Merge branch 'main' into route53-aws

Author: princechaddha

.new-additions

@@ -1,9 +1,23 @@
+cloud/aws/dms/dms-multi-az.yaml
+cloud/aws/dms/dms-public-access.yaml
+cloud/aws/dms/dms-version-upgrade.yaml
+cloud/aws/ebs/ebs-encryption-disabled.yaml
+cloud/aws/efs/efs-encryption-disabled.yaml
+cloud/aws/firehose/firehose-server-destination-encryption.yaml
+cloud/aws/firehose/firehose-server-side-encryption.yaml
+cloud/aws/guardduty/guardduty-findings.yaml
+cloud/aws/guardduty/guardduty-not-enabled.yaml
+cloud/aws/guardduty/malware-protection-disabled.yaml
+cloud/aws/guardduty/s3-protection-disabled.yaml
 dast/cves/2024/CVE-2024-2961.yaml
+http/cnvd/2024/CNVD-2024-38747.yaml
 http/cves/2015/CVE-2015-8562.yaml
+http/cves/2017/CVE-2017-5868.yaml
 http/cves/2018/CVE-2018-7192.yaml
 http/cves/2018/CVE-2018-7193.yaml
 http/cves/2018/CVE-2018-7196.yaml
 http/cves/2019/CVE-2019-8943.yaml
+http/cves/2021/CVE-2021-38156.yaml
 http/cves/2021/CVE-2021-45811.yaml
 http/cves/2023/CVE-2023-1315.yaml
 http/cves/2023/CVE-2023-1317.yaml
@@ -18,9 +32,11 @@ http/cves/2023/CVE-2023-40751.yaml
 http/cves/2023/CVE-2023-40752.yaml
 http/cves/2023/CVE-2023-40753.yaml
 http/cves/2023/CVE-2023-40755.yaml
+http/cves/2023/CVE-2023-40931.yaml
 http/cves/2023/CVE-2023-43373.yaml
 http/cves/2023/CVE-2023-5558.yaml
 http/cves/2023/CVE-2023-5561.yaml
+http/cves/2024/CVE-2016-9299.yaml
 http/cves/2024/CVE-2024-22476.yaml
 http/cves/2024/CVE-2024-32735.yaml
 http/cves/2024/CVE-2024-32736.yaml
@@ -36,28 +52,45 @@ http/cves/2024/CVE-2024-4439.yaml
 http/cves/2024/CVE-2024-45488.yaml
 http/cves/2024/CVE-2024-46310.yaml
 http/cves/2024/CVE-2024-48914.yaml
+http/cves/2024/CVE-2024-49757.yaml
 http/cves/2024/CVE-2024-5910.yaml
 http/cves/2024/CVE-2024-8698.yaml
+http/cves/2024/CVE-2024-9061.yaml
 http/cves/2024/CVE-2024-9234.yaml
+http/cves/2024/CVE-2024-9593.yaml
+http/cves/2024/CVE-2024-9617.yaml
+http/cves/2024/CVE-2024-9796.yaml
 http/default-logins/apache/doris-default-login.yaml
 http/default-logins/sato/sato-default-login.yaml
 http/default-logins/zebra/zebra-printer-default-login.yaml
+http/exposed-panels/1password-scim-panel.yaml
+http/exposed-panels/danswer-panel.yaml
 http/exposed-panels/freescout-panel.yaml
+http/exposed-panels/nagios/nagios-logserver-panel.yaml
+http/exposed-panels/olympic-panel.yaml
+http/exposed-panels/onedev-panel.yaml
 http/exposed-panels/paloalto-expedition-panel.yaml
+http/exposed-panels/reolink-panel.yaml
 http/exposed-panels/sqlpad-panel.yaml
 http/exposed-panels/traccar-panel.yaml
 http/exposed-panels/txadmin-panel.yaml
 http/exposed-panels/usermin-panel.yaml
 http/exposed-panels/veritas-netbackup-panel.yaml
 http/exposed-panels/vmware-aria-panel.yaml
+http/misconfiguration/installer/nagios-logserver-installer.yaml
+http/misconfiguration/redpanda-console.yaml
 http/misconfiguration/root-path-disclosure.yaml
 http/misconfiguration/unauth-cyber-power-systems.yaml
 http/takeovers/wasabi-bucket-takeover.yaml
 http/technologies/accellion-detect.yaml
+http/technologies/gradio-detect.yaml
+http/technologies/lollms-webui-detect.yaml
 http/technologies/mirth-connect-detect.yaml
 http/technologies/oracle-fusion-detect.yaml
 http/technologies/salesforce-b2c-commerce-webdav.yaml
 http/technologies/wordpress/plugins/burst-statistics.yaml
+http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
+http/vulnerabilities/nagios/nagios-xi-xss.yaml
 http/vulnerabilities/wordpress/application-pass-xss.yaml
 http/vulnerabilities/wordpress/wp-footnote-xss.yaml
 http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml

