漏洞描述
Global Service (Multi-Region) Logging is disabled, preventing the collection and monitoring of logs across multiple regions. This lack of centralized logging increases the risk of undetected security incidents and operational issues.
multi-region-logging-disabled: Global Service (Multi-Region) Logging - Disabled
PoC代码[已公开]
id: multi-region-logging-disabled
info:
name: Global Service (Multi-Region) Logging - Disabled
author: DhiyaneshDK
severity: high
description: |
Global Service (Multi-Region) Logging is disabled, preventing the collection and monitoring of logs across multiple regions. This lack of centralized logging increases the risk of undetected security incidents and operational issues.
reference:
- https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/enable-multi-region-trails.html
- https://www.alibabacloud.com/help/en/actiontrail/product-overview/services-that-work-with-actiontrail
metadata:
max-request: 1
verified: true
tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,actiontrail
variables:
region: "cn-hangzhou"
self-contained: true
code:
- engine:
- sh
- bash
source: |
aliyun actiontrail DescribeTrails --region $region
matchers-condition: and
matchers:
- type: word
words:
- '"TrailRegion": "All"'
negative: true
- type: word
words:
- '"Status": "Enable"'
extractors:
- type: dsl
dsl:
- '"ActionTrail for Global Service Multi-Region is Disabled "'
# digest: 4a0a0047304502200d2f4254879df34c1ea310e2004cbf0aeaecf7c33a55250b548ecd6647e58b0a022100e8d4c5c83d25132dc839a5035cff3ee4b21130b0801b9ecfaca6f3fe26b9ea08:922c64590222798bb761d5b6d8e72950