id": "./security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt", "name": "AWS VPCs Without FlowLogs Enabled", - "version": "4.0.0", + "version": "4.0.1", "providers": [ { "name": "aws", @@ -9829,7 +9829,7 @@ { "id": "./security/google/public_buckets/google_public_buckets.pt", "name": "Google Open Buckets", - "version": "3.1", + "version": "3.1.1", "providers": [ { "name": "gce", diff --git a/data/policy_permissions_list/master_policy_permissions_list.yaml b/data/policy_permissions_list/master_policy_permissions_list.yaml index 0f8bba74e8..315b9c4fe4 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.yaml +++ b/data/policy_permissions_list/master_policy_permissions_list.yaml @@ -4184,7 +4184,7 @@ required: true - id: "./security/aws/aws_config_enabled/aws_config_enabled.pt" name: AWS Regions Without Config Fully Enabled - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4224,7 +4224,7 @@ required: true - id: "./security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt" name: AWS Unencrypted EBS Volumes - version: 5.0.0 + version: 5.0.1 :providers: - :name: aws :permissions: @@ -4244,7 +4244,7 @@ required: true - id: "./security/aws/elb_unencrypted/aws_elb_encryption.pt" name: AWS Elastic Load Balancers With Unencrypted Listeners - version: 4.0.0 + version: 4.0.1 :providers: - :name: aws :permissions: @@ -4270,7 +4270,7 @@ required: true - id: "./security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt" name: AWS Regions Without Access Analyzer Enabled - version: 4.0.0 + version: 4.0.1 :providers: - :name: aws :permissions: @@ -4290,7 +4290,7 @@ required: true - id: "./security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt" name: AWS IAM Expired SSL/TLS Certificates - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4307,7 +4307,7 @@ required: true - id: "./security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt" name: AWS IAM Root User Account Without Hardware MFA - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4327,7 +4327,7 @@ required: true - id: "./security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt" name: AWS IAM User Accounts Without MFA - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4347,7 +4347,7 @@ required: true - id: "./security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt" name: AWS IAM Root User Account Without MFA - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4367,7 +4367,7 @@ required: true - id: "./security/aws/iam_min_password_length/iam_min_password_length.pt" name: AWS IAM Insufficient Required Password Length - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4384,7 +4384,7 @@ required: true - id: "./security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt" name: AWS IAM Attached Admin Policies - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4404,7 +4404,7 @@ required: true - id: "./security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt" name: AWS IAM Root Account Access Keys - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4421,7 +4421,7 @@ required: true - id: "./security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt" name: AWS IAM Root User Doing Everyday Tasks - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4441,7 +4441,7 @@ required: true - id: "./security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt" name: AWS IAM Users With Multiple Active Access Keys - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4461,7 +4461,7 @@ required: true - id: "./security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt" name: AWS IAM Password Policy Not Restricting Password Reuse - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4478,7 +4478,7 @@ required: true - id: "./security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt" name: AWS IAM Users With Old Access Keys - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4498,7 +4498,7 @@ required: true - id: "./security/aws/iam_support_role_created/iam_support_role_created.pt" name: AWS IAM Account Missing Support Role - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4518,7 +4518,7 @@ required: true - id: "./security/aws/iam_unused_creds/iam_unused_creds.pt" name: AWS Unused IAM Credentials - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4538,7 +4538,7 @@ required: true - id: "./security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt" name: AWS IAM Users With Directly-Attached Policies - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4561,7 +4561,7 @@ required: true - id: "./security/aws/kms_rotation/kms_rotation.pt" name: AWS Customer Managed Keys (CMKs) Without Rotation Enabled - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4584,7 +4584,7 @@ required: true - id: "./security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs.pt" name: AWS Internet-Accessible Elastic Load Balancers - version: 4.0.0 + version: 4.0.1 :providers: - :name: aws :permissions: @@ -4615,7 +4615,7 @@ required: true - id: "./security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt" name: AWS CloudTrails Not Integrated With CloudWatch - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4635,7 +4635,7 @@ required: true - id: "./security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt" name: AWS CloudTrail S3 Buckets Without Access Logging - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4658,7 +4658,7 @@ required: true - id: "./security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt" name: AWS Publicly Accessible CloudTrail S3 Buckets - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4684,7 +4684,7 @@ required: true - id: "./security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt" name: AWS CloudTrails Without Object-level Events Logging Enabled - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4704,7 +4704,7 @@ required: true - id: "./security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt" name: AWS CloudTrails Without Encrypted Logs - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4721,7 +4721,7 @@ required: true - id: "./security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt" name: AWS CloudTrail Not Enabled In All Regions - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4744,7 +4744,7 @@ required: true - id: "./security/aws/log_file_validation_enabled/log_file_validation_enabled.pt" name: AWS CloudTrails Without Log File Validation Enabled - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4761,7 +4761,7 @@ required: true - id: "./security/aws/public_buckets/aws_public_buckets.pt" name: AWS Open S3 Buckets - version: '3.1' + version: 3.1.1 :providers: - :name: aws :permissions: @@ -4784,7 +4784,7 @@ required: true - id: "./security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt" name: AWS Publicly Accessible RDS Instances - version: 5.0.0 + version: 5.0.1 :providers: - :name: aws :permissions: @@ -4817,7 +4817,7 @@ required: true - id: "./security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt" name: AWS Unencrypted RDS Instances - version: 4.0.0 + version: 4.0.1 :providers: - :name: aws :permissions: @@ -4845,7 +4845,7 @@ required: true - id: "./security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt" name: AWS S3 Buckets Accepting HTTP Requests - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4871,7 +4871,7 @@ required: true - id: "./security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt" name: AWS S3 Buckets Without Server Access Logging - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4902,7 +4902,7 @@ required: true - id: "./security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt" name: AWS S3 Buckets Without Public Access Blocked - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4928,7 +4928,7 @@ required: true - id: "./security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt" name: AWS S3 Buckets Without MFA Delete Enabled - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4954,7 +4954,7 @@ required: true - id: "./security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt" name: AWS S3 Buckets Without Default Encryption Configuration - version: 3.0.0 + version: 3.0.1 :providers: - :name: aws :permissions: @@ -4990,7 +4990,7 @@ required: true - id: "./security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt" name: AWS VPCs Without FlowLogs Enabled - version: 4.0.0 + version: 4.0.1 :providers: - :name: aws :permissions: @@ -5595,7 +5595,7 @@ required: true - id: "./security/google/public_buckets/google_public_buckets.pt" name: Google Open Buckets - version: '3.1' + version: 3.1.1 :providers: - :name: gce :permissions: diff --git a/security/aws/aws_config_enabled/CHANGELOG.md b/security/aws/aws_config_enabled/CHANGELOG.md index 9e59ee0a0a..be72640f9b 100644 --- a/security/aws/aws_config_enabled/CHANGELOG.md +++ b/security/aws/aws_config_enabled/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS Regions Without Config Fully Enabled` to better reflect its functionality diff --git a/security/aws/aws_config_enabled/README.md b/security/aws/aws_config_enabled/README.md index 9f39a56388..9917fcb2dd 100644 --- a/security/aws/aws_config_enabled/README.md +++ b/security/aws/aws_config_enabled/README.md @@ -58,4 +58,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/aws_config_enabled/aws_config_enabled.pt b/security/aws/aws_config_enabled/aws_config_enabled.pt index 19616cf461..148fe67d8f 100644 --- a/security/aws/aws_config_enabled/aws_config_enabled.pt +++ b/security/aws/aws_config_enabled/aws_config_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "Config", policy_set: "CIS", @@ -139,7 +139,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -180,7 +179,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/aws_config_enabled/aws_config_enabled_meta_parent.pt b/security/aws/aws_config_enabled/aws_config_enabled_meta_parent.pt index a6cbd67fe6..ee92498c43 100644 --- a/security/aws/aws_config_enabled/aws_config_enabled_meta_parent.pt +++ b/security/aws/aws_config_enabled/aws_config_enabled_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/clb_unencrypted/CHANGELOG.md b/security/aws/clb_unencrypted/CHANGELOG.md index f61fb1bb8a..8b6758e84e 100644 --- a/security/aws/clb_unencrypted/CHANGELOG.md +++ b/security/aws/clb_unencrypted/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.1.2 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.1.1 - Deprecated: This policy is no longer being updated. Please see policy README for more information. diff --git a/security/aws/clb_unencrypted/README.md b/security/aws/clb_unencrypted/README.md index 09b9d6bb4e..89ad2a9b25 100644 --- a/security/aws/clb_unencrypted/README.md +++ b/security/aws/clb_unencrypted/README.md @@ -4,13 +4,13 @@ This policy is no longer being updated. The [AWS Elastic Load Balancers With Unencrypted Listeners](https://github.com/flexera-public/policy_templates/tree/master/security/aws/elb_unencrypted/) policy now includes this functionality. -## What it does +## What It Does Checks for unecrypted listeners on Classic Load Balancers. If an internet-facing listener is using an unecrypted protocol (eg: NOT HTTPS, SSL, or TLS) an incident report will show for the listener and an email will be sent to the user-specified email address. Note: Elastic Load Balancing (ELB) supports three types of load balancers: Classic Load Balancers, Application Load Balancers, and Network Load Balancers. There is a separate policy for Application and Network Load Balancers with unencrypted internet-facing listeners. -## Functional Details +## How It Works The policy leverages the AWS elasticloadbalancing API to examine listener details. When an unencrypted internet-facing listener is detected, an email action is triggered automatically to notify the specified users of the incident. @@ -62,4 +62,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/clb_unencrypted/aws_clb_encryption.pt b/security/aws/clb_unencrypted/aws_clb_encryption.pt index 05a44cd7b6..54a2fa9266 100644 --- a/security/aws/clb_unencrypted/aws_clb_encryption.pt +++ b/security/aws/clb_unencrypted/aws_clb_encryption.pt @@ -6,7 +6,7 @@ long_description "" category "Security" severity "medium" info( - version: "3.1.1", + version: "3.1.2", provider: "AWS", service: "ELB", policy_set: "", @@ -86,7 +86,6 @@ datasource "ds_regions_list" do # https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/ebs_ensure_encryption_default/README.md b/security/aws/ebs_ensure_encryption_default/README.md index 37744c7003..396e2cbe26 100644 --- a/security/aws/ebs_ensure_encryption_default/README.md +++ b/security/aws/ebs_ensure_encryption_default/README.md @@ -54,4 +54,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/ebs_unencrypted_volumes/CHANGELOG.md b/security/aws/ebs_unencrypted_volumes/CHANGELOG.md index 453dd1b96c..cc7a1f5d6e 100644 --- a/security/aws/ebs_unencrypted_volumes/CHANGELOG.md +++ b/security/aws/ebs_unencrypted_volumes/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v5.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v5.0.0 - Policy template renamed to `AWS Unencrypted EBS Volumes` to better reflect its functionality diff --git a/security/aws/ebs_unencrypted_volumes/README.md b/security/aws/ebs_unencrypted_volumes/README.md index 27921e8992..080815f971 100644 --- a/security/aws/ebs_unencrypted_volumes/README.md +++ b/security/aws/ebs_unencrypted_volumes/README.md @@ -61,4 +61,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt b/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt index 56703d1f1d..1ecd80b06b 100644 --- a/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt +++ b/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes.pt @@ -7,7 +7,7 @@ category "Security" severity "low" default_frequency "weekly" info( - version: "5.0.0", + version: "5.0.1", provider: "AWS", service: "EBS", policy_set: "" @@ -163,7 +163,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes_meta_parent.pt b/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes_meta_parent.pt index 41a5888b11..efd6a2c890 100644 --- a/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes_meta_parent.pt +++ b/security/aws/ebs_unencrypted_volumes/aws_unencrypted_volumes_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "5.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "5.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/elb_unencrypted/CHANGELOG.md b/security/aws/elb_unencrypted/CHANGELOG.md index 6ad80b5c51..3c48ca1f0b 100644 --- a/security/aws/elb_unencrypted/CHANGELOG.md +++ b/security/aws/elb_unencrypted/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.0.0 - Policy template renamed to `AWS Elastic Load Balancers With Unencrypted Listeners` to better reflect its functionality diff --git a/security/aws/elb_unencrypted/README.md b/security/aws/elb_unencrypted/README.md index f03a730449..bb2746ab90 100644 --- a/security/aws/elb_unencrypted/README.md +++ b/security/aws/elb_unencrypted/README.md @@ -66,4 +66,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/elb_unencrypted/aws_elb_encryption.pt b/security/aws/elb_unencrypted/aws_elb_encryption.pt index 8f0f65debe..2615f76f43 100644 --- a/security/aws/elb_unencrypted/aws_elb_encryption.pt +++ b/security/aws/elb_unencrypted/aws_elb_encryption.pt @@ -7,7 +7,7 @@ category "Security" severity "medium" default_frequency "daily" info( - version: "4.0.0", + version: "4.0.1", provider: "AWS", service: "Network", policy_set: "" @@ -159,7 +159,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -200,7 +199,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/elb_unencrypted/aws_elb_encryption_meta_parent.pt b/security/aws/elb_unencrypted/aws_elb_encryption_meta_parent.pt index fc373de833..fecec88c33 100644 --- a/security/aws/elb_unencrypted/aws_elb_encryption_meta_parent.pt +++ b/security/aws/elb_unencrypted/aws_elb_encryption_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "4.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/iam_access_analyzer_enabled/CHANGELOG.md b/security/aws/iam_access_analyzer_enabled/CHANGELOG.md index 26f2e54d48..6bd65d67ee 100644 --- a/security/aws/iam_access_analyzer_enabled/CHANGELOG.md +++ b/security/aws/iam_access_analyzer_enabled/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.0.0 - Policy template renamed to `AWS Regions Without Access Analyzer Enabled` to better reflect its functionality diff --git a/security/aws/iam_access_analyzer_enabled/README.md b/security/aws/iam_access_analyzer_enabled/README.md index 58a4991bbc..7f6919c836 100644 --- a/security/aws/iam_access_analyzer_enabled/README.md +++ b/security/aws/iam_access_analyzer_enabled/README.md @@ -56,4 +56,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt b/security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt index 610fdfb900..95eef520db 100644 --- a/security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt +++ b/security/aws/iam_access_analyzer_enabled/iam_access_analyzer_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "4.0.0", + version: "4.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -139,7 +139,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_expired_ssl_certs/CHANGELOG.md b/security/aws/iam_expired_ssl_certs/CHANGELOG.md index fb7457535f..86a94cc091 100644 --- a/security/aws/iam_expired_ssl_certs/CHANGELOG.md +++ b/security/aws/iam_expired_ssl_certs/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Expired SSL/TLS Certificates` to better reflect its functionality diff --git a/security/aws/iam_expired_ssl_certs/README.md b/security/aws/iam_expired_ssl_certs/README.md index 560739187a..33b4100bab 100644 --- a/security/aws/iam_expired_ssl_certs/README.md +++ b/security/aws/iam_expired_ssl_certs/README.md @@ -50,4 +50,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt b/security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt index c9b5a86873..a056b86f38 100644 --- a/security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt +++ b/security/aws/iam_expired_ssl_certs/iam_expired_ssl_certs.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_hwmfa_enabled_for_root/CHANGELOG.md b/security/aws/iam_hwmfa_enabled_for_root/CHANGELOG.md index 9ed927e488..3fd3ecfa46 100644 --- a/security/aws/iam_hwmfa_enabled_for_root/CHANGELOG.md +++ b/security/aws/iam_hwmfa_enabled_for_root/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Root User Account Without Hardware MFA` to better reflect its functionality diff --git a/security/aws/iam_hwmfa_enabled_for_root/README.md b/security/aws/iam_hwmfa_enabled_for_root/README.md index 4c64496019..d608b30e24 100644 --- a/security/aws/iam_hwmfa_enabled_for_root/README.md +++ b/security/aws/iam_hwmfa_enabled_for_root/README.md @@ -54,4 +54,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt b/security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt index ca77f24f8b..0b5bbff815 100644 --- a/security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt +++ b/security/aws/iam_hwmfa_enabled_for_root/aws_iam_hwmfa_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "15 minutes" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_mfa_enabled_for_iam_users/CHANGELOG.md b/security/aws/iam_mfa_enabled_for_iam_users/CHANGELOG.md index 2b1cf8bf46..fd5fe31353 100644 --- a/security/aws/iam_mfa_enabled_for_iam_users/CHANGELOG.md +++ b/security/aws/iam_mfa_enabled_for_iam_users/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM User Accounts Without MFA` to better reflect its functionality diff --git a/security/aws/iam_mfa_enabled_for_iam_users/README.md b/security/aws/iam_mfa_enabled_for_iam_users/README.md index 32ba171d8c..239683ec3f 100644 --- a/security/aws/iam_mfa_enabled_for_iam_users/README.md +++ b/security/aws/iam_mfa_enabled_for_iam_users/README.md @@ -55,4 +55,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt b/security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt index 8131727153..0c85a16711 100644 --- a/security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt +++ b/security/aws/iam_mfa_enabled_for_iam_users/iam_mfa_enabled_for_iam_users.