使ったAMI
たまたま別件で起動させていたMautic AMIを使用
https://aws.amazon.com/marketplace/pp/B00YAY9OX6
設定
Rule Package
診断に使うパッケージが複数存在する。
- Common Vulnerabilities and Exposures
- CIS Operating System Security Configuration Benchmarks
- Security Best Practices
- Runtime Behavior Analysis https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.html
とりあえず全部回す
結果
スコア | 説明 |
---|---|
High | Describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your assessment target. We recommend that you treat this security issue as an emergency and implement an immediate remediation. |
Medium | Describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your assessment target. We recommend that you fix this issue at the next possible opportunity, for example, during your next service update. |
Low | Describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your assessment target. We recommend that you fix this issue as part of one of your future service updates. |
Informational | Describes a particular security configuration detail of your assessment target. Based on your business and organization goals, you can either simply make note of this information or use it to improve the security of your assessment target. |
From:https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.html
Highになっているものは即時対応が必要、Mediumは次回リリースまでに対応しておこう、Lowは将来的に対応しておいたほうがいいというところでしょうか。
Mediumが出てたので詳細確認。
Label | Result |
---|---|
ターゲット名 | TEST |
テンプレート名 | TEST |
開始 | Yesterday at 4:34 PM (GMT+9) |
終了 | Yesterday at 5:35 PM (GMT+9) |
ステータス | 分析完了 |
ルールパッケージ | Security Best Practices-1.0 |
AWS エージェント ID | i-83da6819 |
結果 | Instance i-83da6819 is configured to allow users to log in with root credentials over SSH. This increases the likelihood of a successful brute-force attack. |
重要度 | Medium |
説明 | This rule helps determine whether the SSH daemon is configured to permit logging in to your EC2 instance as root. |
推奨事項 | It is recommended that you configure your EC2 instance to prevent root logins over SSH. Instead, log in as a non-root user and use sudo to escalate privileges when necessary. To disable SSH root logins, set PermitRootLogin to "no" in /etc/ssh/sshd_config and restart sshd. |