PAR1D, 2018-10-08 2018-10-08( 2018-10-08 2018-10-08b``020545ك,7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19(7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19cb```f4źiy)%y9ũɥE%I%E%ɩezzFzA H, Security Hub Security Hub( Security Hub Security Huba``NM.-,T(M~,6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhub(6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhubcb```f4EyVVũɥE%IVź%VVE)%@%HJ@6,AWSAWS(AWSAWScf``p D H, Security Hub Security Hub( Security Hub Security Huba``NM.-,T(M~,J,cloudcloud(cloudcloudcb```B sKSG,D, 1.0.0-rc.2 1.0.0-rc.2( 1.0.0-rc.2 1.0.0-rc.2b``033-J3 8,d|d|(d|d|y8D #  4,6cb```fkS',P, 123456789100 123456789100( 123456789100 123456789100cb```fF&f*M&J, us-east-1 us-east-1( us-east-1 us-east-1cb```fź%S746,AWSAWS(AWSAWScf``p DHf,AwsEc2SecurityGroupAwsEc2SecurityGroup(AwsEc2SecurityGroupAwsEc2SecurityGroupcb```B ˋ]SK2K*݋K k$,Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900(Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900cb```B ˋRJuSKt ML-, SK2K*uӋK uҖ#ZGS(@,awsaws(awsawscb```B ˋӏ4R, us-east-1 us-east-1( us-east-1 us-east-1cb```B JuSKt >;~,6(needsPatching=truebillingCode=abcd-1-2-3cf`````Q* b@:)3''3/9?%61)9EPHX(RX-)*Mi B?,{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}({"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}} 0IVۛH^TC &춊 (²7&tL!!1⃝%UjV$4X0]Azl0'Yo MԀXodQix Bqu5zM"puS}  WXo</b{u@V܏<,6cb```B J =W D,d|d|(d|d|cb```fy8D #NaB,varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsample(varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsampleI0 @23Z"nOœYq9G;NWlߵ{Y&&xlq=[B: KO,}f/kef E@dS,This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.(This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.]PQN0 "Ֆ6ރ?GicK8e\7 H'rCUUCU=ybr w¸yKBr@+9i")& (`Nq[2Xuq.ZdSfD|9+avŕCJK)fYM*ǿx:{R?-ۗ\,SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk(SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk 0 y+!Y Yb:CCo,4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guardduty(4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guarddutycb```fb@ ],6($123e4567-e89b-12d3-a456-426655440000$123e4567-e89b-12d3-a456-426655411111cb```fb *@8\72I(X7512335511"],lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices(lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices] 0CH.z-|lk0da޵ 3SrBȴ#[ۍA|dj|'A1U+2Ghz0m+~?},yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.(yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.E1@ >RDH)/>X gl44[R:6iL.Z Zx_ fgPDZzDŽ)[5jD^d`s[mbCQWy|?,Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation(Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation QoX! Mqܝw ջՖToYNF 1KU"޲oSghTQ3=S 4,6cb```fkS' 4,6cb```fkS':,6cb```Bk e  4,6cb```fkS'4R, Stringler Stringler( Stringler Stringlercb```B K2sR!Hf,/usr/sbin/stringler/usr/sbin/stringler(/usr/sbin/stringler/usr/sbin/stringlercb```B K2K2sR1~$&D,(cf```f``Q@HUZY2P,AdwareAdware(AdwareAdwarecf```f``Q@ H;'m*"F,syslogdsyslogd(syslogdsyslogdcb```fdŕ9)@<,9090(9090cb```f4`` 6Z,/usr/sbin/syslogd/usr/sbin/syslogd(/usr/sbin/syslogd/usr/sbin/syslogdcb```fEIyŕ9)wh8,(cb```f U\ <,''''(''''cb```fd <,(cb```fz P D,g)|g)|(g)|g)|cb```f9]:LD,x)|x)|(x)|x)|cb```fx4Od`"D,ff@ff@(ff@ff@cb```B ̐6pWhx,#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N(#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:Ncb```B ̠ ì|PO lR4&D,V3V3(V3V3cb```B Œ>\,CVE-2020-12345CVE-2020-12345(CVE-2020-12345CVE-2020-12345cb```B \u t ML*L,XާoXާo(XާoXާocb```B qo|FѺ*L,XާoXާo(XާoXާocb```B qo|FѺ,בTbeFHNYs8gEbBNza>,;$ea6C@g@7.v/kPȢŨwmjuSb,[NZtfHL*=o0(:dj 3EIGVT@VEIl$R(dž3d0G޻шjI!3}m\AA"œ_I)ij1J9YR+-ǢCT)q8 YQv%X YiJ >9YcSnz *Yz\(/b| B۞!S# i,/S]$ꕶŴVw $/떟"X ҜL rn&̜ş!?䪵r=Ii40Lzrݭg*B5C~qpl\ +^Z Ǻ]u&k{C0.3Ў)1KZ_9y~BY6ٝUpEE& H?ɚ] `$@Юo?$Hl,26(3securityhub-vpc-sg-restricted-common-ports-2af29baf0ca```X9:,;TFSTW 3$pHsecurity_finding.5metadata5product  %version%5feature %uid% %name% %uid% % vendor_name% %name%5profiles %array% %version%%time% confidence5cloud % account_uid% %region% %provider%5 resources5array %type% %uid% %cloud_partition% %region%5labels %array% %details% % criticality%5finding% created_time %uid% %desc% %title%% modified_time%first_seen_time%last_seen_time5related_events5array % product_uid% %uid%5types %array%5 remediation %desc%5 kb_articles %array% %src_url%5 compliance %status%5 requirements %array% % status_detail%5malware5array %name% %path%5classification_ids%array5classifications %array%5process  %name%%pid5file %path%%type_id %name%5parent_process%pid% created_time%terminated_time5vulnerabilities5array 