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "15 minutes" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_mfa_enabled_for_root/CHANGELOG.md b/security/aws/iam_mfa_enabled_for_root/CHANGELOG.md index c9266beee7..76cf849f8e 100644 --- a/security/aws/iam_mfa_enabled_for_root/CHANGELOG.md +++ b/security/aws/iam_mfa_enabled_for_root/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Root User Account Without MFA` to better reflect its functionality diff --git a/security/aws/iam_mfa_enabled_for_root/README.md b/security/aws/iam_mfa_enabled_for_root/README.md index b7c4ee5350..789434c01a 100644 --- a/security/aws/iam_mfa_enabled_for_root/README.md +++ b/security/aws/iam_mfa_enabled_for_root/README.md @@ -54,4 +54,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt b/security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt index 7333ff3722..981cb093aa 100644 --- a/security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt +++ b/security/aws/iam_mfa_enabled_for_root/iam_mfa_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "15 minutes" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_min_password_length/CHANGELOG.md b/security/aws/iam_min_password_length/CHANGELOG.md index 037a697ff4..4f68865f48 100644 --- a/security/aws/iam_min_password_length/CHANGELOG.md +++ b/security/aws/iam_min_password_length/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Insufficient Required Password Length` to better reflect its functionality diff --git a/security/aws/iam_min_password_length/README.md b/security/aws/iam_min_password_length/README.md index 524d6502b3..1c4c9514d8 100644 --- a/security/aws/iam_min_password_length/README.md +++ b/security/aws/iam_min_password_length/README.md @@ -53,4 +53,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_min_password_length/iam_min_password_length.pt b/security/aws/iam_min_password_length/iam_min_password_length.pt index d04055ca0f..1ab84d5590 100644 --- a/security/aws/iam_min_password_length/iam_min_password_length.pt +++ b/security/aws/iam_min_password_length/iam_min_password_length.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_no_admin_iam_policies_attached/CHANGELOG.md b/security/aws/iam_no_admin_iam_policies_attached/CHANGELOG.md index 0db0b63c57..38ded5c23b 100644 --- a/security/aws/iam_no_admin_iam_policies_attached/CHANGELOG.md +++ b/security/aws/iam_no_admin_iam_policies_attached/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Attached Admin Policies` to better reflect its functionality diff --git a/security/aws/iam_no_admin_iam_policies_attached/README.md b/security/aws/iam_no_admin_iam_policies_attached/README.md index 01140fee86..e85aea2c42 100644 --- a/security/aws/iam_no_admin_iam_policies_attached/README.md +++ b/security/aws/iam_no_admin_iam_policies_attached/README.md @@ -64,4 +64,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt b/security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt index 74b9c20580..fcdc8abd9b 100644 --- a/security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt +++ b/security/aws/iam_no_admin_iam_policies_attached/iam_no_admin_iam_policies_attached.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_no_root_access_keys/CHANGELOG.md b/security/aws/iam_no_root_access_keys/CHANGELOG.md index 03a45e4854..41096001e7 100644 --- a/security/aws/iam_no_root_access_keys/CHANGELOG.md +++ b/security/aws/iam_no_root_access_keys/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Root Account Access Keys` to better reflect its functionality diff --git a/security/aws/iam_no_root_access_keys/README.md b/security/aws/iam_no_root_access_keys/README.md index 3b900279a5..97e7759246 100644 --- a/security/aws/iam_no_root_access_keys/README.md +++ b/security/aws/iam_no_root_access_keys/README.md @@ -52,4 +52,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt b/security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt index aa0b634202..f7b3c1c054 100644 --- a/security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt +++ b/security/aws/iam_no_root_access_keys/aws_iam_no_root_access_keys.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "15 minutes" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -162,7 +161,6 @@ end datasource "ds_iam_accesskeys" do request do auth $auth_aws - verb "GET" host "iam.amazonaws.com" path "/" query "Action", "GetAccountSummary" diff --git a/security/aws/iam_no_root_for_tasks/CHANGELOG.md b/security/aws/iam_no_root_for_tasks/CHANGELOG.md index 0f8d22d936..692db77db2 100644 --- a/security/aws/iam_no_root_for_tasks/CHANGELOG.md +++ b/security/aws/iam_no_root_for_tasks/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Root User Doing Everyday Tasks` to better reflect its functionality diff --git a/security/aws/iam_no_root_for_tasks/README.md b/security/aws/iam_no_root_for_tasks/README.md index 1dada63449..9444c5e949 100644 --- a/security/aws/iam_no_root_for_tasks/README.md +++ b/security/aws/iam_no_root_for_tasks/README.md @@ -56,4 +56,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt b/security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt index ce658031ff..b2d78a9281 100644 --- a/security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt +++ b/security/aws/iam_no_root_for_tasks/iam_no_root_for_tasks.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_one_active_key_per_user/CHANGELOG.md b/security/aws/iam_one_active_key_per_user/CHANGELOG.md index 27360b212d..a7beafe4eb 100644 --- a/security/aws/iam_one_active_key_per_user/CHANGELOG.md +++ b/security/aws/iam_one_active_key_per_user/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Users With Multiple Active Access Keys` to better reflect its functionality diff --git a/security/aws/iam_one_active_key_per_user/README.md b/security/aws/iam_one_active_key_per_user/README.md index 428b5550e6..22cfb74c58 100644 --- a/security/aws/iam_one_active_key_per_user/README.md +++ b/security/aws/iam_one_active_key_per_user/README.md @@ -53,4 +53,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt b/security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt index c2f2a2223e..c269223a24 100644 --- a/security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt +++ b/security/aws/iam_one_active_key_per_user/iam_one_active_key_per_user.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_prevent_password_reuse/CHANGELOG.md b/security/aws/iam_prevent_password_reuse/CHANGELOG.md index 42bb6ddbfb..014d9feb1d 100644 --- a/security/aws/iam_prevent_password_reuse/CHANGELOG.md +++ b/security/aws/iam_prevent_password_reuse/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Password Policy Not Restricting Password Reuse` to better reflect its functionality diff --git a/security/aws/iam_prevent_password_reuse/README.md b/security/aws/iam_prevent_password_reuse/README.md index 21fa7e2407..91a14a632b 100644 --- a/security/aws/iam_prevent_password_reuse/README.md +++ b/security/aws/iam_prevent_password_reuse/README.md @@ -51,4 +51,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt b/security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt index 740a06c855..1d7091a4f7 100644 --- a/security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt +++ b/security/aws/iam_prevent_password_reuse/iam_prevent_password_reuse.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_rotate_access_keys/CHANGELOG.md b/security/aws/iam_rotate_access_keys/CHANGELOG.md index 55d0a4fa35..1b1dfada95 100644 --- a/security/aws/iam_rotate_access_keys/CHANGELOG.md +++ b/security/aws/iam_rotate_access_keys/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Users With Old Access Keys` to better reflect its functionality diff --git a/security/aws/iam_rotate_access_keys/README.md b/security/aws/iam_rotate_access_keys/README.md index db931c1944..004a8e3593 100644 --- a/security/aws/iam_rotate_access_keys/README.md +++ b/security/aws/iam_rotate_access_keys/README.md @@ -55,4 +55,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt b/security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt index 09020ef593..67c9486165 100644 --- a/security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt +++ b/security/aws/iam_rotate_access_keys/iam_rotate_access_keys.