cloud/aws/dms/dms-multi-az.yaml

@@ -0,0 +1,59 @@
+id: dms-multi-az
+
+info:
+  name: DMS Multi-AZ Not Enabled
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that your Amazon Database Migration Service (DMS) replication instances are using Multi-AZ deployment configurations to provide High Availability (HA) through automatic failover to standby replicas in the event of a failure such as an Availability Zone (AZ) outage, an internal hardware or network outage, a software failure or in case of a planned maintenance session
+  impact: |
+    Not enabling Multi-AZ for Database Migration Service can lead to increased downtime and data loss risks during outages, compromising the availability and reliability of your database operations.
+  remediation: |
+    Enable Multi-AZ support for your Database Migration Service to enhance availability and resilience, ensuring automatic failover and reducing downtime during outages.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/multi-az.html
+    - https://docs.aws.amazon.com/cli/latest/reference/dms/describe-replication-instances.html
+  tags: cloud,devops,aws,amazon,dms,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let ReplicationInstances of iterate(template.replications)){
+    set("replication", ReplicationInstances)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json
+
+    extractors:
+      - type: json
+        name: replications
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].MultiAZ" --output json
+
+    matchers:
+      - type: word
+        words:
+          - "false"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"DMS Multi-AZ  " + replication + " is not enabled"'
+# digest: 4a0a004730450220052c0de2e02b60b42a79e7d02c2e38f90423664ca041b2dddd276b0f0b55d3fa022100a434388c051cee8dfa5e4d962699aa4abdc66971013a62f1cc3c85a9c434519b:922c64590222798bb761d5b6d8e72950

cloud/aws/dms/dms-public-access.yaml

@@ -0,0 +1,59 @@
+id: dms-public-access
+
+info:
+  name: Publicly Accessible DMS Replication Instances
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that your Amazon Database Migration Service (DMS) are not publicly accessible from the Internet in order to avoid exposing private data and minimize security risks.
+  impact: |
+    Publicly accessible DMS replication instances expose your database to unauthorized access and potential attacks, increasing the risk of data breaches and compromising the security of sensitive information.
+  remediation: |
+    Restrict access to your DMS replication instances by configuring security groups and network access controls to allow connections only from trusted IP addresses and private subnets, ensuring that they are not publicly accessible.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/publicly-accessible.html
+    - https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.html
+  tags: cloud,devops,aws,amazon,dms,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let ReplicationInstances of iterate(template.replications)){
+    set("replication", ReplicationInstances)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json
+
+    extractors:
+      - type: json
+        name: replications
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].PubliclyAccessible" --output json
+
+    matchers:
+      - type: word
+        words:
+          - "true"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"DMS Replication Instances  " + replication + " Publicly Accessible"'
+# digest: 4b0a00483046022100c2e4b02073095257867ae2f880894485ce4395d427a0f5797433d453d16557b4022100f11bea387537d175614dcbe4c0e1f7a3d19cfe18b2eb5177157de179677aaea4:922c64590222798bb761d5b6d8e72950

