last sync: 2020-Sep-24 14:01:32 UTC

Azure Policy

[Deprecated]: Show audit results from Linux VMs that have accounts without passwords

Policy DisplayName [Deprecated]: Show audit results from Linux VMs that have accounts without passwords
Policy Id c40c9087-1981-4e73-9f53-39743eda9d05
Policy Category Guest Configuration
Policy Description This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated True
Policy Effect Fixed: auditIfNotExists
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-09 11:24:03 change: DisplayName previous DisplayName: Show audit results from Linux VMs that have accounts without passwords
2020-06-09 16:25:53 change: DisplayName previous DisplayName: [Preview]: Show audit results from Linux VMs that have accounts without passwords
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
[Deprecated]: Audit VMs with insecure password security settings 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6
Policy Rule
{
  "properties": {
  "displayName": "[Deprecated]: Show audit results from Linux VMs that have accounts without passwords",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "3.0.0-deprecated",
      "category": "Guest Configuration",
      "deprecated": true
    },
    "policyRule": {
      "if": {
        "anyOf": [
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Compute/virtualMachines"
              },
              {
                "anyOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "in": [
                      "microsoft-aks",
                      "qubole-inc",
                      "datastax",
                      "couchbase",
                      "scalegrid",
                      "checkpoint",
                      "paloaltonetworks",
                      "debian"
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "OpenLogic"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "CentOS*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "Oracle"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Oracle-Linux"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "RedHat"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "RHEL",
                          "RHEL-HA",
                          "RHEL-SAP",
                          "RHEL-SAP-APPS",
                          "RHEL-SAP-HA",
                          "RHEL-SAP-HANA"
                        ]
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "RedHat"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "osa",
                          "rhel-byos"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "center-for-internet-security-inc"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "cis-centos-7-l1",
                          "cis-centos-7-v2-1-1-l1",
                          "cis-centos-8-l1",
                          "cis-debian-linux-8-l1",
                          "cis-debian-linux-9-l1",
                          "cis-nginx-centos-7-v1-1-0-l1",
                          "cis-oracle-linux-7-v2-0-0-l1",
                          "cis-oracle-linux-8-l1",
                          "cis-postgresql-11-centos-linux-7-level-1",
                          "cis-rhel-7-l2",
                          "cis-rhel-7-v2-2-0-l1",
                          "cis-rhel-8-l1",
                          "cis-suse-linux-12-v2-0-0-l1",
                          "cis-ubuntu-linux-1604-v1-0-0-l1",
                          "cis-ubuntu-linux-1804-l1"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "credativ"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Debian"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "7*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "Suse"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "SLES*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "11*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "Canonical"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "UbuntuServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "12*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-dsvm"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "linux-data-science-vm-ubuntu",
                          "azureml"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "cloudera"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "cloudera-centos-os"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "cloudera"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "cloudera-altus-centos-os"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-ads"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "linux*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration",
                            "exists": "true"
                          },
                          {
                            "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                            "like": "Linux*"
                          }
                        ]
                      },
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "exists": "false"
                          },
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "notIn": [
                              "OpenLogic",
                              "RedHat",
                              "credativ",
                              "Suse",
                              "Canonical",
                              "microsoft-dsvm",
                              "cloudera",
                              "microsoft-ads",
                              "center-for-internet-security-inc",
                              "Oracle"
                            ]
                          }
                        ]
                      }
                    ]
                  }
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.HybridCompute/machines"
              },
              {
                "field": "Microsoft.HybridCompute/imageOffer",
                "like": "linux*"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "auditIfNotExists",
        "details": {
          "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
          "name": "PasswordPolicy_msid232",
          "existenceCondition": {
            "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
            "equals": "Compliant"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c40c9087-1981-4e73-9f53-39743eda9d05"
}