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_support_role_created/CHANGELOG.md b/security/aws/iam_support_role_created/CHANGELOG.md index 2a4e4b41a2..a498baa2ea 100644 --- a/security/aws/iam_support_role_created/CHANGELOG.md +++ b/security/aws/iam_support_role_created/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Account Missing Support Role` to better reflect its functionality diff --git a/security/aws/iam_support_role_created/README.md b/security/aws/iam_support_role_created/README.md index cf51c8ff70..b5778edb8c 100644 --- a/security/aws/iam_support_role_created/README.md +++ b/security/aws/iam_support_role_created/README.md @@ -54,4 +54,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_support_role_created/iam_support_role_created.pt b/security/aws/iam_support_role_created/iam_support_role_created.pt index 5fa6a3bc7b..68cdc5dbda 100644 --- a/security/aws/iam_support_role_created/iam_support_role_created.pt +++ b/security/aws/iam_support_role_created/iam_support_role_created.pt @@ -7,7 +7,7 @@ category "Security" severity "low" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -201,7 +200,6 @@ datasource "ds_iam_entities" do iterate $ds_iam_support_policies request do auth $auth_aws - verb "GET" host "iam.amazonaws.com" path "/" query "Action", "ListEntitiesForPolicy" diff --git a/security/aws/iam_unused_creds/CHANGELOG.md b/security/aws/iam_unused_creds/CHANGELOG.md index f2f59e2a7a..6b8fd6a432 100644 --- a/security/aws/iam_unused_creds/CHANGELOG.md +++ b/security/aws/iam_unused_creds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS Unused IAM Credentials` to better reflect its functionality diff --git a/security/aws/iam_unused_creds/README.md b/security/aws/iam_unused_creds/README.md index 646e4bda0e..a0fa69e6da 100644 --- a/security/aws/iam_unused_creds/README.md +++ b/security/aws/iam_unused_creds/README.md @@ -55,4 +55,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_unused_creds/iam_unused_creds.pt b/security/aws/iam_unused_creds/iam_unused_creds.pt index 76069382ab..26ecba4401 100644 --- a/security/aws/iam_unused_creds/iam_unused_creds.pt +++ b/security/aws/iam_unused_creds/iam_unused_creds.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/iam_users_perms_via_groups_only/CHANGELOG.md b/security/aws/iam_users_perms_via_groups_only/CHANGELOG.md index 555fc2bf33..dd01287724 100644 --- a/security/aws/iam_users_perms_via_groups_only/CHANGELOG.md +++ b/security/aws/iam_users_perms_via_groups_only/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS IAM Users With Directly-Attached Policies` to better reflect its functionality diff --git a/security/aws/iam_users_perms_via_groups_only/README.md b/security/aws/iam_users_perms_via_groups_only/README.md index 281eadd49d..f8889f4482 100644 --- a/security/aws/iam_users_perms_via_groups_only/README.md +++ b/security/aws/iam_users_perms_via_groups_only/README.md @@ -56,4 +56,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt b/security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt index 4ffd5ca547..5813479088 100644 --- a/security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt +++ b/security/aws/iam_users_perms_via_groups_only/iam_users_perms_via_groups_only.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "IAM", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -207,7 +206,6 @@ datasource "ds_iam_users_attached" do iterate $ds_iam_users_with_policies request do auth $auth_aws - verb "GET" host "iam.amazonaws.com" path "/" query "Action", "ListAttachedUserPolicies" diff --git a/security/aws/kms_rotation/CHANGELOG.md b/security/aws/kms_rotation/CHANGELOG.md index 75f5a2c939..f6b69b1ba5 100644 --- a/security/aws/kms_rotation/CHANGELOG.md +++ b/security/aws/kms_rotation/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS Customer Managed Keys (CMKs) Without Rotation Enabled` to better reflect its functionality diff --git a/security/aws/kms_rotation/README.md b/security/aws/kms_rotation/README.md index adefbe3966..99855992d1 100644 --- a/security/aws/kms_rotation/README.md +++ b/security/aws/kms_rotation/README.md @@ -58,4 +58,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/kms_rotation/kms_rotation.pt b/security/aws/kms_rotation/kms_rotation.pt index 2b5c58b605..406a396809 100644 --- a/security/aws/kms_rotation/kms_rotation.pt +++ b/security/aws/kms_rotation/kms_rotation.pt @@ -7,7 +7,7 @@ severity "high" category "Security" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "KMS", policy_set: "CIS", @@ -139,7 +139,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -180,7 +179,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" @@ -221,7 +219,6 @@ datasource "ds_regions_with_keys" do iterate $ds_regions request do auth $auth_aws - verb "GET" host join(["kms.", val(iter_item, 'region'), ".amazonaws.com"]) path "/" query "Action", "ListKeys" diff --git a/security/aws/loadbalancer_internet_facing/CHANGELOG.md b/security/aws/loadbalancer_internet_facing/CHANGELOG.md index b73ae22eb1..1b0f51240c 100644 --- a/security/aws/loadbalancer_internet_facing/CHANGELOG.md +++ b/security/aws/loadbalancer_internet_facing/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.0.0 - Policy template renamed to `AWS Internet-Accessible Elastic Load Balancers` to better reflect its functionality diff --git a/security/aws/loadbalancer_internet_facing/README.md b/security/aws/loadbalancer_internet_facing/README.md index 33f34c3664..98c7497650 100644 --- a/security/aws/loadbalancer_internet_facing/README.md +++ b/security/aws/loadbalancer_internet_facing/README.md @@ -72,4 +72,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs.pt b/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs.pt index abd6a9f4d1..3b02e757f8 100644 --- a/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs.pt +++ b/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs.pt @@ -7,7 +7,7 @@ severity "high" category "Security" default_frequency "daily" info( - version: "4.0.0", + version: "4.0.1", provider: "AWS", service: "Network", policy_set: "" @@ -168,7 +168,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -209,7 +208,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs_meta_parent.pt b/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs_meta_parent.pt index 5e055225f5..1ed3b28e2b 100644 --- a/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs_meta_parent.pt +++ b/security/aws/loadbalancer_internet_facing/aws_internet_facing_elbs_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "4.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/log_cloudtrail_cloudwatch_integrated/CHANGELOG.md b/security/aws/log_cloudtrail_cloudwatch_integrated/CHANGELOG.md index 051c0db01e..9c66ec7e58 100644 --- a/security/aws/log_cloudtrail_cloudwatch_integrated/CHANGELOG.md +++ b/security/aws/log_cloudtrail_cloudwatch_integrated/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS CloudTrails Not Integrated With CloudWatch` to better reflect its functionality diff --git a/security/aws/log_cloudtrail_cloudwatch_integrated/README.md b/security/aws/log_cloudtrail_cloudwatch_integrated/README.md index 9104616c1b..03cabba81a 100644 --- a/security/aws/log_cloudtrail_cloudwatch_integrated/README.md +++ b/security/aws/log_cloudtrail_cloudwatch_integrated/README.md @@ -55,4 +55,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt b/security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt index e686baee18..ac93a4007d 100644 --- a/security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt +++ b/security/aws/log_cloudtrail_cloudwatch_integrated/log_cloudtrail_cloudwatch_integrated.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -130,7 +130,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -192,7 +191,6 @@ datasource "ds_trail_list_with_cw" do iterate $ds_trail_list request do auth $auth_aws - verb "GET" host join(["cloudtrail.", val(iter_item, "homeregion"), ".amazonaws.com"]) path "/" query "Action", "GetTrailStatus" diff --git a/security/aws/log_ensure_cloudtrail_bucket_access_logging/CHANGELOG.md b/security/aws/log_ensure_cloudtrail_bucket_access_logging/CHANGELOG.md index 3dd29a5a84..4e4afa38e8 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_access_logging/CHANGELOG.md +++ b/security/aws/log_ensure_cloudtrail_bucket_access_logging/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS CloudTrail S3 Buckets Without Access Logging` to better reflect its functionality diff --git a/security/aws/log_ensure_cloudtrail_bucket_access_logging/README.md b/security/aws/log_ensure_cloudtrail_bucket_access_logging/README.md index 7d8a33b36d..4137d4f3ca 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_access_logging/README.md +++ b/security/aws/log_ensure_cloudtrail_bucket_access_logging/README.md @@ -56,4 +56,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt b/security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt index aee738088c..b8631b7a06 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt +++ b/security/aws/log_ensure_cloudtrail_bucket_access_logging/log_ensure_cloudtrail_bucket_access_logging.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/log_ensure_cloudtrail_bucket_not_public/CHANGELOG.md b/security/aws/log_ensure_cloudtrail_bucket_not_public/CHANGELOG.md index 3d9213100d..c53a3906a5 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_not_public/CHANGELOG.md +++ b/security/aws/log_ensure_cloudtrail_bucket_not_public/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS Publicly Accessible CloudTrail S3 Buckets` to better reflect its functionality diff --git a/security/aws/log_ensure_cloudtrail_bucket_not_public/README.md b/security/aws/log_ensure_cloudtrail_bucket_not_public/README.md index e44fecf481..c9563811c9 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_not_public/README.md +++ b/security/aws/log_ensure_cloudtrail_bucket_not_public/README.md @@ -58,4 +58,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt b/security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt index 37b4b4ced6..bd90eb3ec0 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt +++ b/security/aws/log_ensure_cloudtrail_bucket_not_public/log_ensure_cloudtrail_bucket_not_public.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/log_ensure_cloudtrail_bucket_object_logging/CHANGELOG.md b/security/aws/log_ensure_cloudtrail_bucket_object_logging/CHANGELOG.md index 01cf7f0ee4..dbc1c1fe09 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_object_logging/CHANGELOG.md +++ b/security/aws/log_ensure_cloudtrail_bucket_object_logging/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS CloudTrails Without Object-level Events Logging Enabled` to better reflect its functionality diff --git a/security/aws/log_ensure_cloudtrail_bucket_object_logging/README.md b/security/aws/log_ensure_cloudtrail_bucket_object_logging/README.md index d7bb03d707..c9de5ecb28 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_object_logging/README.md +++ b/security/aws/log_ensure_cloudtrail_bucket_object_logging/README.md @@ -54,4 +54,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt b/security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt index 28fb70c769..7f1f8d1e56 100644 --- a/security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt +++ b/security/aws/log_ensure_cloudtrail_bucket_object_logging/log_ensure_cloudtrail_bucket_object_logging.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/log_ensure_cloudtrail_encrypted/CHANGELOG.md b/security/aws/log_ensure_cloudtrail_encrypted/CHANGELOG.md index 031a59b209..a64dfa0c72 100644 --- a/security/aws/log_ensure_cloudtrail_encrypted/CHANGELOG.md +++ b/security/aws/log_ensure_cloudtrail_encrypted/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS CloudTrails Without Encrypted Logs` to better reflect its functionality diff --git a/security/aws/log_ensure_cloudtrail_encrypted/README.md b/security/aws/log_ensure_cloudtrail_encrypted/README.md index 03170e17ee..2a76d13138 100644 --- a/security/aws/log_ensure_cloudtrail_encrypted/README.md +++ b/security/aws/log_ensure_cloudtrail_encrypted/README.md @@ -52,4 +52,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt b/security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt index a371d85e2e..04f9573bfa 100644 --- a/security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt +++ b/security/aws/log_ensure_cloudtrail_encrypted/log_ensure_cloudtrail_encrypted.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/log_ensure_cloudtrail_multiregion/CHANGELOG.md b/security/aws/log_ensure_cloudtrail_multiregion/CHANGELOG.md index a295982b32..32419a9282 100644 --- a/security/aws/log_ensure_cloudtrail_multiregion/CHANGELOG.md +++ b/security/aws/log_ensure_cloudtrail_multiregion/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS CloudTrail Not Enabled In All Regions` to better reflect its functionality diff --git a/security/aws/log_ensure_cloudtrail_multiregion/README.md b/security/aws/log_ensure_cloudtrail_multiregion/README.md index f718fb04a3..484a776f07 100644 --- a/security/aws/log_ensure_cloudtrail_multiregion/README.md +++ b/security/aws/log_ensure_cloudtrail_multiregion/README.md @@ -60,4 +60,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt b/security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt index 75e6108e04..e876eab647 100644 --- a/security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt +++ b/security/aws/log_ensure_cloudtrail_multiregion/log_ensure_cloudtrail_multiregion.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/log_file_validation_enabled/CHANGELOG.md b/security/aws/log_file_validation_enabled/CHANGELOG.md index 13bdea94ad..d317882a1b 100644 --- a/security/aws/log_file_validation_enabled/CHANGELOG.md +++ b/security/aws/log_file_validation_enabled/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS CloudTrails Without Log File Validation Enabled` to better reflect its functionality diff --git a/security/aws/log_file_validation_enabled/README.md b/security/aws/log_file_validation_enabled/README.md index 1b0acc7d49..9a0c6920ee 100644 --- a/security/aws/log_file_validation_enabled/README.md +++ b/security/aws/log_file_validation_enabled/README.md @@ -52,4 +52,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/log_file_validation_enabled/log_file_validation_enabled.pt b/security/aws/log_file_validation_enabled/log_file_validation_enabled.pt index 8a1ddc207b..23d28d44d5 100644 --- a/security/aws/log_file_validation_enabled/log_file_validation_enabled.pt +++ b/security/aws/log_file_validation_enabled/log_file_validation_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "CloudTrail", policy_set: "CIS", @@ -121,7 +121,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/public_buckets/CHANGELOG.md b/security/aws/public_buckets/CHANGELOG.md index 9add00c29f..47d777918c 100644 --- a/security/aws/public_buckets/CHANGELOG.md +++ b/security/aws/public_buckets/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.1.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.1 - fixed link to README in policy description diff --git a/security/aws/public_buckets/README.md b/security/aws/public_buckets/README.md index 1b5e91b50b..426417efd0 100644 --- a/security/aws/public_buckets/README.md +++ b/security/aws/public_buckets/README.md @@ -68,4 +68,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/public_buckets/aws_public_buckets.pt b/security/aws/public_buckets/aws_public_buckets.pt index baca562f13..2d983c8bc5 100644 --- a/security/aws/public_buckets/aws_public_buckets.pt +++ b/security/aws/public_buckets/aws_public_buckets.pt @@ -7,7 +7,7 @@ severity "high" category "Security" default_frequency "daily" info( - version: "3.1", + version: "3.1.1", provider: "AWS", service: "S3", policy_set: "Open S3 Buckets" @@ -46,8 +46,8 @@ parameter "param_regions_list" do type "list" category "Filters" label "Allow/Deny Regions List" - allowed_pattern /^([a-zA-Z-_]+-[a-zA-Z0-9-_]+-[0-9-_]+,*|)+$/ description "A list of allowed or denied regions. See the README for more details" + allowed_pattern /^([a-zA-Z-_]+-[a-zA-Z0-9-_]+-[0-9-_]+,*|)+$/ default [] end @@ -70,19 +70,6 @@ credentials "auth_flexera" do tags "provider=flexera" end -############################################################################### -# Pagination -############################################################################### - -pagination "pagination_aws" do - get_page_marker do - body_path jmes_path(response, "NextToken") - end - set_page_marker do - body_field "NextToken" - end -end - ############################################################################### # Datasources & Scripts ############################################################################### @@ -146,12 +133,11 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" - header "User-Agent", "RS Policies" query "Action", "GetCallerIdentity" query "Version", "2011-06-15" + header "User-Agent", "RS Policies" end result do encoding "xml" @@ -367,9 +353,15 @@ script "js_aws_public_buckets", type: "javascript" do // Dummy item to ensure that the check statement in the policy executes at least once result.push({ - id: "", creation_date: "", region: "", - host: "", grantee_uris: "", owner: "", - policy_name: "", accountID: "", accountName: "" + id: "", + creation_date: "", + region: "", + host: "", + grantee_uris: "", + owner: "", + policy_name: "", + accountID: "", + accountName: "" }) result[0]['message'] = findings @@ -440,7 +432,7 @@ datasource "ds_get_policy" do auth $auth_flexera host rs_governance_host ignore_status [404] - path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id,""), meta_parent_policy_id, policy_id) ]) + path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id, ""), meta_parent_policy_id, policy_id)]) header "Api-Version", "1.0" end result do diff --git a/security/aws/public_buckets/aws_public_buckets_meta_parent.pt b/security/aws/public_buckets/aws_public_buckets_meta_parent.pt index 53d5c89f07..257a111a12 100644 --- a/security/aws/public_buckets/aws_public_buckets_meta_parent.pt +++ b/security/aws/public_buckets/aws_public_buckets_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.1.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) @@ -81,8 +81,8 @@ parameter "param_regions_list" do type "list" category "Filters" label "Allow/Deny Regions List" - allowed_pattern /^([a-zA-Z-_]+-[a-zA-Z0-9-_]+-[0-9-_]+,*|)+$/ description "A list of allowed or denied regions. See the README for more details" + allowed_pattern /^([a-zA-Z-_]+-[a-zA-Z0-9-_]+-[0-9-_]+,*|)+$/ default [] end diff --git a/security/aws/rds_publicly_accessible/CHANGELOG.md b/security/aws/rds_publicly_accessible/CHANGELOG.md index 4b6884d37f..aa214430ca 100644 --- a/security/aws/rds_publicly_accessible/CHANGELOG.md +++ b/security/aws/rds_publicly_accessible/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v5.