55 lines
1.7 KiB
YAML
55 lines
1.7 KiB
YAML
id: azure-vm-jit-access-not-enabled
|
|
info:
|
|
name: Azure VM Just-In-Time Access Not Enabled
|
|
author: princechaddha
|
|
severity: high
|
|
description: |
|
|
Ensure that Just-in-Time (JIT) access is enabled for your Azure virtual machines (VMs) in order to allow you to lock down inbound traffic to your VMs and reduce exposure to attacks while providing easy SSH/RDP access when needed.
|
|
impact: |
|
|
Not having JIT access enabled on Azure VMs can lead to increased exposure to attacks due to unrestricted inbound traffic.
|
|
remediation: |
|
|
Enable Just-in-Time access for your Azure VMs to control inbound traffic and improve security.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
|
|
tags: cloud,devops,azure,microsoft,security-center,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let VMData of iterate(template.vmList)) {
|
|
VMData = JSON.parse(VMData);
|
|
set("vmId", VMData.id);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az vm list --query '[*].{"id":id}'
|
|
|
|
extractors:
|
|
- type: json
|
|
name: vmList
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az security jit-policy list --query '[*].virtualMachines[*].{"id":id} | []'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- '[]'
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'vmId + " does not have Just-in-Time access enabled."'
|
|
# digest: 4a0a00473045022100e04a377ad87e03fbb3fc8179fdac94a9ecc7fb72022c3530fa386ec8bc03a78e02205ed662d6e0729c21f71574a58c6638021a275d92269695ffc70ed90b0014a314:922c64590222798bb761d5b6d8e72950 |