Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(misconf): improve S3 server logging access detection for AVD-AWS-0089 #7239

Open
nikpivkin opened this issue Jul 26, 2024 · 0 comments · May be fixed by aquasecurity/trivy-checks#208
Open

feat(misconf): improve S3 server logging access detection for AVD-AWS-0089 #7239

nikpivkin opened this issue Jul 26, 2024 · 0 comments · May be fixed by aquasecurity/trivy-checks#208
Assignees
@nikpivkin
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.56.0

Comments

@nikpivkin
Copy link
Contributor

We are currently warning to enable logging for those buckets that do not keep server access logs. We identify such buckets only by pre-defined grants (known as Canned ACLs). However, Amazon recommends using bucket policies to grant access. Also, in CloudFormation, the ACL field is deprecated, so users are likely to use other ways to configure access than the way we identify logging buckets.

Existing ways to grant access for logging:

  • Bucket Policy
  • Grants
  • Canned ACLs

Refs:
@nikpivkin nikpivkin added kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning labels Jul 26, 2024
@nikpivkin nikpivkin mentioned this issue Jul 31, 2024
Merged
6 tasks
@nikpivkin nikpivkin self-assigned this Jul 31, 2024
@nikpivkin nikpivkin linked a pull request Aug 1, 2024 that will close this issue
Draft
@simar7 simar7 added this to the v0.55.0 milestone Aug 6, 2024
@knqyf263 knqyf263 modified the milestones: v0.55.0, v0.56.0 Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Status: No status
Milestone
v0.56.0
Development

Successfully merging a pull request may close this issue.

feat(checks): improve S3 server logging access detection for AVD-AWS-0089 nikpivkin/trivy-policies
3 participants
@simar7 @knqyf263 @nikpivkin