From dcae73824029965f94bc2b9dd60ab0487265387d Mon Sep 17 00:00:00 2001
From: sanaayousaf <sanayousaf012@gmail.com>
Date: Fri, 18 Nov 2022 13:19:00 +0000
Subject: [PATCH 1/8] added policy to check enable log validation for
 cloudtrail

---
 avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md  | 13 ++++++++++
 .../kubernetes/general/AVD-KSV-01010/docs.md  |  2 +-
 .../kubernetes/general/AVD-KSV-0107/docs.md   |  5 +++-
 .../kubernetes/general/AVD-KSV-0108/docs.md   |  4 +--
 .../kubernetes/general/AVD-KSV-0109/docs.md   |  2 +-
 .../aws/cloudtrail/enable_log_validation.rego | 25 +++++++++++++++++++
 .../enable_log_validation_test.rego           | 11 ++++++++
 7 files changed, 57 insertions(+), 5 deletions(-)
 create mode 100644 avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md
 create mode 100644 internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
 create mode 100644 internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego

diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md b/avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md
new file mode 100644
index 000000000..75cc0fcea
--- /dev/null
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md
@@ -0,0 +1,13 @@
+
+Cloudtrail log validation should be enabled to prevent tampering of log data
+
+### Impact
+<!-- Add Impact here -->
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
+
+
diff --git a/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md b/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
index 1cee68f20..f69f12cad 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
@@ -2,7 +2,7 @@
 Storing sensitive content such as usernames and email addresses in configMaps is unsafe
 
 ### Impact
-Unsafe storage of sensitive content in configMaps could lead to the information being compromised.
+<!-- Add Impact here -->
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
diff --git a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
index e8258523c..6af76b2a2 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
@@ -1,5 +1,5 @@
 
-apiVersion and kind has been deprecated
+apiVersion '' and kind '' has been deprecated on: '' and planned for removal on:''
 
 ### Impact
 <!-- Add Impact here -->
@@ -7,4 +7,7 @@ apiVersion and kind has been deprecated
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
 
+### Links
+- 
+
 
diff --git a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
index 8d55a3498..9c1e77234 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
@@ -2,8 +2,8 @@
 Services with external IP addresses allows direct access from the internet and might expose risk for CVE-2020-8554
 
 ### Impact
-Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
-https://www.cvedetails.com/cve/CVE-2020-8554/
+<!-- Add Impact here -->
+
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
 
diff --git a/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
index d215353f0..70bba0fb1 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
@@ -2,7 +2,7 @@
 Storing secrets in configMaps is unsafe
 
 ### Impact
-Unsafe storage of secret content in configMaps could lead to the information being compromised.
+<!-- Add Impact here -->
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
diff --git a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
new file mode 100644
index 000000000..d2626b29f
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
@@ -0,0 +1,25 @@
+#METADATA
+# title: "CloudTrail Log Validation"
+# description: "Cloudtrail log validation should be enabled to prevent tampering of log data"
+# scope: package
+# schemas:
+# - input: schema.input
+# related_resources:
+# - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
+# custom:
+#   avd_id: AVD-AWS-0181
+#   provider: aws
+#   service: cloudtrail
+#   severity: HIGH
+#   short_code: enable-log-validation
+#   recommended_action: "Log validation should be activated on Cloudtrail logs to prevent the tampering of the underlying data in the S3 bucket. It is feasible that a rogue actor compromising an AWS account might want to modify the log data to remove trace of their actions."
+#   input:
+#     selector:
+#     - type: cloud
+package builtin.aws.cloudtrail.aws0181
+
+deny[res] {
+	trail := input.aws.cloudtrail.trails[_]
+	not trail.enablelogfilevalidation.value
+	res := result.new("Trail does not have log validation enabled.", trail.enablelogfilevalidation)
+}
diff --git a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
new file mode 100644
index 000000000..637aa6175
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
@@ -0,0 +1,11 @@
+package builtin.aws.cloudtrail.aws0181
+
+test_detects_when_disabled {
+	r := deny with input as {"aws": {"cloudtrail": {"trails": [{"enablelogfilevalidation": {"value": false}}]}}}
+	count(r) == 1
+}
+
+test_when_enabled {
+	r := deny with input as {"aws": {"cloudtrail": {"trails": [{"enablelogfilevalidation": {"value": true}}]}}}
+	count(r) == 0
+}

From 0d2aa9c675dc41b63da6c8d7faedc173d324f897 Mon Sep 17 00:00:00 2001
From: sanaayousaf <sanayousaf012@gmail.com>
Date: Mon, 21 Nov 2022 13:31:26 +0000
Subject: [PATCH 2/8] update id

