add aws checklist

redteamrecipe · redteamrecipe · commit df65f333bdd2 · 2023-09-29T18:17:55.000+03:30
diff --git a/docs/checklists/auth0.md b/docs/checklists/auth0.md
@@ -0,0 +1,73 @@
+---
+layout: default
+title: auth0
+parent: Checklists
+---
+
+# auth0 Security Checklist for DevSecOps
+{: .no_toc }
+
+## Table of contents
+{: .no_toc .text-delta }
+
+1. TOC
+{:toc}
+
+---
+
+<span class="d-inline-block p-2 mr-1 v-align-middle bg-green-000"></span>List of some best practices to auth0 for DevSecOps
+
+
+
+
+### Enable Multi-Factor Authentication (MFA) 
+
+```
+auth0 rules create --name enable-mfa
+```
+
+
+### Set Strong Password Policies    
+
+```
+auth0 connections update
+```
+
+### Limit Number of Devices                
+
+```
+Use Auth0 Dashboard to set device limits
+```
+
+
+### Enable Anomaly Detection
+
+```
+auth0 anomaly enable
+```
+
+### Regularly Rotate Client Secrets 
+
+```
+auth0 clients rotate-secret
+```
+
+### Restrict Allowed Callback URLs
+
+```
+auth0 clients update --callbacks
+```
+
+### Enable Automated Log Monitoring and Alerts  
+
+```
+Use Auth0 Dashboard to configure alerts
+```
+
+
+### Use Role-Based Access Control (RBAC)  
+
+```
+auth0 roles create
+```
+
diff --git a/docs/checklists/aws.md b/docs/checklists/aws.md
@@ -18,8 +18,54 @@ parent: Checklists
 <span class="d-inline-block p-2 mr-1 v-align-middle bg-green-000"></span>List of some best practices to AWS for DevSecOps
 
 
-### TEST
+
+
+### Enable multi-factor authentication (MFA)
+
+```
+aws cognito-idp set-user-mfa-preference
+```
+
+
+### Set a strong password policy
+
+```
+aws cognito-idp update-user-pool
+```
+
+### Enable advanced security features      
+
+```
+aws cognito-idp set-user-pool-policy
+```
+
+
+### Limit the number of devices a user can remember 
+
+```
+aws cognito-idp set-device-configuration
+```
+
+### Set a session timeout for your user pool    
+
+```
+aws cognito-idp update-user-pool-client
+```
+
+### Enable account recovery method 
+
+```
+aws cognito-idp set-account-recovery
+```
+
+### Monitor and log all sign-in and sign-out events 
+
+```
+aws cognito-idp create-user-pool-domain
+```
+
+### Restrict access to your user pool only from certain IP ranges
 
 ```
-TEST
+aws cognito-idp update-resource-server
 ```
diff --git a/docs/checklists/ebpf.md b/docs/checklists/ebpf.md
@@ -0,0 +1,65 @@
+---
+layout: default
+title: eBPF
+parent: Checklists
+---
+
+# eBPF Security Checklist for DevSecOps
+{: .no_toc }
+
+## Table of contents
+{: .no_toc .text-delta }
+
+1. TOC
+{:toc}
+
+---
+
+<span class="d-inline-block p-2 mr-1 v-align-middle bg-green-000"></span>List of some best practices to eBPF for DevSecOps
+
+
+
+
+### Enable eBPF hardening 
+
+```
+echo 1 > /proc/sys/net/core/bpf_jit_harden
+```
+
+
+### Limit eBPF program load 
+
+```
+setcap cap_bpf=e /path/to/program
+```
+
+### Restrict eBPF tracepoints access      
+
+```
+echo 0 > /proc/sys/kernel/perf_event_paranoid
+```
+
+
+### Use eBPF to monitor system calls 
+
+```
+bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'
+```
+
+### Enable eBPF-based security monitoring    
+
+```
+bpftool prog load secmon.bpf /sys/fs/bpf/
+```
+
+### Limit eBPF map operations 
+
+```
+bpftool map create /sys/fs/bpf/my_map type hash key 4 value 4 entries 1024
+```
+
+### Regularly update eBPF tools and libraries
+
+```
+apt-get update && apt-get upgrade libbpf-tools
+```
diff --git a/docs/checklists/sbom.md b/docs/checklists/sbom.md
@@ -0,0 +1,73 @@
+---
+layout: default
+title: SBOM
+parent: Checklists
+---
+
+# SBOM Security Checklist for DevSecOps
+{: .no_toc }
+
+## Table of contents
+{: .no_toc .text-delta }
+
+1. TOC
+{:toc}
+
+---
+
+<span class="d-inline-block p-2 mr-1 v-align-middle bg-green-000"></span>List of some best practices to SBOM for DevSecOps
+
+
+
+
+### Generate SBOM for your software
+
+```
+cyclonedx-bom -o sbom.xml
+```
+
+
+### Validate the generated SBOM   
+
+```
+bom-validator sbom.xml
+```
+
+### Integrate SBOM generation in CI/CD pipeline              
+
+```
+Add SBOM generation step in CI/CD script
+```
+
+
+### Regularly update the SBOM tools 
+
+```
+apt-get update && apt-get upgrade cyclonedx-bom
+```
+
+### Review and analyze SBOM for vulnerabilities
+
+```
+sbom-analyzer sbom.xml
+```
+
+### Ensure SBOM is comprehensive and includes all components
+
+```
+Review SBOM and add missing components
+```
+
+### Protect SBOM data with proper access controls  
+
+```
+Configure access controls for SBOM data 
+```
+
+
+### Monitor and update SBOM for each release      
+
+```
+Automate SBOM update for each release
+```
+
diff --git a/docs/checklists/terraform.md b/docs/checklists/terraform.md
@@ -0,0 +1,71 @@
+---
+layout: default
+title: Terraform
+parent: Checklists
+---
+
+# Terraform Security Checklist for DevSecOps
+{: .no_toc }
+
+## Table of contents
+{: .no_toc .text-delta }
+
+1. TOC
+{:toc}
+
+---
+
+<span class="d-inline-block p-2 mr-1 v-align-middle bg-green-000"></span>List of some best practices to Terraform for DevSecOps
+
+
+
+
+### Enable detailed audit logging
+
+```
+terraform apply -var 'logging=true'
+```
+
+
+### Encrypt state files   
+
+```
+terraform apply -var 'encrypt=true'
+```
+
+### Use a strong backend access policy      
+
+```
+terraform apply -backend-config="..."
+```
+
+
+### Limit the permissions of automation accounts 
+
+```
+terraform apply -var 'permissions=limited'
+```
+
+### Rotate secrets and access keys regularly    
+
+```
+terraform apply -var 'rotate_secrets=true'
+```
+
+### Use version constraints in configuration files 
+
+```
+terraform apply -var 'version=..."
+```
+
+### Validate configuration files before applying 
+
+```
+terraform validate
+```
+
+### Regularly update Terraform and providers
+
+```
+terraform init -upgrade
+```
diff --git a/docs/checklists/webservice b/docs/checklists/webservice
