Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating PC-AWS-IAM-9 policy's RQL #95

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Updating PC-AWS-IAM-9 policy's RQL #95

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion policies/AWS-IAM-Password-policy-is-unsecure.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"name": "AWS IAM Password policy is unsecure",
"description": "Checks to ensure that IAM password policy is in place for the cloud accounts. As a security best practice, customers must have strong password policies in place. This policy ensures password policies are set with all following options:\n- Minimum Password Length\n- At least one Uppercase letter\n- At least one Lowercase letter\n- At least one Number\n- At least one Symbol/non-alphanumeric character\n- Users have permission to change their own password\n- Password expiration period\n- Password reuse\n- Password expiration requires administrator reset",
"rule.criteria": "1e0076af-0ccd-4f1c-bba5-ac92964a5e6b",
"searchModel.query": "config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-iam-get-account-password-policy' AND json.rule = 'requireNumbers contains false and requireSymbols contains false and expirePasswords contains false and allowUsersToChangePassword contains false and requireLowercaseCharacters contains false and requireUppercaseCharacters contains false and maxPasswordAge does not exist and passwordReusePrevention does not exist and minimumPasswordLength==6'",
"searchModel.query": "config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-iam-get-account-password-policy' AND json.rule = 'isDefaultPolicy is false or requireNumbers contains false or requireSymbols contains false or expirePasswords contains false or allowUsersToChangePassword contains false or requireLowercaseCharacters contains false or requireUppercaseCharacters contains false or maxPasswordAge does not exist or passwordReusePrevention does not exist or minimumPasswordLength less than 14'",
"recommendation": "1. Login to AWS Console and navigate to the 'IAM' Service\n2. Click on 'Account Settings'\n3. Under 'Password Policy', select and set all the options\n4. Click on 'Apply password policy'",
"remediable": true,
"remediation.cliScriptTemplate": "aws iam update-account-password-policy --minimum-password-length 14 --require-uppercase-characters --require-lowercase-characters --require-numbers --require-symbols --allow-users-to-change-password --password-reuse-prevention 24 --max-password-age 90",
Expand Down