last sync: 2020-Dec-02 15:37:49 UTC

Azure Policy definition

[Deprecated]: Show audit results from Linux VMs that have accounts without passwords

Name [Deprecated]: Show audit results from Linux VMs that have accounts without passwords
Azure Portal
Id c40c9087-1981-4e73-9f53-39743eda9d05
Version 3.0.0-deprecated
details on versioning
Category Guest Configuration
Microsoft docs
Description This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Mode All
Type BuiltIn
Preview FALSE
Deprecated True
Effect Fixed: auditIfNotExists
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-09-09 11:24:03 change Previous DisplayName: Show audit results from Linux VMs that have accounts without passwords
2020-06-09 16:25:53 change Previous DisplayName: [Preview]: Show audit results from Linux VMs that have accounts without passwords
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Audit VMs with insecure password security settings 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6 Guest Configuration Deprecated
Json
{
  "properties": {
  "displayName": "[Deprecated]: Show audit results from Linux VMs that have accounts without passwords",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "3.0.0-deprecated",
      "category": "Guest Configuration",
      "deprecated": true
    },
    "policyRule": {
      "if": {
        "anyOf": [
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Compute/virtualMachines"
              },
              {
                "anyOf": [
                  {
                    "field": "Microsoft.Compute/imagePublisher",
                    "in": [
                      "microsoft-aks",
                      "qubole-inc",
                      "datastax",
                      "couchbase",
                      "scalegrid",
                      "checkpoint",
                      "paloaltonetworks",
                      "debian"
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "OpenLogic"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "CentOS*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "Oracle"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Oracle-Linux"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "RedHat"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "RHEL",
                          "RHEL-HA",
                          "RHEL-SAP",
                          "RHEL-SAP-APPS",
                          "RHEL-SAP-HA",
                          "RHEL-SAP-HANA"
                        ]
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "RedHat"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "osa",
                          "rhel-byos"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "center-for-internet-security-inc"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "cis-centos-7-l1",
                          "cis-centos-7-v2-1-1-l1",
                          "cis-centos-8-l1",
                          "cis-debian-linux-8-l1",
                          "cis-debian-linux-9-l1",
                          "cis-nginx-centos-7-v1-1-0-l1",
                          "cis-oracle-linux-7-v2-0-0-l1",
                          "cis-oracle-linux-8-l1",
                          "cis-postgresql-11-centos-linux-7-level-1",
                          "cis-rhel-7-l2",
                          "cis-rhel-7-v2-2-0-l1",
                          "cis-rhel-8-l1",
                          "cis-suse-linux-12-v2-0-0-l1",
                          "cis-ubuntu-linux-1604-v1-0-0-l1",
                          "cis-ubuntu-linux-1804-l1"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "credativ"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "Debian"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "7*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "Suse"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "SLES*"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "11*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "Canonical"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "UbuntuServer"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "12*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-dsvm"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "in": [
                          "linux-data-science-vm-ubuntu",
                          "azureml"
                        ]
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "cloudera"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "cloudera-centos-os"
                      },
                      {
                        "field": "Microsoft.Compute/imageSKU",
                        "notLike": "6*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "cloudera"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "equals": "cloudera-altus-centos-os"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "field": "Microsoft.Compute/imagePublisher",
                        "equals": "microsoft-ads"
                      },
                      {
                        "field": "Microsoft.Compute/imageOffer",
                        "like": "linux*"
                      }
                    ]
                  },
                  {
                    "allOf": [
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration",
                            "exists": "true"
                          },
                          {
                            "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                            "like": "Linux*"
                          }
                        ]
                      },
                      {
                        "anyOf": [
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "exists": "false"
                          },
                          {
                            "field": "Microsoft.Compute/imagePublisher",
                            "notIn": [
                              "OpenLogic",
                              "RedHat",
                              "credativ",
                              "Suse",
                              "Canonical",
                              "microsoft-dsvm",
                              "cloudera",
                              "microsoft-ads",
                              "center-for-internet-security-inc",
                              "Oracle"
                            ]
                          }
                        ]
                      }
                    ]
                  }
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.HybridCompute/machines"
              },
              {
                "field": "Microsoft.HybridCompute/imageOffer",
                "like": "linux*"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "auditIfNotExists",
        "details": {
          "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
          "name": "PasswordPolicy_msid232",
          "existenceCondition": {
            "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
            "equals": "Compliant"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c40c9087-1981-4e73-9f53-39743eda9d05"
}