Back to Details

finding-security-misconfigurations

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Finding Security Misconfigurations

查找安全错误配置

Overview

概述

This skill provides automated assistance for the described functionality.
本技能可为上述功能提供自动化辅助。

Prerequisites

前提条件

Before using this skill, ensure:
  • Configuration files accessible in {baseDir}/ (Terraform, CloudFormation, YAML, JSON)
  • Infrastructure-as-code files (.tf, .yaml, .json, .template)
  • Application configuration files (application.yml, config.json, .env.example)
  • System configuration exports available
  • Write permissions for findings report in {baseDir}/security-findings/
使用本技能前,请确保:
  • 配置文件可在{baseDir}/目录下访问(Terraform、CloudFormation、YAML、JSON格式)
  • 存在基础设施即代码文件(.tf、.yaml、.json、.template格式)
  • 存在应用配置文件(application.yml、config.json、.env.example)
  • 可获取系统配置导出文件
  • 拥有在{baseDir}/security-findings/目录下写入检测报告的权限

Instructions

操作步骤

  1. Identify the target system/service and gather current configuration.
  2. Compare settings against baseline hardening guidance.
  3. Flag risky defaults, drift, and missing controls with severity.
  4. Provide a minimal-change remediation plan and verification steps.
See 
{baseDir}/references/implementation.md
for detailed implementation guide.
  1. 确定目标系统/服务并收集当前配置。
  2. 将设置与基线加固指南进行对比。
  3. 标记存在风险的默认配置、配置漂移及缺失的控制措施,并标注严重程度。
  4. 提供最小变更的修复方案及验证步骤。
详见
{baseDir}/references/implementation.md
获取详细实施指南。

Output

输出结果

The skill produces:
Primary Output: Security misconfigurations report saved to {baseDir}/security-findings/misconfig-YYYYMMDD.md
Report Structure:
undefined
本技能将生成:
主要输出:安全错误配置报告,保存至{baseDir}/security-findings/misconfig-YYYYMMDD.md
报告结构
undefined

Security Misconfiguration Findings

安全错误配置检测结果

Error Handling

错误处理

See 
{baseDir}/references/errors.md
for comprehensive error handling.
详见
{baseDir}/references/errors.md
获取全面的错误处理说明。

Examples

示例

See 
{baseDir}/references/examples.md
for detailed examples.
详见
{baseDir}/references/examples.md
获取详细示例。

Resources

参考资源

undefined