AWS Inspectorを使ってみる

使ったAMI

たまたま別件で起動させていたMautic AMIを使用
https://aws.amazon.com/marketplace/pp/B00YAY9OX6

設定

Rule Package

診断に使うパッケージが複数存在する。

• Common Vulnerabilities and Exposures
• CIS Operating System Security Configuration Benchmarks
• Security Best Practices
• Runtime Behavior Analysis https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.html

とりあえず全部回す

結果

スコア	説明
High	Describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your assessment target. We recommend that you treat this security issue as an emergency and implement an immediate remediation.
Medium	Describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your assessment target. We recommend that you fix this issue at the next possible opportunity, for example, during your next service update.
Low	Describes a security issue that can result in a compromise of the information confidentiality, integrity, and availability within your assessment target. We recommend that you fix this issue as part of one of your future service updates.
Informational	Describes a particular security configuration detail of your assessment target. Based on your business and organization goals, you can either simply make note of this information or use it to improve the security of your assessment target.

From:https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.html

Highになっているものは即時対応が必要、Mediumは次回リリースまでに対応しておこう、Lowは将来的に対応しておいたほうがいいというところでしょうか。

Mediumが出てたので詳細確認。

Label	Result
ターゲット名	TEST
テンプレート名	TEST
開始	Yesterday at 4:34 PM (GMT+9)
終了	Yesterday at 5:35 PM (GMT+9)
ステータス	分析完了
ルールパッケージ	Security Best Practices-1.0
AWS エージェント ID	i-83da6819
結果	Instance i-83da6819 is configured to allow users to log in with root credentials over SSH. This increases the likelihood of a successful brute-force attack.
重要度	Medium
説明	This rule helps determine whether the SSH daemon is configured to permit logging in to your EC2 instance as root.
推奨事項	It is recommended that you configure your EC2 instance to prevent root logins over SSH. Instead, log in as a non-root user and use sudo to escalate privileges when necessary. To disable SSH root logins, set PermitRootLogin to "no" in /etc/ssh/sshd_config and restart sshd.