Remediation Backup and Rollback

1. Overview

Dow Jones Hammer supports remediation for most issue types. Remediation means that, depending on the issue, Dow Jones Hammer makes configuration changes that reduce or remove a vulnerability/violation.

For some issues, Dow Jones Hammer saves the pre-remediation configuration. In case you wish to rollback the configuration changes that Dow Jones Hammer made, you can use the saved configuration to do it.

The following table gives an overview of Dow Jones Hammer remediation functionality for different issues. Refer to issue-specific playbooks for further details.

2. How Remediation Backup Works

For some remediation types (check table above), Dow Jones Hammer saves the pre-remediation configuration as a JSON snippet to the S3 bucket configured with s3_backup_bucket key in Master AWS Account Settings.

This table describes the paths and the naming convention of backup JSON files for supported issues:

As of now, there is no retention limit for remediation backups.

3. Remediation Rollback Instructions

The steps you should take to rollback an issue’s remediation vary depending on the issue type.

3.1. S3 ACL Public Access Rollback

To rollback this issue’s remediation, perform the following steps:

1. Sign in to the AWS Management Console and open the Amazon S3 console.
2. Find the S3 bucket you want to rollback ACL settings for.
3. Compare current S3 ACL settings with the settings in the backup JSON file.
4. Modify the ACL settings manually to match settings from the backup JSON file.

Refer to ACL Bucket Permissions documentation for further details.

3.2. Insecure Services Rollback

To rollback this issue’s remediation, perform the following steps:

1. Sign in to the AWS Management Console and open the Amazon EC2 console, Security Groups section.
2. Find the security group you want to rollback rules for.
3. Compare current security group rules with the rules in the backup JSON file.
4. Modify security group rules manually to match rules from the backup JSON file.

Refer to the EC2 Security Groups documentation for details.

3.3. IAM User Inactive Keys

To rollback this issue’s remediation, you need to set this access key status to Active using the AWS API or Management Console.

3.4. IAM User Key Rotation

To rollback this issue’s remediation, you need to set this access key status to Active using the AWS API or Management Console.

3.5. S3 Policy Public Access Rollback

To rollback this issue’s remediation, run the following command using the AWS CLI:

aws s3api put-bucket-policy --bucket [remediated_bucket_name] --policy [backup_file_name].json

3.6. EBS Public Snapshots

To rollback this issue’s remediation, you need to add group all to createVolumePermission attribute using the AWS API or make snapshot public using Management Console.

3.7. RDS Public Snapshots

To rollback this issue’s remediation, you need to make snapshot public using the AWS API or Management Console.

3.8. SQS Policy Public Access Rollback

To rollback this issue’s remediation, run the following command using the AWS CLI:

aws sqs set-queue-attributes --queue-url [queue_url] --attributes [backup_file_name].json

3.9. S3 Unencrypted Buckets

To rollback a remediation of this issue, run the following command using the AWS CLI:

aws s3 put-bucket-encryption --bucket [bucket_name] --server-side-encryption-configuration [rules]