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v5.0.0 - Policy template renamed to `AWS Publicly Accessible RDS Instances` to better reflect its functionality diff --git a/security/aws/rds_publicly_accessible/README.md b/security/aws/rds_publicly_accessible/README.md index 03b959ef7b..be86deb14b 100644 --- a/security/aws/rds_publicly_accessible/README.md +++ b/security/aws/rds_publicly_accessible/README.md @@ -84,4 +84,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt b/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt index 0499096889..9911240227 100644 --- a/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt +++ b/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "hourly" info( - version: "5.0.0", + version: "5.0.1", provider: "AWS", service: "RDS", policy_set: "" @@ -113,7 +113,6 @@ end # Get AWS RDS instance sizes datasource "ds_aws_instance_size_map" do request do - verb "GET" host "raw.githubusercontent.com" path "/flexera-public/policy_templates/master/data/aws/instance_types.json" header "User-Agent", "RS Policies" @@ -169,7 +168,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -210,7 +208,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances_meta_parent.pt b/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances_meta_parent.pt index 4f8a35e6cf..c4050ea991 100644 --- a/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances_meta_parent.pt +++ b/security/aws/rds_publicly_accessible/aws_publicly_accessible_rds_instances_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "5.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "5.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/rds_unencrypted/CHANGELOG.md b/security/aws/rds_unencrypted/CHANGELOG.md index 2d6f9e8c5c..d340a643ac 100644 --- a/security/aws/rds_unencrypted/CHANGELOG.md +++ b/security/aws/rds_unencrypted/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.0.0 - Added more robust tag filtering options diff --git a/security/aws/rds_unencrypted/README.md b/security/aws/rds_unencrypted/README.md index 4579118858..9994107706 100644 --- a/security/aws/rds_unencrypted/README.md +++ b/security/aws/rds_unencrypted/README.md @@ -81,4 +81,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt b/security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt index 11d7d368de..26e12210e3 100644 --- a/security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt +++ b/security/aws/rds_unencrypted/aws_unencrypted_rds_instances.pt @@ -7,7 +7,7 @@ category "Security" severity "medium" default_frequency "daily" info( - version: "4.0.0", + version: "4.0.1", provider: "AWS", service: "RDS", policy_set: "CIS", @@ -119,7 +119,6 @@ end # Get AWS RDS instance sizes datasource "ds_aws_instance_size_map" do request do - verb "GET" host "raw.githubusercontent.com" path "/flexera-public/policy_templates/master/data/aws/instance_types.json" header "User-Agent", "RS Policies" @@ -175,7 +174,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -216,7 +214,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/rds_unencrypted/aws_unencrypted_rds_instances_meta_parent.pt b/security/aws/rds_unencrypted/aws_unencrypted_rds_instances_meta_parent.pt index a3c6a9fa4a..ecf9ee5666 100644 --- a/security/aws/rds_unencrypted/aws_unencrypted_rds_instances_meta_parent.pt +++ b/security/aws/rds_unencrypted/aws_unencrypted_rds_instances_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "4.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/s3_buckets_deny_http/CHANGELOG.md b/security/aws/s3_buckets_deny_http/CHANGELOG.md index ef56e7c8fe..280358c1b0 100644 --- a/security/aws/s3_buckets_deny_http/CHANGELOG.md +++ b/security/aws/s3_buckets_deny_http/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS S3 Buckets Accepting HTTP Requests` to better reflect its functionality diff --git a/security/aws/s3_buckets_deny_http/README.md b/security/aws/s3_buckets_deny_http/README.md index d1f12fca99..6557862530 100644 --- a/security/aws/s3_buckets_deny_http/README.md +++ b/security/aws/s3_buckets_deny_http/README.md @@ -77,4 +77,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt b/security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt index 6381f4d68e..30f3d70373 100644 --- a/security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt +++ b/security/aws/s3_buckets_deny_http/s3_buckets_deny_http.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "Storage", policy_set: "CIS", @@ -164,7 +164,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/s3_buckets_deny_http/s3_buckets_deny_http_meta_parent.pt b/security/aws/s3_buckets_deny_http/s3_buckets_deny_http_meta_parent.pt index ddf66e5ecd..eedb0827dc 100644 --- a/security/aws/s3_buckets_deny_http/s3_buckets_deny_http_meta_parent.pt +++ b/security/aws/s3_buckets_deny_http/s3_buckets_deny_http_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/s3_buckets_without_server_access_logging/CHANGELOG.md b/security/aws/s3_buckets_without_server_access_logging/CHANGELOG.md index b95813f9e4..55e64647a7 100644 --- a/security/aws/s3_buckets_without_server_access_logging/CHANGELOG.md +++ b/security/aws/s3_buckets_without_server_access_logging/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy no longer allows for automatic actions diff --git a/security/aws/s3_buckets_without_server_access_logging/README.md b/security/aws/s3_buckets_without_server_access_logging/README.md index 5ae98a4cad..510065093e 100644 --- a/security/aws/s3_buckets_without_server_access_logging/README.md +++ b/security/aws/s3_buckets_without_server_access_logging/README.md @@ -71,4 +71,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt b/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt index dffffb6a45..d8d807c79d 100644 --- a/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt +++ b/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "Storage", policy_set: "" @@ -158,7 +158,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging_meta_parent.pt b/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging_meta_parent.pt index 0c51d28f30..a67271c5ab 100644 --- a/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging_meta_parent.pt +++ b/security/aws/s3_buckets_without_server_access_logging/aws_s3_buckets_without_server_access_logging_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/s3_ensure_buckets_block_public_access/CHANGELOG.md b/security/aws/s3_ensure_buckets_block_public_access/CHANGELOG.md index f3796bd23a..aea3c497af 100644 --- a/security/aws/s3_ensure_buckets_block_public_access/CHANGELOG.md +++ b/security/aws/s3_ensure_buckets_block_public_access/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS S3 Buckets Without Public Access Blocked` to better reflect its functionality diff --git a/security/aws/s3_ensure_buckets_block_public_access/README.md b/security/aws/s3_ensure_buckets_block_public_access/README.md index 62c5f703be..0a66c2ce0b 100644 --- a/security/aws/s3_ensure_buckets_block_public_access/README.md +++ b/security/aws/s3_ensure_buckets_block_public_access/README.md @@ -77,4 +77,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt b/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt index cc76a3cc05..2abc0febd0 100644 --- a/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt +++ b/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "Storage", policy_set: "CIS", @@ -164,7 +164,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access_meta_parent.pt b/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access_meta_parent.pt index 2ad8c70454..ad044ff928 100644 --- a/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access_meta_parent.pt +++ b/security/aws/s3_ensure_buckets_block_public_access/s3_ensure_buckets_block_public_access_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/s3_ensure_mfa_delete_enabled/CHANGELOG.md b/security/aws/s3_ensure_mfa_delete_enabled/CHANGELOG.md index 4eff52530a..e93a86f25a 100644 --- a/security/aws/s3_ensure_mfa_delete_enabled/CHANGELOG.md +++ b/security/aws/s3_ensure_mfa_delete_enabled/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS S3 Buckets Without MFA Delete Enabled` to better reflect its functionality diff --git a/security/aws/s3_ensure_mfa_delete_enabled/README.md b/security/aws/s3_ensure_mfa_delete_enabled/README.md index f6ad55b446..0738987c8e 100644 --- a/security/aws/s3_ensure_mfa_delete_enabled/README.md +++ b/security/aws/s3_ensure_mfa_delete_enabled/README.md @@ -68,4 +68,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt b/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt index 8d56fd663c..72613158fb 100644 --- a/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt +++ b/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "Storage", policy_set: "CIS", @@ -164,7 +164,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled_meta_parent.pt b/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled_meta_parent.pt index 878cace091..113f1638ae 100644 --- a/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled_meta_parent.pt +++ b/security/aws/s3_ensure_mfa_delete_enabled/s3_ensure_mfa_delete_enabled_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/unencrypted_s3_buckets/CHANGELOG.md b/security/aws/unencrypted_s3_buckets/CHANGELOG.md index d94f9e57ad..99f0163d70 100644 --- a/security/aws/unencrypted_s3_buckets/CHANGELOG.md +++ b/security/aws/unencrypted_s3_buckets/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Policy template renamed to `AWS S3 Buckets Without Default Encryption Configuration` to better reflect its functionality diff --git a/security/aws/unencrypted_s3_buckets/README.md b/security/aws/unencrypted_s3_buckets/README.md index 567dd7aad1..f08b25b635 100644 --- a/security/aws/unencrypted_s3_buckets/README.md +++ b/security/aws/unencrypted_s3_buckets/README.md @@ -74,4 +74,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt b/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt index e329116987..663cbc93dd 100644 --- a/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt +++ b/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets.pt @@ -7,7 +7,7 @@ category "Security" severity "low" default_frequency "daily" info( - version: "3.0.0", + version: "3.0.1", provider: "AWS", service: "Storage", policy_set: "CIS", @@ -173,7 +173,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets_meta_parent.pt