-
Notifications
You must be signed in to change notification settings - Fork 0
/
database_exposed.yaml
46 lines (45 loc) · 1.1 KB
/
database_exposed.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
id: database_exposed
version: 1
meta:
name: Database server exposed to the Internet
description: >
A database technology (MySQL, Oracle, Postgres, Redis,
Hadoop, MongoDB, Spark) was found to be accessible over
the Internet.
Even if authentication is required such systems should not
be exposed over the Internet due to the risk of misconfiguration
or unpatched vulnerabilities.
risk: HIGH
collections:
- collect:
- method: exact
field: type
value: TCP_PORT_OPEN
- method: regex
field: data
value:
# MySQL
- .*:3306$
# Oracle
- .*:1521$
# PostgreSQL
- .*:5432$
# Redis
- .*:6379$
- .*:6380$
# Hadoop
- .*:50070$
- .*:50470$
- .*:50090$
- .*:500[12]0$
- .*:50475$
- .*:50075$
- .*:8020$
- .*:9000$
# Spark
- .*:7077$
# MongoDB
- .*:2701[789]$
aggregation:
field: data
headline: "Database server exposed to the Internet: {data}"