search

turbot / steampipe-mod-aws-compliance

Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
https://hub.steampipe.io/mods/turbot/aws_compliance
Apache License 2.0
372 stars 63 forks source link

Control: 5.1 False positives after remediation #562

Closed baliiton closed 1 year ago

baliiton commented 1 year ago

Describe the bug After implementing the recommended remediation for Control 5.1 the NACL is still being evaluated as an alarm. As it looks like, the control is ignoring the fact that nacl rules are being evaluated in order. For example the following nacl will be flaged as an alarm: image This is expected behavior. But the following nacl will also be flagged as an alarm: image As you can see, rdp and ssh is only allowed for specific IPs. But Control 5.1 evaluates it as an alarm because of rule 100.

Steampipe version (steampipe -v) Steampipe 0.16.4 with AWS Plugin: hub.steampipe.io/plugins/turbot/aws@latest | 0.81.0

To reproduce Create a nacl with an allow any with the highest rule number, rdp/ssh deny any and rdp/ssh allow for specific ips.

Expected behavior Not evaluated as alarm, after restricting the RDP and SSH communication

misraved commented 1 year ago

Welcome to Steampipe @baliiton and thanks for raising this issue 👍.

I am transferring this issue to the https://github.com/turbot/steampipe-mod-aws-compliance repo for further discussion/investigation 👍.

rajlearner17 commented 1 year ago

@baliiton Thanks for using Steampipe and raising this; this one is bouncing back with us. Happy to see if any suggestions are coming from community members to address as separate queries to evaluate based on priority.

We discussed this issue here in the past as a reference.

baliiton commented 1 year ago

Thank you for pointing to the reference. This one can be closed then, as it is a duplicate.