Autofix in PacBot
This feature automatically fixes AWS violations detected by PacBot. This will send warning emails to the user/owner before applying fixes, based on the number of warning emails and the waiting period specified in the properties for the Autofix. When the waiting period is over, then Rule Engine (RE) will backup the old configurations and then fix the resource. After the fix, it will send an Autofix action email to the owner.
Autofixed email with the subject "PacBot Autofix action - S3 bucket policy with anonymous read/write access restored back"
Click here to learn how to receive Autofix emails in PacBot.
-
EC2 instances should not have any publicly accessible ports.
-
Non whitelisted S3 buckets should not be publicly accessible.
Click here to learn how to write a new Autofix in PacBot.
Execute this SQL query
SELECT * FROM `pac_config_properties` WHERE application = 'rule' AND PROFILE='prd' AND label='latest';
After the query execution, search for these properties and update the values as mentioned below
pacman.auto.fix.mail.cc.to = Enter the comma separated email id to whom you want to send the autofix emails
pacman.auto.fix.orphan.resource.owner =Enter the email id. If the resource is not having the owner then the email will send to this address
autofix.whitelist.accounts.PacMan_S3GlobalAccess_version-1_S3BucketShouldnotpubliclyaccessble_s3 = Enter the comma seaparted account number for which you want to do the autofix
pacman.auto.fix.max.email.notifications = Enter the number of auto generated notification email you want to send before autofix to the owner/user Ex:2
Go to Admin page-->Rules-->Search for "Non whitelisted S3 buckets should not be publicly accessible" or the rule you want to enable Autofix --> click on actions-->Edit
Enter the fixKey as the value given in the Autofix class.
Click on the Enable Autofix checkbox and Update
Follow the same procedure for the rule 'EC2 instances should not have any publicly accessible ports'.