diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml index ccddbecf..c6689e43 100644 --- a/atomics/T1562.008/T1562.008.yaml +++ b/atomics/T1562.008/T1562.008.yaml @@ -26,7 +26,7 @@ atomic_tests: prereq_command: | cat ~/.aws/credentials | grep "default" aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region} - aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/policy.json + aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/src/policy.json get_prereq_command: | echo Please install the aws-cli and configure your AWS defult profile using: aws configure executor: @@ -35,6 +35,7 @@ atomic_tests: aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name} --is-multi-region-trail --region #{region} aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region} aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region} + cleanup_command: | aws s3 rb s3://#{s3_bucket_name} --force name: sh elevation_required: false diff --git a/atomics/T1562.008/src/policy.json b/atomics/T1562.008/src/policy.json new file mode 100644 index 00000000..ac55e733 --- /dev/null +++ b/atomics/T1562.008/src/policy.json @@ -0,0 +1,28 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AWSCloudTrailAclCheck20150319", + "Effect": "Allow", + "Principal": { + "Service": "cloudtrail.amazonaws.com" + }, + "Action": "s3:GetBucketAcl", + "Resource": "arn:aws:s3:::redatomic-test" + }, + { + "Sid": "AWSCloudTrailWrite20150319", + "Effect": "Allow", + "Principal": { + "Service": "cloudtrail.amazonaws.com" + }, + "Action": "s3:PutObject", + "Resource": "arn:aws:s3:::redatomic-test/AWSLogs/*", + "Condition": { + "StringEquals": { + "s3:x-amz-acl": "bucket-owner-full-control" + } + } + } + ] +}