diff --git a/extra/mondoo-slack-security.mql.yaml b/extra/mondoo-slack-security.mql.yaml deleted file mode 100644 index a5170f44..00000000 --- a/extra/mondoo-slack-security.mql.yaml +++ /dev/null @@ -1,46 +0,0 @@ -policies: - - uid: mondoo-slack-security - name: Slack Team Security by Mondoo - version: 1.0.0 - license: unspecified - tags: - mondoo.com/category: security - mondoo.com/platform: slack-team,saas - authors: - - name: Mondoo, Inc - email: hello@mondoo.com - docs: - desc: "## Overview\n\nThe Slack Team Security policy ensure best-practice settings for securing Slack Teams.\n\n### Prerequisites\n\nTo run this query pack, you will need access to the Slack API. To get a token, you need to create an App for the Slack workspace \nand assign the appropriate permissions:\n\n1. Sign in to [the Slack website](https://api.slack.com/apps/), and view **Your Apps**\n2. Select **Create New App**\n3. Select **From scratch**\n4. Enter an \"App Name\" e.g. cnquery and select the workspace, then select **Create App**\n5. In the section **Add features & functionality** select **Permissions**\n6. Scroll to **Scopes** and then **User Token Scopes**\n\n Note: Bots are very limited in their access; therefore we need to set the user scopes\n\n7. Add the required permissions to **User Token Scopes**\n\n | OAuth Scope |\n | ---- | \n | [channels:read](https://api.slack.com/scopes/channels:read) | \n | [groups:read](https://api.slack.com/scopes/groups:read) |\n | [im:read](https://api.slack.com/scopes/im:read) |\n | [mpim:read](https://api.slack.com/scopes/mpim:read) | \n | [team:read](https://api.slack.com/scopes/team:read) | \n | [usergroups:read](https://api.slack.com/scopes/usergroups:read) | \n | [users:read](https://api.slack.com/scopes/users:read) |\n\n8. Scroll up to **OAuth Tokens for Your Workspace** and select **Install to Workspace**\n9. Copy the provided **User OAuth Token**, it will look like `xoxp-1234567890123-1234567890123-1234567890123-12345cea5ae0d3bed30dca43cb34c2d1`\n\n### Run policy\n\nTo run this policy against a Slack Workspace:\n\n```bash\nexport SLACK_TOKEN=xoxp-TOKEN\ncnspec scan slack --policy-bundle mondoo-slack-security\n```\n\n## Join the community!\n\nOur goal is to build policies that are simple to deploy, accurate, and actionable. \n\nIf you have any suggestions on how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.\n" - groups: - - filters: asset.platform == "slack-team" || asset.platform == "slack" - checks: - - uid: mondoo-slack-security-limit-admins - - uid: mondoo-slack-security-name-external-channels - - uid: mondoo-slack-security-use-strong-factors - queries: - - uid: mondoo-slack-security-list-admins - - uid: mondoo-slack-security-team -props: - - uid: externalChannelName - title: External Channel Name Pattern - mql: /ext/ -queries: - - uid: mondoo-slack-security-limit-admins - title: Ensure fewer than 3 users have Admin Permissions - mql: slack.users.admins.length < 3 - - uid: mondoo-slack-security-use-strong-factors - title: Ensure 2-Step Verification (Multi-Factor Authentication) is enforced for all users - mql: slack.users.members.all( has2FA == true || enterpriseUser != null || id=="USLACKBOT" ) - - uid: mondoo-slack-security-name-external-channels - title: Use clear naming for external channels - props: - - uid: externalChannelName - title: External Channel Name Pattern - mql: /ext/ - mql: slack.conversations.where(isExtShared && isChannel ) { name == props.externalChannelName } - - uid: mondoo-slack-security-list-admins - title: Slack Admins - mql: slack.users.admins { id name } - - uid: mondoo-slack-security-team - title: Slack Team - mql: slack.team { id name }