b/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets_meta_parent.pt index cbabbfed93..0c24f1349f 100644 --- a/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets_meta_parent.pt +++ b/security/aws/unencrypted_s3_buckets/aws_unencrypted_s3_buckets_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/aws/vpcs_without_flow_logs_enabled/CHANGELOG.md b/security/aws/vpcs_without_flow_logs_enabled/CHANGELOG.md index dbe76bea16..4437131b12 100644 --- a/security/aws/vpcs_without_flow_logs_enabled/CHANGELOG.md +++ b/security/aws/vpcs_without_flow_logs_enabled/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.0.0 - Policy template renamed to `AWS VPCs Without FlowLogs Enabled` to better reflect its functionality diff --git a/security/aws/vpcs_without_flow_logs_enabled/README.md b/security/aws/vpcs_without_flow_logs_enabled/README.md index 4d1764fc5c..ebb6417a97 100644 --- a/security/aws/vpcs_without_flow_logs_enabled/README.md +++ b/security/aws/vpcs_without_flow_logs_enabled/README.md @@ -63,4 +63,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt b/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt index 8c2cb1fb44..5edf894f70 100644 --- a/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt +++ b/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled.pt @@ -7,7 +7,7 @@ category "Security" severity "medium" default_frequency "daily" info( - version: "4.0.0", + version: "4.0.1", provider: "AWS", service: "Network", policy_set: "" @@ -163,7 +163,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -204,7 +203,6 @@ end datasource "ds_describe_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled_meta_parent.pt b/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled_meta_parent.pt index 48ef6ce949..e9f6a52863 100644 --- a/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled_meta_parent.pt +++ b/security/aws/vpcs_without_flow_logs_enabled/aws_vpcs_without_flow_logs_enabled_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "4.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/security/azure/blob_storage_logging/README.md b/security/azure/blob_storage_logging/README.md index a64c11e939..a0ded8e8b0 100644 --- a/security/azure/blob_storage_logging/README.md +++ b/security/azure/blob_storage_logging/README.md @@ -46,4 +46,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/guest_users/README.md b/security/azure/guest_users/README.md index f0e7546cf4..d8ca30cafd 100644 --- a/security/azure/guest_users/README.md +++ b/security/azure/guest_users/README.md @@ -32,4 +32,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/high_severity_alerts/README.md b/security/azure/high_severity_alerts/README.md index 2b0f330191..638489bad4 100644 --- a/security/azure/high_severity_alerts/README.md +++ b/security/azure/high_severity_alerts/README.md @@ -38,4 +38,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/log_analytics_autoprovision/README.md b/security/azure/log_analytics_autoprovision/README.md index f7a2f6ec4c..414e260f30 100644 --- a/security/azure/log_analytics_autoprovision/README.md +++ b/security/azure/log_analytics_autoprovision/README.md @@ -34,4 +34,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/mysql_ssl/README.md b/security/azure/mysql_ssl/README.md index 5fda55285b..5d8d363e10 100644 --- a/security/azure/mysql_ssl/README.md +++ b/security/azure/mysql_ssl/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/mysql_tls_version/README.md b/security/azure/mysql_tls_version/README.md index 9cdfadb6a4..1830946a38 100644 --- a/security/azure/mysql_tls_version/README.md +++ b/security/azure/mysql_tls_version/README.md @@ -44,4 +44,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/pg_conn_throttling/README.md b/security/azure/pg_conn_throttling/README.md index 406170728f..bb5eb91239 100644 --- a/security/azure/pg_conn_throttling/README.md +++ b/security/azure/pg_conn_throttling/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/pg_infra_encryption/README.md b/security/azure/pg_infra_encryption/README.md index e94aea7f56..e71e4be61b 100644 --- a/security/azure/pg_infra_encryption/README.md +++ b/security/azure/pg_infra_encryption/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/pg_log_retention/README.md b/security/azure/pg_log_retention/README.md index 934fee1c67..da04ed52e5 100644 --- a/security/azure/pg_log_retention/README.md +++ b/security/azure/pg_log_retention/README.md @@ -44,4 +44,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/pg_log_settings/README.md b/security/azure/pg_log_settings/README.md index 6790692acd..d293ebfdaa 100644 --- a/security/azure/pg_log_settings/README.md +++ b/security/azure/pg_log_settings/README.md @@ -44,4 +44,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/private_blob_containers/README.md b/security/azure/private_blob_containers/README.md index a12593a213..91d6832532 100644 --- a/security/azure/private_blob_containers/README.md +++ b/security/azure/private_blob_containers/README.md @@ -46,4 +46,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/queue_storage_logging/README.md b/security/azure/queue_storage_logging/README.md index a818481540..5564f7afe4 100644 --- a/security/azure/queue_storage_logging/README.md +++ b/security/azure/queue_storage_logging/README.md @@ -46,4 +46,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/resources_with_public_ip_address/README.md b/security/azure/resources_with_public_ip_address/README.md index 383dc900b1..f95dcce5d5 100644 --- a/security/azure/resources_with_public_ip_address/README.md +++ b/security/azure/resources_with_public_ip_address/README.md @@ -4,11 +4,11 @@ This policy is no longer being updated. -## What it does +## What It Does This policy checks all the resources in the Azure Subscription with a public IP address, so that those IP's can be removed. -## Functional Details +## How It Works The policy leverages the Azure API to identify the resources that have public IP address associated with them and them produces the report of these instances. @@ -38,4 +38,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/restrict_rdp_internet/README.md b/security/azure/restrict_rdp_internet/README.md index 577986ffb6..dc0b120aa7 100644 --- a/security/azure/restrict_rdp_internet/README.md +++ b/security/azure/restrict_rdp_internet/README.md @@ -35,4 +35,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/restrict_ssh_internet/README.md b/security/azure/restrict_ssh_internet/README.md index 55b411704b..d2c1f8e376 100644 --- a/security/azure/restrict_ssh_internet/README.md +++ b/security/azure/restrict_ssh_internet/README.md @@ -35,4 +35,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/secure_transfer_required/README.md b/security/azure/secure_transfer_required/README.md index 7ac180d7a0..3dd98d42a0 100644 --- a/security/azure/secure_transfer_required/README.md +++ b/security/azure/secure_transfer_required/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/security_alert_owners/README.md b/security/azure/security_alert_owners/README.md index 6966c5c42c..f8fa03b8a7 100644 --- a/security/azure/security_alert_owners/README.md +++ b/security/azure/security_alert_owners/README.md @@ -34,4 +34,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/security_contact_email/README.md b/security/azure/security_contact_email/README.md index a17e64b29a..b9b1114887 100644 --- a/security/azure/security_contact_email/README.md +++ b/security/azure/security_contact_email/README.md @@ -34,4 +34,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_ad_admin/README.md b/security/azure/sql_ad_admin/README.md index 2e9f8db94f..05b521bac3 100644 --- a/security/azure/sql_ad_admin/README.md +++ b/security/azure/sql_ad_admin/README.md @@ -44,4 +44,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_auditing_retention/README.md b/security/azure/sql_auditing_retention/README.md index 8245dc0453..f55883a358 100644 --- a/security/azure/sql_auditing_retention/README.md +++ b/security/azure/sql_auditing_retention/README.md @@ -44,4 +44,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_db_encryption/README.md b/security/azure/sql_db_encryption/README.md index 81e31c19e2..be8ae31329 100644 --- a/security/azure/sql_db_encryption/README.md +++ b/security/azure/sql_db_encryption/README.md @@ -45,4 +45,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_publicly_accessible_managed_instance/README.md b/security/azure/sql_publicly_accessible_managed_instance/README.md index 6255122d32..96167dd072 100644 --- a/security/azure/sql_publicly_accessible_managed_instance/README.md +++ b/security/azure/sql_publicly_accessible_managed_instance/README.md @@ -53,4 +53,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_server_atp/README.md b/security/azure/sql_server_atp/README.md index 8467ecce33..e03aef4c7e 100644 --- a/security/azure/sql_server_atp/README.md +++ b/security/azure/sql_server_atp/README.md @@ -44,4 +44,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_server_auditing/README.md b/security/azure/sql_server_auditing/README.md index cd2e1d76dc..3f67602025 100644 --- a/security/azure/sql_server_auditing/README.md +++ b/security/azure/sql_server_auditing/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_server_va/README.md b/security/azure/sql_server_va/README.md index a4b58a4bd0..371533504a 100644 --- a/security/azure/sql_server_va/README.md +++ b/security/azure/sql_server_va/README.md @@ -48,4 +48,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_server_va_admins/README.md b/security/azure/sql_server_va_admins/README.md