daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11072 from projectdiscovery/rds-aws 

AWS - RDS (10 Templates)
patch-12
Prince Chaddha 2024-10-28 15:54:28 +07:00 committed by GitHub
parent 1999deec85 92a68837b7
commit 62646a8071
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 590 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-auto-minor-upgrade-disabled
info:
name: RDS Auto Minor Version Upgrade - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon RDS database instances have the Auto Minor Version Upgrade flag enabled in order to receive automatically minor engine upgrades during the specified maintenance window.
impact: |
The RDS instance may miss critical security patches and minor feature updates, increasing vulnerability to security risks and bugs.
remediation: |
Enable auto minor version upgrades for the RDS instance through the AWS Management Console, CLI, or API to ensure timely application of security patches and updates.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-auto-minor-version-upgrade.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`postgres`].DBInstanceIdentifier | []' --output json
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].AutoMinorVersionUpgrade' --output json
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Auto Minor Version Upgrade is Disabled"'

59
cloud/aws/rds/rds-automated-backup-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-automated-backup-disabled
info:
name: RDS Automated Backups - Disabled
author: DhiyaneshDK
severity: high
description: |
Ensure that your Amazon RDS database instances have automated backups enabled for point-in-time recovery.
impact: |
Data loss risk increases, as the RDS instance cannot be automatically restored to a previous state in case of failure or accidental deletion.
remediation: |
Enable automated backups for the RDS instance in the AWS Management Console, CLI, or API to ensure regular, automatic backups are created and retained.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-automated-backups-enabled.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --query 'DBInstances[*].DBInstanceIdentifier' --output json
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].BackupRetentionPeriod' --output json
matchers:
- type: word
words:
- '0'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Automated Backups is Disabled"'

59
cloud/aws/rds/rds-backtrack-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-backtrack-disabled
info:
name: AWS RDS Backtrack - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that the Backtrack feature is enabled for your Amazon Aurora (with MySQL compatibility) database clusters in order to backtrack your clusters to a specific time, without using backups.
impact: |
Unable to quickly revert the database to a previous state, leading to longer recovery times in case of accidental changes or data corruption.
remediation: |
Enable Backtrack for the RDS instance through the AWS Management Console, CLI, or API, and configure the desired backtrack window to allow quick recovery.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/backtrack.html
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --output json --query 'DBClusters[?Engine==`aurora-mysql`].DBClusterIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --db-cluster-identifier $dbcluster --query 'DBClusters[*].BacktrackWindow' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'dbcluster + " AWS RDS Backtrack is Disabled"'

59
cloud/aws/rds/rds-cluster-protection-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-cluster-protection-disabled
info:
name: RDS Cluster Deletion Protection - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that all your provisioned Amazon Aurora database clusters are protected from accidental deletion by having the Deletion Protection feature enabled at the Aurora cluster level.
impact: |
The RDS cluster can be accidentally deleted, leading to potential data loss and service disruption.
remediation: |
Enable deletion protection for the RDS cluster via the AWS Management Console, CLI, or API to prevent accidental deletion.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/cluster-deletion-protection.html
- https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --output json --query 'DBClusters[?Engine==`aurora-mysql`].DBClusterIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --db-cluster-identifier $dbcluster --query 'DBClusters[*].DeletionProtection' --output json
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Cluster Deletion Protection is Disabled"'

59
cloud/aws/rds/rds-copy-snap.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-copy-snap
info:
name: RDS Copy Tags to Snapshots - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon RDS database instances make use of the Copy Tags to Snapshots feature in order to allow tags set on your database instances to be automatically copied to any automated or manual database snapshots that are created from these RDS instances.
impact: |
Tags are not copied to snapshots, making it harder to track, manage, and identify snapshots for cost allocation, compliance, or organization.
remediation: |
Enable the "Copy Tags to Snapshots" option for the RDS instance in the AWS Management Console, CLI, or API to ensure that tags are automatically applied to any created snapshots.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/copy-tags-to-snapshot.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`postgres`].DBInstanceIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].CopyTagsToSnapshot'
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- '"Copy Tags To Snapshot is not enable for instance " + dbcluster'

