Modify rule S6258: Conversion from S3-specific to generic rule (#510)

2021-10-20 09:57:41 +02:00 · 2021-10-20 09:57:41 +02:00 · b3530d6421
commit b3530d6421
parent b402a859ce
7 changed files with 14 additions and 12 deletions
--- a/rules/S6258/ask-yourself.adoc
+++ b/rules/S6258/ask-yourself.adoc
@ -1,6 +1,7 @@
 == Ask Yourself Whether
-* The infrastructure requires security monitoring, to comply to some regulations or not.
+* This component is essential for the information system infrastructure.
-* There is a need to understand what objects are requested by S3 customers. 
+* This component is essential for mission-critical functions.
 * Compliance policies require this component to be monitored.
 There is a risk if you answered yes to any of those questions.
--- a/rules/S6258/cloudformation/rule.adoc
+++ b/rules/S6258/cloudformation/rule.adoc
@ -6,7 +6,7 @@ include::../recommended.adoc[]
 == Sensitive Code Example
-S3 server access logging is disabled:
+For https://aws.amazon.com/s3/[Amazon S3 access requests]:
 ----
 AWSTemplateFormatVersion: 2010-09-09
@ -19,7 +19,7 @@ Resources:
 == Compliant Solution
-S3 server access logging is enabled:
+For https://aws.amazon.com/s3/[Amazon S3 access requests]:
 ----
 AWSTemplateFormatVersion: 2010-09-09
--- a/rules/S6258/description.adoc
+++ b/rules/S6258/description.adoc
@ -1,3 +1,5 @@
-Server access logging records the requests that are made to S3 buckets and this allow to track who is doing what on S3 buckets.
+Disabling logging of this component can lead to missing traceability in case of a security incident.
-When server access logging is deactivated, infrastructure administrators are blind and can't answer to any regulatory requests.
+Logging allows operational and security teams to get detailed and real-time feedback on an information system's events. The logging coverage enables them to quickly react to events, ranging from the most benign bugs to the most impactful security incidents, such as intrusions.
 Apart from security detection, logging capabilities also directly influence future digital forensic analyses. For example, detailed logging will allow investigators to establish a timeline of the actions perpetrated by an attacker.
--- a/rules/S6258/message.adoc
+++ b/rules/S6258/message.adoc
@ -1,4 +1,3 @@
 === Message
-Make sure disabling S3 server access logs is safe here.
+Make sure that disabling logging is safe here.
--- a/rules/S6258/metadata.json
+++ b/rules/S6258/metadata.json
@ -1,5 +1,5 @@
 {
-  "title": " Disabling S3 server access logging is security sensitive ",
+  "title": "Disabling logging is security sensitive",
  "type": "SECURITY_HOTSPOT",
  "status": "ready",
  "remediation": {
--- a/rules/S6258/recommended.adoc
+++ b/rules/S6258/recommended.adoc
@ -1,3 +1,3 @@
 == Recommended Secure Coding Practices
-It's recommended to enable S3 server access logs.
+Enable the logging capabilities of this component.
--- a/rules/S6258/terraform/rule.adoc
+++ b/rules/S6258/terraform/rule.adoc
@ -6,7 +6,7 @@ include::../recommended.adoc[]
 == Sensitive Code Example
-S3 server access logging is disabled:
+For https://aws.amazon.com/s3/[Amazon S3 access requests]:
 ----
 resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive
@ -16,7 +16,7 @@ resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive
 == Compliant Solution
-S3 server access logging is enabled:
+For https://aws.amazon.com/s3/[Amazon S3 access requests]:
 ----
 resource "aws_s3_bucket" "myloggingbucket" {
`@ -1,4 +1,3 @@`
	`=== Message`	`=== Message`

	`Make sure disabling S3 server access logs is safe here.`	`Make sure that disabling logging is safe here.`
`@ -1,3 +1,3 @@`
	`== Recommended Secure Coding Practices`	`== Recommended Secure Coding Practices`

	`It's recommended to enable S3 server access logs.`	`Enable the logging capabilities of this component.`