AzPolicyAdvertizer

last sync: 2021-Sep-17 15:46:37 UTC

Azure Policy definition

Audit Linux machines that do not have the passwd file permissions set to 0644

Name Audit Linux machines that do not have the passwd file permissions set to 0644
Azure Portal

Id e6955644-301c-44b5-a4c4-528577de6861

Version 1.0.0
details on versioning

Category Guest Configuration
Microsoft docs

Description Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that do not have the passwd file permissions set to 0644

Mode Indexed

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-09-09 11:24:03	add	e6955644-301c-44b5-a4c4-528577de6861

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
[Deprecated]: DoD Impact Level 4	8d792a84-723c-4d92-a3c3-e4ed16a2d133	Regulatory Compliance	Deprecated
[Preview]: CMMC Level 3	b5629c75-5c77-4422-87b9-2509e680f8de	Regulatory Compliance	Preview
[Preview]: NIST SP 800-171 R2	03055927-78bd-4236-86c0-f36125a10dc9	Regulatory Compliance	Preview
[Preview]: NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	Preview
[Preview]: SWIFT CSP-CSCF v2020	3e0c67fc-8c7c-406c-89bd-6b6bdc986a22	Regulatory Compliance	Preview
Audit machines with insecure password security settings	095e4ed9-c835-4ab6-9439-b5644362a06c	Guest Configuration	GA
Canada Federal PBMM	4c4a5f27-de81-430b-b4e5-9cbd50595a87	Regulatory Compliance	GA
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA
IRS1075 September 2016	105e0327-6175-4eb2-9af4-1fba43bdb39d	Regulatory Compliance	GA
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA
UK OFFICIAL and UK NHS	3937f550-eedd-4639-9c5e-294358be442e	Regulatory Compliance	GA

JSON

{
  "displayName": "Audit Linux machines that do not have the passwd file permissions set to 0644",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that do not have the passwd file permissions set to 0644",
  "metadata": {
    "category": "Guest Configuration",
    "version": "1.0.0",
    "requiredProviders": [
      "Microsoft.GuestConfiguration"
    ],
    "guestConfiguration": {
      "name": "PasswordPolicy_msid121",
      "version": "1.*"
    }
  },
  "parameters": {
    "IncludeArcMachines": {
      "type": "String",
      "metadata": {
        "displayName": "Include Arc connected servers",
        "description": "By selecting this option, you agree to be charged monthly per Arc connected machine."
      },
      "allowedValues": [
        "true",
        "false"
      ],
      "defaultValue": "false"
    },
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of this policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "anyOf": [
        {
          "allOf": [
            {
              "field": "type",
              "equals": "Microsoft.Compute/virtualMachines"
            },
            {
              "anyOf": [
                {
                  "field": "Microsoft.Compute/imagePublisher",
                  "in": [
                    "microsoft-aks",
                    "qubole-inc",
                    "datastax",
                    "couchbase",
                    "scalegrid",
                    "checkpoint",
                    "paloaltonetworks",
                    "debian"
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "OpenLogic"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "CentOS*"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "6*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "Oracle"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "Oracle-Linux"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "6*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "RedHat"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "in": [
                        "RHEL",
                        "RHEL-HA",
                        "RHEL-SAP",
                        "RHEL-SAP-APPS",
                        "RHEL-SAP-HA",
                        "RHEL-SAP-HANA"
                      ]
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "6*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "RedHat"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "in": [
                        "osa",
                        "rhel-byos"
                      ]
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "center-for-internet-security-inc"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "in": [
                        "cis-centos-7-l1",
                        "cis-centos-7-v2-1-1-l1",
                        "cis-centos-8-l1",
                        "cis-debian-linux-8-l1",
                        "cis-debian-linux-9-l1",
                        "cis-nginx-centos-7-v1-1-0-l1",
                        "cis-oracle-linux-7-v2-0-0-l1",
                        "cis-oracle-linux-8-l1",
                        "cis-postgresql-11-centos-linux-7-level-1",
                        "cis-rhel-7-l2",
                        "cis-rhel-7-v2-2-0-l1",
                        "cis-rhel-8-l1",
                        "cis-suse-linux-12-v2-0-0-l1",
                        "cis-ubuntu-linux-1604-v1-0-0-l1",
                        "cis-ubuntu-linux-1804-l1"
                      ]
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "credativ"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "Debian"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "7*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "Suse"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "SLES*"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "11*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "Canonical"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "UbuntuServer"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "12*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoft-dsvm"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "in": [
                        "linux-data-science-vm-ubuntu",
                        "azureml"
                      ]
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "cloudera"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "cloudera-centos-os"
                    },
                    {
                      "field": "Microsoft.Compute/imageSKU",
                      "notLike": "6*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "cloudera"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "equals": "cloudera-altus-centos-os"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "field": "Microsoft.Compute/imagePublisher",
                      "equals": "microsoft-ads"
                    },
                    {
                      "field": "Microsoft.Compute/imageOffer",
                      "like": "linux*"
                    }
                  ]
                },
                {
                  "allOf": [
                    {
                      "anyOf": [
                        {
                          "field": "Microsoft.Compute/virtualMachines/osProfile.linuxConfiguration",
                          "exists": "true"
                        },
                        {
                          "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
                          "like": "Linux*"
                        }
                      ]
                    },
                    {
                      "anyOf": [
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "exists": "false"
                        },
                        {
                          "field": "Microsoft.Compute/imagePublisher",
                          "notIn": [
                            "OpenLogic",
                            "RedHat",
                            "credativ",
                            "Suse",
                            "Canonical",
                            "microsoft-dsvm",
                            "cloudera",
                            "microsoft-ads",
                            "center-for-internet-security-inc",
                            "Oracle"
                          ]
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          ]
        },
        {
          "allOf": [
            {
              "value": "[parameters('IncludeArcMachines')]",
              "equals": "true"
            },
            {
              "field": "type",
              "equals": "Microsoft.HybridCompute/machines"
            },
            {
              "field": "Microsoft.HybridCompute/imageOffer",
              "like": "linux*"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments",
        "name": "PasswordPolicy_msid121",
        "existenceCondition": {
          "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus",
          "equals": "Compliant"
        }
      }
    }
  }
}