cloud/aws/dms/dms-version-upgrade.yaml

@@ -0,0 +1,59 @@
+id: dms-version-upgrade
+
+info:
+  name: DMS Auto Minor Version Upgrade
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that your Amazon Database Migration Service (DMS) replication instances have the Auto Minor Version Upgrade feature enabled in order to receive automatically minor engine upgrades.
+  impact: |
+    Not enabling DMS Auto Minor Version Upgrade can lead to running outdated database versions, increasing vulnerability to security risks and bugs, while missing out on performance improvements and new features provided in minor updates.
+  remediation: |
+    Enable DMS Auto Minor Version Upgrade to automatically apply minor version updates, ensuring your database is always up-to-date with the latest security patches, performance enhancements, and bug fixes.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/auto-minor-version-upgrade.html
+    - https://docs.aws.amazon.com/cli/latest/reference/dms/index.html
+  tags: cloud,devops,aws,amazon,dms,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let ReplicationInstances of iterate(template.replications)){
+    set("replication", ReplicationInstances)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json
+
+    extractors:
+      - type: json
+        name: replications
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].AutoMinorVersionUpgrade" --output json
+
+    matchers:
+      - type: word
+        words:
+          - "false"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"DMS Auto Minor Version Upgrade  " + replication + " not enabled"'
+# digest: 4b0a00483046022100e170aa216555156ddf46a196e60d6985d37d29f32146f0bfeaeef1ceba09e73c022100f95487bc9c2f2bfe9288a9362f868268f3bb7cd963b36c44be1b6629a06b3a6b:922c64590222798bb761d5b6d8e72950

cloud/aws/ebs/ebs-encryption-disabled.yaml

@@ -0,0 +1,61 @@
+id: ebs-encryption-disabled
+
+info:
+  name: EBS Encryption - Disabled
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    Ensure that all your Amazon Elastic Block Store (EBS) volumes are encrypted in order to meet security and compliance requirements. With encryption enabled, your EBS volumes can hold sensitive, confidential, and critical data.
+  impact: |
+    Disabling AWS EBS encryption exposes sensitive data to unauthorized access, increasing the risk of data breaches and compliance violations.
+  remediation: |
+    Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/EBS/ebs-encrypted.html
+    - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
+  tags: cloud,devops,aws,amazon,ebs,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let VolumesVolumeId of iterate(template.volumes)){
+    set("volume", VolumesVolumeId)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+
+    source: |
+      aws ec2 describe-volumes --region $region --query 'Volumes[*].VolumeId'  --output json
+
+    extractors:
+      - type: json
+        name: volumes
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+
+    source: |
+        aws ec2 describe-volumes --region $region --volume-ids $volume --query 'Volumes[*].Encrypted' --output text
+
+    matchers:
+      - type: word
+        words:
+          - "False"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"EBS Encryption  " + volumes + " is Disabled"'
+# digest: 4a0a00473045022100fe98ba08fe06c9398f905a0651ac60c5cfbdbeaf2fa0c524aa9d2c0e29d3c75902200ab089e32558f42e2a7f8d5fafb3e309dfe261bad4e417532734222a7cbaa7cf:922c64590222798bb761d5b6d8e72950

cloud/aws/efs/efs-encryption-disabled.yaml

@@ -0,0 +1,60 @@
+id: efs-encryption-disabled
+
+info:
+  name: EFS Encryption - Disabled
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that the data available on your Amazon EFS file systems is encrypted at rest in order to meet security and compliance requirements.
+  impact: |
+    Sensitive data transmitted or stored in Redis could be exposed, leading to potential data breaches or unauthorized access.
+  remediation: |
+    Enable encryption for AWS EFS by configuring encryption at rest in the EFS settings to protect data from unauthorized access.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/in-transit-and-at-rest-encryption.html
+    - https://docs.aws.amazon.com/efs/latest/ug/encryption.html
+  tags: cloud,devops,aws,amazon,efs-encryption-disabled,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let FileSystemId of iterate(template.filesystemids)){
+    set("filesystemid", FileSystemId)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws efs describe-file-systems --region $region --output json --query 'FileSystems[*].FileSystemId'
+
+    extractors:
+      - type: json
+        name: filesystemids
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+
+    source: |
+        aws efs describe-file-systems --region $region --file-system-id $filesystemid --query 'FileSystems[*].Encrypted' --output json
+
+    matchers:
+      - type: word
+        words:
+          - "false"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - 'filesystemid + " EFS Encryption is Disabled"'
+# digest: 490a0046304402202f3524493875a0119ee2ee6e8fc65a74c5f15c1e355ac921c5835d100f13bc7302200d7986a9d0b33d821a24772e250381523a6c47374b1f84ca39891df988fefc87:922c64590222798bb761d5b6d8e72950