Appendix: Fixed Issue 134322
The following rules have been changed for the AWS BPR Predefined Profile.
Rule | Description |
---|---|
Ensure EC2 Instance does not have open DNS port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for DNS Port 53. |
Ensure EC2 Instance does not have open MongoDB port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for MongoDB Port 27019. |
Ensure EC2 Instance does not have open MySQL port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for MySQL Port 3306. |
Ensure EC2 Instance does not have open SQL Server port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SQL Server Port 1433. |
Ensure EC2 Instance does not have open NFS port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for NFS Ports 2049 and 111. |
Ensure EC2 Instance does not have open OracleDb port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for OracleDb Port 1521. |
Ensure EC2 Instance does not have open PostgreSQL port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for PostgreSQL Port 5432. |
Ensure EC2 Instance does not have open RDP port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for RDP Port 3389. |
Ensure EC2 Instance does not have open SMTP port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SMTP Port 25. |
Ensure EC2 Instance does not have open SSH port | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SSH Port 22. |
Ensure EC2 Instance does not have open TCP ports | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for TCP Ports 22, 80, 443, 1433, 1521, 3306, 3389, 5432, 27017, 27018, 27019. |
Ensure EC2 Instance does not have open UDP ports | The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for UDP Ports 22, 80, 443, 1433, 1521, 3306, 3389, 5432, 27017, 27018, 27019. |