Created
May 24, 2018 12:16
-
-
Save prasincs/f8a8895dcf6c0c95149beb9803e0dbad to your computer and use it in GitHub Desktop.
Searching Unencrypted Buckets quickly and remediate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires ESP_ACCESS_KEY_ID, ESP_SECRET_ACCESS_KEY environment variables | |
| require 'esp_sdk' | |
| require 'open3' | |
| def bucket_encrypted? (bucket) | |
| stdout, stderr, status = Open3.capture3("aws s3api get-bucket-encryption --bucket #{bucket}") | |
| status==0 | |
| end | |
| reports = ESP::Report.all | |
| report_id = reports[0].id | |
| alerts = ESP::Alert.where(report_id:report_id, signature_identifier_cont:"AWS:SSS-014") | |
| resources = alerts.map{ |x| x.resource } | |
| while alerts.next_page? | |
| alerts.next_page! | |
| res = alerts.map{ |x| x.resource } | |
| resources.concat(res) | |
| end | |
| puts "Not encrypted at Rest" | |
| puts "Evident Count: ", resources.count | |
| without_default_encryption = resources.map { |r| | |
| r if not bucket_encrypted?(r) | |
| } | |
| without_default_encryption.compact! | |
| puts "Without Default Encryption Count: ", without_default_encryption.count | |
| without_default_encryption.each { |r| | |
| puts r | |
| } | |
| puts "Remediation:" | |
| without_default_encryption.each { |r| | |
| puts <<~EOF | |
| aws s3api put-bucket-encryption --bucket #{r} --server-side-encryption-configuration '{ | |
| "Rules": [ | |
| { | |
| "ApplyServerSideEncryptionByDefault": { | |
| "SSEAlgorithm": "AES256" | |
| } | |
| } | |
| ]}' | |
| EOF | |
| } | |
| # Secure Data Transport Violation | |
| alerts = ESP::Alert.where(report_id:report_id, signature_identifier_cont:"AWS:SSS-015") | |
| resources = alerts.map{ |x| x.resource } | |
| while alerts.next_page? | |
| alerts.next_page! | |
| res = alerts.map{ |x| x.resource } | |
| resources.concat(res) | |
| end | |
| puts "Count: ", resources.count | |
| resources.each { |r| | |
| puts r | |
| puts "Remediation:" | |
| puts <<~EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Id": "PutObjPolicy", | |
| "Statement": [ | |
| { | |
| "Sid": "DenyAccessIfNotOverSecureTransport", | |
| "Effect": "Deny", | |
| "Principal": "*", | |
| "Action": "s3:GetObject", | |
| "Resource": "arn:aws:s3:::#{r}/*", | |
| "Condition": { | |
| "Bool": { | |
| "aws:SecureTransport": "false" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| EOF | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment