Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckEnableAuditLogging = rules.Register( scan.Rule{ AVDID: "AVD-AWS-0070", Provider: providers.AWSProvider, Service: "mq", ShortCode: "enable-audit-logging", Summary: "MQ Broker should have audit logging enabled", Impact: "Without audit logging it is difficult to trace activity in the MQ broker", Resolution: "Enable audit logging", Explanation: `Logging should be enabled to allow tracing of issues and activity to be investigated more fully. Logs provide additional information and context which is often invalauble during investigation`, Links: []string{ "https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/configure-logging-monitoring-activemq.html", }, Terraform: &scan.EngineMetadata{ GoodExamples: terraformEnableAuditLoggingGoodExamples, BadExamples: terraformEnableAuditLoggingBadExamples, Links: terraformEnableAuditLoggingLinks, RemediationMarkdown: terraformEnableAuditLoggingRemediationMarkdown, }, CloudFormation: &scan.EngineMetadata{ GoodExamples: cloudFormationEnableAuditLoggingGoodExamples, BadExamples: cloudFormationEnableAuditLoggingBadExamples, Links: cloudFormationEnableAuditLoggingLinks, RemediationMarkdown: cloudFormationEnableAuditLoggingRemediationMarkdown, }, Severity: severity.Medium, }, func(s *state.State) (results scan.Results) { for _, broker := range s.AWS.MQ.Brokers { if broker.Logging.Audit.IsFalse() { results.Add( "Broker does not have audit logging enabled.", broker.Logging.Audit, ) } else { results.AddPassed(&broker) } } return }, )
View Source
var CheckEnableGeneralLogging = rules.Register( scan.Rule{ AVDID: "AVD-AWS-0071", Provider: providers.AWSProvider, Service: "mq", ShortCode: "enable-general-logging", Summary: "MQ Broker should have general logging enabled", Impact: "Without logging it is difficult to trace issues", Resolution: "Enable general logging", Explanation: `Logging should be enabled to allow tracing of issues and activity to be investigated more fully. Logs provide additional information and context which is often invalauble during investigation`, Links: []string{ "https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/configure-logging-monitoring-activemq.html", }, Terraform: &scan.EngineMetadata{ GoodExamples: terraformEnableGeneralLoggingGoodExamples, BadExamples: terraformEnableGeneralLoggingBadExamples, Links: terraformEnableGeneralLoggingLinks, RemediationMarkdown: terraformEnableGeneralLoggingRemediationMarkdown, }, CloudFormation: &scan.EngineMetadata{ GoodExamples: cloudFormationEnableGeneralLoggingGoodExamples, BadExamples: cloudFormationEnableGeneralLoggingBadExamples, Links: cloudFormationEnableGeneralLoggingLinks, RemediationMarkdown: cloudFormationEnableGeneralLoggingRemediationMarkdown, }, Severity: severity.Low, }, func(s *state.State) (results scan.Results) { for _, broker := range s.AWS.MQ.Brokers { if broker.Logging.General.IsFalse() { results.Add( "Broker does not have general logging enabled.", broker.Logging.General, ) } else { results.AddPassed(&broker) } } return }, )
View Source
var CheckNoPublicAccess = rules.Register( scan.Rule{ AVDID: "AVD-AWS-0072", Provider: providers.AWSProvider, Service: "mq", ShortCode: "no-public-access", Summary: "Ensure MQ Broker is not publicly exposed", Impact: "Publicly accessible MQ Broker may be vulnerable to compromise", Resolution: "Disable public access when not required", Explanation: `Public access of the MQ broker should be disabled and only allow routes to applications that require access.`, Links: []string{ "https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/using-amazon-mq-securely.html#prefer-brokers-without-public-accessibility", }, Terraform: &scan.EngineMetadata{ GoodExamples: terraformNoPublicAccessGoodExamples, BadExamples: terraformNoPublicAccessBadExamples, Links: terraformNoPublicAccessLinks, RemediationMarkdown: terraformNoPublicAccessRemediationMarkdown, }, CloudFormation: &scan.EngineMetadata{ GoodExamples: cloudFormationNoPublicAccessGoodExamples, BadExamples: cloudFormationNoPublicAccessBadExamples, Links: cloudFormationNoPublicAccessLinks, RemediationMarkdown: cloudFormationNoPublicAccessRemediationMarkdown, }, Severity: severity.High, }, func(s *state.State) (results scan.Results) { for _, broker := range s.AWS.MQ.Brokers { if broker.PublicAccess.IsTrue() { results.Add( "Broker has public access enabled.", broker.PublicAccess, ) } else { results.AddPassed(&broker) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.