Appendix: Fixed Issue 134322

Appendix: Fixed Issue 134322

The following rules have been changed for the AWS BPR Predefined Profile.

RuleDescription
Ensure EC2 Instance does not have open DNS portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for DNS Port 53.
Ensure EC2 Instance does not have open MongoDB portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for MongoDB Port 27019.
Ensure EC2 Instance does not have open MySQL portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for MySQL Port 3306.
Ensure EC2 Instance does not have open SQL Server portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SQL Server Port 1433.
Ensure EC2 Instance does not have open NFS portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for NFS Ports 2049 and 111.
Ensure EC2 Instance does not have open OracleDb portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for OracleDb Port 1521.
Ensure EC2 Instance does not have open PostgreSQL portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for PostgreSQL Port 5432.
Ensure EC2 Instance does not have open RDP portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for RDP Port 3389.
Ensure EC2 Instance does not have open SMTP portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SMTP Port 25.
Ensure EC2 Instance does not have open SSH portThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SSH Port 22.
Ensure EC2 Instance does not have open TCP portsThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for TCP Ports 22, 80, 443, 1433, 1521, 3306, 3389, 5432, 27017, 27018, 27019.
Ensure EC2 Instance does not have open UDP portsThe above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for UDP Ports 22, 80, 443, 1433, 1521, 3306, 3389, 5432, 27017, 27018, 27019.
Share this Doc

Appendix: Fixed Issue 134322

Or copy link

In this topic ...