59
cloud/aws/rds/rds-insights-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-insights-disabled
info:
name: RDS Performance Insights - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon RDS MySQL and PostgreSQL database instances have the Performance Insights feature enabled in order to allow you to obtain a better overview of your databases performance as well as help you to identify potential performance issues.
impact: |
Inability to monitor and analyze database performance metrics, making it harder to identify and resolve performance bottlenecks.
remediation: |
Enable Performance Insights for the RDS instance in the AWS Management Console or via CLI/API to monitor and analyze database performance metrics.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/performance-insights.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Enabling.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`aurora-mysql` || Engine==`aurora-postgresql` || Engine==`postgres`].DBInstanceIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].PerformanceInsightsEnabled' --output json
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Performance Insights is Disabled"'

59
cloud/aws/rds/rds-instance-autoscaling-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-instance-autoscaling-disabled
info:
name: RDS Instance Storage AutoScaling - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that the Storage AutoScaling feature is enabled for your Amazon RDS database instances in order to provide dynamic scaling support for the database's storage based on your RDS application needs.
impact: |
The RDS instance may run out of storage, leading to potential application downtime or performance degradation due to lack of disk space.
remediation: |
Enable storage autoscaling for the RDS instance in the AWS Management Console or via CLI/API to automatically adjust storage capacity as needed.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/enable-rds-storage-autoscaling.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`postgres`].DBInstanceIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].MaxAllocatedStorage' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Instance Storage AutoScaling is Disabled"'

59
cloud/aws/rds/rds-log-export-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-log-export-disabled
info:
name: RDS Log Exports - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon RDS database instances have the Log Exports feature enabled in order to publish database log events directly to CloudWatch Logs.
impact: |
Critical database logs are not exported, limiting visibility into performance issues, security events, and troubleshooting capabilities.
remediation: |
Enable RDS log exports in the AWS Management Console or via CLI/API by configuring the desired logs (e.g., slow query, general, error logs) for export to CloudWatch.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/log-exports.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output table --query 'DBInstances[?Engine==`mysql` || Engine==`aurora-mysql` || Engine==`mariadb`].DBInstanceIdentifier | []' --output json
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].EnabledCloudwatchLogsExports' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Log Exports is Disabled"'

59
cloud/aws/rds/rds-multi-az.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-multi-az
info:
name: RDS Multi-AZ - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon RDS instances are using the Multi-AZ deployment configuration for high availability and automatic failover support, fully managed by AWS.
impact: |
The RDS instance lacks high availability and failover support, increasing the risk of downtime during instance failures or maintenance events.
remediation: |
Enable Multi-AZ deployment for the RDS instance in the AWS Management Console, CLI, or API to enhance availability and automatic failover.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-multi-az.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[*].DBInstanceIdentifier'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].MultiAZ'
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Multi-AZ is Disabled"'

59
cloud/aws/rds/rds-public-access.yaml Normal file
View File

@ -0,0 +1,59 @@
id: rds-public-access
info:
name: RDS Publicly Accessible - Enabled
author: DhiyaneshDK
severity: high
description: |
Check for any public-facing Amazon RDS database instances provisioned within your AWS cloud account and restrict unauthorized access in order to minimize security risks.
impact: |
The RDS instance is exposed to the internet, increasing the risk of unauthorized access, attacks, and data breaches.
remediation: |
To restrict access to a publicly accessible database instance, you must disable the PubliclyAccessible configuration flag, and update the security group associated with the database instance.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-publicly-accessible.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[*].DBInstanceIdentifier'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].PubliclyAccessible' --output json
matchers:
- type: word
words:
- 'true'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Publicly Accessible Enabled"'