How do you get vulnerabilities in EC2 instances?
Images come with packages, and installed packages don't automatically update for you. Stuff gets out of date.
It might be the EC2 instances that run your production apps, or it might just be that EC2 instance you or your developers use to test stuff, the one with a public IP and port 22 open. Would it really be okay if someone got in there? Are any important creds possibly exposed via env var? Source code? How sure are you? What kind of lateral access could an attacker gain?
Find 'em!
Take a minute to check for vulnerabilities with open source cnspec and quickly assess the state of your EC2 instance. Here are the results from an instance created with the latest Amazon Linux 2 image available via the EC2 instance-create wizard:
AWS_REGION=us-east-1 AWS_PROFILE="vvdefault" cnspec vuln aws ec2 instance-connect ec2-user@i-0d22a683bacf1c30c
You've got a full list of results, and scores to tell you what should be prioritized. So what's next?
Find and fix the security risks that pose the biggest threat to your business.
Fix 'em!
SSH to the instance and run a sudo yum update -y.
That should actually take care of most (if not all) of these.
Check again 🎉
AWS_REGION=us-east-1 AWS_PROFILE="vvdefault" cnspec vuln aws ec2 instance-connect ec2-user@i-0d22a683bacf1c30c
In this case, we didn't install any additional packages, so a simple update took care of it all! 🎉