More Info:

This rule checks if none of the specified applications are installed on the instance. Optionally, specify the version. Newer versions will not be denylisted. Optionally, specify the platform to apply the rule only to instances running that platform.

Risk Level

High

Address

Configuration

Compliance Standards

CBP

Triage and Remediation

To remediate the issue of having unspecified applications installed on an AWS EC2 instance, you can follow these steps using the AWS Management Console:

  1. Identify Installed Applications:

    • Connect to the EC2 instance using SSH or RDP.
    • Use commands like dpkg -l for Debian-based systems or rpm -qa for Red Hat-based systems to list all installed packages.
  2. Remove Unspecified Applications:

    • Identify any applications that are not supposed to be installed on the instance.
    • Use the appropriate package manager (apt for Debian-based systems, yum for Red Hat-based systems) to uninstall the unwanted applications. For example:
      • Debian-based systems: sudo apt-get remove <package_name>
      • Red Hat-based systems: sudo yum remove <package_name>
  3. Update Security Groups:

    • Ensure that the security groups associated with the EC2 instance only allow necessary inbound and outbound traffic. Restrict access to only required ports and protocols.
  4. Implement IAM Policies:

    • Use AWS Identity and Access Management (IAM) to enforce policies that restrict users’ ability to install applications on EC2 instances.
  5. Enable AWS Config Rules:

    • Set up AWS Config Rules to monitor and enforce compliance with your desired configuration standards. This can help prevent unauthorized applications from being installed on EC2 instances.
  6. Regularly Monitor and Audit:

    • Regularly monitor the instances for any unauthorized changes and audit the installed applications to ensure compliance with organizational policies.

By following these steps, you can remediate the issue of having unspecified applications installed on an AWS EC2 instance and ensure that only approved applications are running on your instances.