---
 .../aws/cloudtrail/{AVD-AWS-0181 => AVD-AWS-0188}/docs.md     | 0
 .../cloud/policies/aws/cloudtrail/enable_log_validation.rego  | 4 ++--
 .../policies/aws/cloudtrail/enable_log_validation_test.rego   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)
 rename avd_docs/aws/cloudtrail/{AVD-AWS-0181 => AVD-AWS-0188}/docs.md (100%)

diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md b/avd_docs/aws/cloudtrail/AVD-AWS-0188/docs.md
similarity index 100%
rename from avd_docs/aws/cloudtrail/AVD-AWS-0181/docs.md
rename to avd_docs/aws/cloudtrail/AVD-AWS-0188/docs.md
diff --git a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
index d2626b29f..0a83368ab 100644
--- a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
+++ b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation.rego
@@ -7,7 +7,7 @@
 # related_resources:
 # - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
 # custom:
-#   avd_id: AVD-AWS-0181
+#   avd_id: AVD-AWS-0188
 #   provider: aws
 #   service: cloudtrail
 #   severity: HIGH
@@ -16,7 +16,7 @@
 #   input:
 #     selector:
 #     - type: cloud
-package builtin.aws.cloudtrail.aws0181
+package builtin.aws.cloudtrail.aws0188
 
 deny[res] {
 	trail := input.aws.cloudtrail.trails[_]
diff --git a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
index 637aa6175..adcf82325 100644
--- a/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
+++ b/internal/rules/policies/cloud/policies/aws/cloudtrail/enable_log_validation_test.rego
@@ -1,4 +1,4 @@
-package builtin.aws.cloudtrail.aws0181
+package builtin.aws.cloudtrail.aws0188
 
 test_detects_when_disabled {
 	r := deny with input as {"aws": {"cloudtrail": {"trails": [{"enablelogfilevalidation": {"value": false}}]}}}

From 9001f14492fb938f53a5dd228743ff5f4f0cc09e Mon Sep 17 00:00:00 2001
From: SanaYousaf <78966921+SanaaYousaf@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:37:01 +0000
Subject: [PATCH 3/8] Update avd_docs/kubernetes/general/AVD-KSV-01010/docs.md

---
 avd_docs/kubernetes/general/AVD-KSV-01010/docs.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md b/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
index f69f12cad..1cee68f20 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
@@ -2,7 +2,7 @@
 Storing sensitive content such as usernames and email addresses in configMaps is unsafe
 
 ### Impact
-<!-- Add Impact here -->
+Unsafe storage of sensitive content in configMaps could lead to the information being compromised.
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}

From ad0037768528e32de56cccb263a9b15939bf836f Mon Sep 17 00:00:00 2001
From: SanaYousaf <78966921+SanaaYousaf@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:37:40 +0000
Subject: [PATCH 4/8] Update avd_docs/kubernetes/general/AVD-KSV-0107/docs.md

---
 avd_docs/kubernetes/general/AVD-KSV-0107/docs.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
index 6af76b2a2..0251b8643 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
@@ -1,5 +1,5 @@
 
-apiVersion '' and kind '' has been deprecated on: '' and planned for removal on:''
+apiVersion and kind has been deprecated
 
 ### Impact
 <!-- Add Impact here -->

From 0f759ffca4fa5b9ac9f9c772d7ce5b25086da16e Mon Sep 17 00:00:00 2001
From: SanaYousaf <78966921+SanaaYousaf@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:38:11 +0000
Subject: [PATCH 5/8] Update avd_docs/kubernetes/general/AVD-KSV-0107/docs.md

---
 avd_docs/kubernetes/general/AVD-KSV-0107/docs.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
index 0251b8643..e8258523c 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
@@ -7,7 +7,4 @@ apiVersion and kind has been deprecated
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
 
-### Links
-- 
-
 

From 93d4227d0d54cf1730f3ca954e41afd3c10f3aeb Mon Sep 17 00:00:00 2001
From: SanaYousaf <78966921+SanaaYousaf@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:38:53 +0000
Subject: [PATCH 6/8] Update avd_docs/kubernetes/general/AVD-KSV-0108/docs.md

---
 avd_docs/kubernetes/general/AVD-KSV-0108/docs.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
index 9c1e77234..58feb86a3 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
@@ -2,7 +2,8 @@
 Services with external IP addresses allows direct access from the internet and might expose risk for CVE-2020-8554
 
 ### Impact
-<!-- Add Impact here -->
+Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
+https://www.cvedetails.com/cve/CVE-2020-8554/
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}

From fdf35fc7bd5b5846c0728decdd89ad39ba82aa45 Mon Sep 17 00:00:00 2001
From: SanaYousaf <78966921+SanaaYousaf@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:39:18 +0000
Subject: [PATCH 7/8] Update avd_docs/kubernetes/general/AVD-KSV-0108/docs.md

---
 avd_docs/kubernetes/general/AVD-KSV-0108/docs.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
index 58feb86a3..8d55a3498 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
@@ -4,7 +4,6 @@ Services with external IP addresses allows direct access from the internet and m
 ### Impact
 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
 https://www.cvedetails.com/cve/CVE-2020-8554/
-
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
 

From 96f67d8ab89be7bc66a04c2719f5412e7c780e7f Mon Sep 17 00:00:00 2001
From: SanaYousaf <78966921+SanaaYousaf@users.noreply.github.com>
Date: Fri, 25 Nov 2022 13:40:00 +0000
Subject: [PATCH 8/8] Update avd_docs/kubernetes/general/AVD-KSV-0109/docs.md

---
 avd_docs/kubernetes/general/AVD-KSV-0109/docs.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
index 70bba0fb1..d215353f0 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
@@ -2,7 +2,7 @@
 Storing secrets in configMaps is unsafe
 
 ### Impact
-<!-- Add Impact here -->
+Unsafe storage of secret content in configMaps could lead to the information being compromised.
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}