index 4e3fec5d05..61ba702157 100644 --- a/security/azure/sql_server_va_admins/README.md +++ b/security/azure/sql_server_va_admins/README.md @@ -48,4 +48,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_server_va_emails/README.md b/security/azure/sql_server_va_emails/README.md index 8b7b071455..af6d8cea0f 100644 --- a/security/azure/sql_server_va_emails/README.md +++ b/security/azure/sql_server_va_emails/README.md @@ -48,4 +48,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/sql_server_va_scans/README.md b/security/azure/sql_server_va_scans/README.md index a5626c7661..f428f295b2 100644 --- a/security/azure/sql_server_va_scans/README.md +++ b/security/azure/sql_server_va_scans/README.md @@ -48,4 +48,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/storage_account_https_enabled/README.md b/security/azure/storage_account_https_enabled/README.md index 394d3c7c87..45d0763e64 100644 --- a/security/azure/storage_account_https_enabled/README.md +++ b/security/azure/storage_account_https_enabled/README.md @@ -40,4 +40,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/storage_network_deny/README.md b/security/azure/storage_network_deny/README.md index 653080206d..23e7a3dddd 100644 --- a/security/azure/storage_network_deny/README.md +++ b/security/azure/storage_network_deny/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/storage_soft_delete/README.md b/security/azure/storage_soft_delete/README.md index ba5e7a0434..b4eab06213 100644 --- a/security/azure/storage_soft_delete/README.md +++ b/security/azure/storage_soft_delete/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/storage_tls_version/README.md b/security/azure/storage_tls_version/README.md index 0f1538e4aa..0812152fb2 100644 --- a/security/azure/storage_tls_version/README.md +++ b/security/azure/storage_tls_version/README.md @@ -47,4 +47,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/storage_trusted_services/README.md b/security/azure/storage_trusted_services/README.md index 169c1ce864..da1bb92325 100644 --- a/security/azure/storage_trusted_services/README.md +++ b/security/azure/storage_trusted_services/README.md @@ -47,4 +47,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/table_storage_logging/README.md b/security/azure/table_storage_logging/README.md index 9cf22f03bd..c1f5160d8a 100644 --- a/security/azure/table_storage_logging/README.md +++ b/security/azure/table_storage_logging/README.md @@ -46,4 +46,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/azure/webapp_tls_version_support/README.md b/security/azure/webapp_tls_version_support/README.md index 5dc59c0479..ca41e75677 100644 --- a/security/azure/webapp_tls_version_support/README.md +++ b/security/azure/webapp_tls_version_support/README.md @@ -43,4 +43,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/flexera/cmp/high_open_ports/README.md b/security/flexera/cmp/high_open_ports/README.md index c6dfdd73b0..2c381c7b51 100644 --- a/security/flexera/cmp/high_open_ports/README.md +++ b/security/flexera/cmp/high_open_ports/README.md @@ -4,7 +4,7 @@ This policy is no longer being updated. -## What it does +## What It Does This Policy Template leverages the multi cloud RightScale API. It will notify only if a security group has a port higher than `Beginning High Port` field open. @@ -35,4 +35,4 @@ This policy requires permissions to access RightScale resources (clouds, network ### Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/flexera/cmp/icmp_enabled/CHANGELOG.md b/security/flexera/cmp/icmp_enabled/CHANGELOG.md index 3fff693dc4..57a7083ebd 100644 --- a/security/flexera/cmp/icmp_enabled/CHANGELOG.md +++ b/security/flexera/cmp/icmp_enabled/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v1.11.2 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v1.11.1 - Added `deprecated` field to policy metadata. Functionality is unchanged. diff --git a/security/flexera/cmp/icmp_enabled/README.md b/security/flexera/cmp/icmp_enabled/README.md index f401290788..0f1aff1416 100644 --- a/security/flexera/cmp/icmp_enabled/README.md +++ b/security/flexera/cmp/icmp_enabled/README.md @@ -4,7 +4,7 @@ This policy is no longer being updated. -## What it does +## What It Does This Policy Template reviews your security group and alerts if any security group have ICMP types `0,3,8` enabled. @@ -34,4 +34,4 @@ This policy requires permissions to access RightScale resources (clouds, network ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/flexera/cmp/icmp_enabled/icmp_enabled.pt b/security/flexera/cmp/icmp_enabled/icmp_enabled.pt index e80792bb74..b0c447a7a9 100644 --- a/security/flexera/cmp/icmp_enabled/icmp_enabled.pt +++ b/security/flexera/cmp/icmp_enabled/icmp_enabled.pt @@ -6,7 +6,7 @@ long_description "" severity "high" category "Security" info( - version: "1.11.1", + version: "1.11.2", provider: "Flexera Cloud Management", service: "", policy_set: "", @@ -52,7 +52,6 @@ datasource "ds_security_group_rules" do iterate @security_groups request do auth $auth_rs - verb "GET" host rs_cm_host path join([href(iter_item),"/security_group_rules"]) header "X-Api-Version", "1.5" diff --git a/security/flexera/cmp/rules_without_descriptions/README.md b/security/flexera/cmp/rules_without_descriptions/README.md index a1b853db35..5217c512d3 100644 --- a/security/flexera/cmp/rules_without_descriptions/README.md +++ b/security/flexera/cmp/rules_without_descriptions/README.md @@ -4,7 +4,7 @@ This policy is no longer being updated. -## What it does +## What It Does This Policy Template reviews your security group and alerts if any security group rules do not have descriptions. It will resolve when all security group rules have descriptions. @@ -34,4 +34,4 @@ This policy requires permissions to access RightScale resources (clouds, network ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/flexera/cmp/world_open_ports/README.md b/security/flexera/cmp/world_open_ports/README.md index 531cfcf776..83e0bee93b 100644 --- a/security/flexera/cmp/world_open_ports/README.md +++ b/security/flexera/cmp/world_open_ports/README.md @@ -4,7 +4,7 @@ This policy is no longer being updated. -## What it does +## What It Does This Policy Template reviews your security group and alerts if any security group rules are open to the public. Deletion of the Security Group Rules only occur after approval. @@ -40,4 +40,4 @@ This policy requires permissions to access RightScale resources (clouds, network ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/google/public_buckets/CHANGELOG.md b/security/google/public_buckets/CHANGELOG.md index 50cb05ca84..cc1d9aa2d6 100644 --- a/security/google/public_buckets/CHANGELOG.md +++ b/security/google/public_buckets/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.1.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.1 - fixed link to README in policy description diff --git a/security/google/public_buckets/README.md b/security/google/public_buckets/README.md index 072af18176..57a7ec9a84 100644 --- a/security/google/public_buckets/README.md +++ b/security/google/public_buckets/README.md @@ -29,28 +29,27 @@ The following policy actions are taken on any resources found to be out of compl ## Prerequisites -This Policy Template requires that the following APIs be enabled in your Google Cloud environment: - -- [Cloud Storage API](https://console.cloud.google.com/flows/enableapi?apiid=storage.googleapis.com) - This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). - [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: - - Permissions - - `storage.buckets.get` - - `storage.buckets.list` - - `storage.buckets.getIamPolicy` - - `resourcemanager.projects.get` + - `storage.buckets.get` + - `storage.buckets.list` + - `storage.buckets.getIamPolicy` + - `resourcemanager.projects.get` - [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: - `billing_center_viewer` The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. +Additionally, this Policy Template requires that several APIs be enabled in your Google Cloud environment: + +- [Cloud Storage API](https://console.cloud.google.com/flows/enableapi?apiid=storage.googleapis.com) + ## Supported Clouds - Google ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/security/google/public_buckets/google_public_buckets.pt b/security/google/public_buckets/google_public_buckets.pt index 2306aca7f0..0617f75881 100644 --- a/security/google/public_buckets/google_public_buckets.pt +++ b/security/google/public_buckets/google_public_buckets.pt @@ -7,7 +7,7 @@ category "Security" severity "high" default_frequency "daily" info( - version: "3.1", + version: "3.1.1", provider: "Google", service: "Storage", policy_set: "Open Buckets" @@ -476,7 +476,7 @@ datasource "ds_get_policy" do auth $auth_flexera host rs_governance_host ignore_status [404] - path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id,""), meta_parent_policy_id, policy_id) ]) + path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id, ""), meta_parent_policy_id, policy_id)]) header "Api-Version", "1.0" end result do diff --git a/security/google/public_buckets/google_public_buckets_meta_parent.pt b/security/google/public_buckets/google_public_buckets_meta_parent.pt index 20cfc53fc6..21bbcd861d 100644 --- a/security/google/public_buckets/google_public_buckets_meta_parent.pt +++ b/security/google/public_buckets/google_public_buckets_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Google", - version: "3.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.1.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" )