5cve5cvss% base_score % vector_string% %version% %uid%% created_time% modified_time5 references %array%5related_vulnerabilities %array% % vendor_name%5 kb_articles %array%5packages5array  % architecture% %name%%epoch %release% %version% % class_name%% class_uid % category_name%% category_uid% severity_id %severity% % activity_name%% activity_id%type_uid % type_name%%state_id %state%5unmapped5map %key% %value%M& %8metadataproductversion&< 2018-10-08 2018-10-08( 2018-10-08 2018-10-08& 5Hmetadataproductfeatureuid&<7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19(7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19& %Hmetadataproductfeaturename&< Security Hub Security Hub( Security Hub Security Hub& 58metadataproductuid&<6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhub(6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhub&  %8metadataproduct vendor_name`& <AWSAWS(AWSAWS& %8metadataproductname&< Security Hub Security Hub( Security Hub Security Hub& %8metadataprofilesarray&<cloudcloud(cloudcloud& %(metadataversion&< 1.0.0-rc.2 1.0.0-rc.2( 1.0.0-rc.2 1.0.0-rc.2&%time&<d|d|(d|d|&5 confidence6^&<6& 5(cloud account_uid&< 123456789100 123456789100( 123456789100 123456789100& 5(cloudregion&< us-east-1 us-east-1( us-east-1 us-east-1& %(cloudprovider`&<AWSAWS(AWSAWS& %8 resourcesarraytype&<AwsEc2SecurityGroupAwsEc2SecurityGroup(AwsEc2SecurityGroupAwsEc2SecurityGroup& %8 resourcesarrayuid&<Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900(Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900&" %8 resourcesarraycloud_partitionz&"<awsaws(awsaws&# %8 resourcesarrayregion&#< us-east-1 us-east-1( us-east-1 us-east-1&% %H resourcesarraylabelsarray&%<6(needsPatching=truebillingCode=abcd-1-2-3&' %8 resourcesarraydetails&'<{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}({"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"},{"GroupId":"sg-1234567891100","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}&C %8 resourcesarray criticalityDf&C<6&D5(finding created_time&D<d|d|(d|d|&E 5(findinguid  &E<varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsample(varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsample&O 5(findingdesc&O<This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.(This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.&m 5(findingtitle&m<SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk(SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk&t5(finding modified_time&t<d|d|(d|d|&v5(findingfirst_seen_time&v<d|d|(d|d|&w5(findinglast_seen_time&w<DE jDE j(DE jDE j&y %Hfindingrelated_eventsarray product_uid&y<4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guardduty(4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guardduty,&~ %Hfindingrelated_eventsarrayuid&~<6($123e4567-e89b-12d3-a456-426655440000$123e4567-e89b-12d3-a456-426655411111& %8findingtypesarray  &<lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices(lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices& 58finding remediationdesc  &<yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.(yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.&” %Hfinding remediation kb_articlesarray&”<Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation(Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation&̚ 5(findingsrc_url6^&̚<6& 5( compliancestatus6^&<6& %8 compliance requirementsarrayDd&<6& 5( compliance status_detail6^&<6&ʝ %8malwarearrayname&ʝ< Stringler Stringler( Stringler Stringler& %8malwarearraypath&</usr/sbin/stringler/usr/sbin/stringler(/usr/sbin/stringler/usr/sbin/stringler&֡%Hmalwarearrayclassification_idsarray&֡<(& %Hmalwarearrayclassificationsarray&<AdwareAdware(AdwareAdware& 5(processname&<syslogdsyslogd(syslogdsyslogd&5(processpidn&<9090(9090& 58processfilepath&</usr/sbin/syslogd/usr/sbin/syslogd(/usr/sbin/syslogd/usr/sbin/syslogd&58processfiletype_idn&<(& 58processfilenameb&<''''(''''&58processparent_processpidn&<(&Ƭ5(process created_time&Ƭ<g)|g)|(g)|g)|&5(processterminated_time&<x)|x)|(x)|x)|&¯%Xvulnerabilitiesarraycvecvss base_score|&¯<ff@ff@(ff@ff@& %Xvulnerabilitiesarraycvecvss vector_string&<#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N(#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N& %Xvulnerabilitiesarraycvecvssversionp&<V3V3(V3V3& %Hvulnerabilitiesarraycveuid&<CVE-2020-12345CVE-2020-12345(CVE-2020-12345CVE-2020-12345&%Hvulnerabilitiesarraycve created_time&<XާoXާo(XާoXާo&%Hvulnerabilitiesarraycve modified_time&<XާoXާo(XާoXާo&ʺ %Hvulnerabilitiesarray referencesarray&ʺ<