Ajinkya sgaudit prevention #135
Conversation
| print(f"Security Group: {security_group.id} has an open port: {permission['FromPort']}-{permission['ToPort']}") | ||
| ``` | ||
|
|
||
| This script will print out the ID of any security group that has an open port, along with the port number. |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| session = boto3.Session( | ||
| aws_access_key_id='your_access_key', | ||
| aws_secret_access_key='your_secret_key', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ec2.revoke_security_group_ingress( | ||
| GroupId=sg_id, | ||
| IpPermissions=[ | ||
| { |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| # Initialize a session using Amazon EC2 | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| public_sgs.append(sg['GroupId']) | ||
| return public_sgs | ||
|
|
||
| public_sgs = get_public_security_groups(ec2) |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| Iterate through the security groups and check for the specific misconfiguration. If found, update the security group to prevent the misconfiguration. | ||
|
|
||
| ```python | ||
| def update_security_group(security_group_id): |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| # Initialize a session using Amazon EC2 | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| for sg in security_groups: | ||
| if not sg.ip_permissions and not sg.ip_permissions_egress: | ||
| print(f"Unused Network ACL detected: {sg.group_id}") | ||
| ``` |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| print(f"Public access disabled for cluster {cluster_id}.") | ||
| else: | ||
| print(f"Cluster {cluster_id} is not publicly accessible.") | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| # Initialize a session using your AWS credentials | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_AWS_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_AWS_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ec2 = boto3.client('ec2') | ||
|
|
||
| for subnet in boto3.resource('ec2').subnets.all(): | ||
| response = ec2.describe_flow_logs( |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| Then, configure your AWS credentials to allow Boto3 to interact with AWS services on your behalf. You can do this by setting the following environment variables: | ||
| ``` | ||
| AWS_ACCESS_KEY_ID='your_access_key' | ||
| AWS_SECRET_ACCESS_KEY='your_secret_key' |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| import boto3 | ||
|
|
||
| ec2 = boto3.client('ec2') | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| After installing Boto3, you need to configure it with your AWS credentials. You can do this by setting the following environment variables: | ||
| ``` | ||
| AWS_ACCESS_KEY_ID = 'your_access_key' | ||
| AWS_SECRET_ACCESS_KEY = 'your_secret_key' |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
No description provided.