None Specified Applications Should Be Installed On Instance.
More Info:
This rule checks if none of the specified applications are installed on the instance. Optionally, specify the version. Newer versions will not be denylisted. Optionally, specify the platform to apply the rule only to instances running that platform.
Risk Level
High
Address
Configuration
Compliance Standards
CBP
Remediation
Using Console
- Identify the EC2 managed instances where blacklisted applications are installed.
- Connect to each identified instance using Systems Manager Session Manager or SSH.
- Uninstall or disable the blacklisted applications using the appropriate package management commands (e.g.,
apt-get
for Debian/Ubuntu,yum
for RHEL/CentOS). - Verify that the blacklisted applications have been successfully removed or disabled.
Using CLI
There’s no direct AWS CLI command to uninstall or disable applications on EC2 managed instances. You’ll typically need to use a combination of AWS Systems Manager Run Command or AWS SSM Session Manager along with remote execution commands to achieve this. Below is a generic example of how you might do this:
aws ssm send-command --instance-ids <instance-id> --document-name "AWS-RunShellScript" --parameters "commands=<uninstall-command>" --output text
Replace <instance-id>
with the ID of the EC2 managed instance and <uninstall-command>
with the appropriate command to uninstall or disable the blacklisted application.
Using Python
import boto3
def remediate_managed_instance(application_names):
# Initialize Systems Manager client
ssm_client = boto3.client('ssm')
# Retrieve EC2 managed instances
response = ssm_client.describe_instance_information()
for instance in response['InstanceInformationList']:
instance_id = instance['InstanceId']
inventory = ssm_client.get_inventory(
Filters=[
{
'Key': 'AWS:InstanceInformation.InstanceId',
'Values': [instance_id]
},
]
)
if 'Applications' in inventory['Entities'][0]['Data']:
installed_applications = inventory['Entities'][0]['Data']['Applications']
# Check for blacklisted applications
for app in installed_applications:
if app['Name'] in application_names:
print(f"Blacklisted application '{app['Name']}' found on instance '{instance_id}'.")
# Perform remediation action here (e.g., uninstall or disable the application)
# Example:
# ssm_client.send_command(
# InstanceIds=[instance_id],
# DocumentName='AWS-RunShellScript',
# Parameters={
# 'commands': ['<uninstall-command>']
# }
# )
break
def main():
# Specify the list of blacklisted application names
blacklisted_applications = ['application1', 'application2']
# Remediate EC2 managed instances with blacklisted applications
remediate_managed_instance(blacklisted_applications)
if __name__ == "__main__":
main()
Replace 'application1', 'application2'
with the names of the blacklisted applications. This script checks for the presence of blacklisted applications on EC2 managed instances using AWS Systems Manager Inventory and takes remediation actions accordingly. Adjust the remediation action (e.g., uninstall command) as per your requirements.