/
ASC_BootComponent_Signature_Linux_Audit.json
61 lines (61 loc) · 1.93 KB
/
ASC_BootComponent_Signature_Linux_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
{
"properties": {
"displayName": "[Preview]: Linux virtual machines should use only signed and trusted boot components",
"policyType": "BuiltIn",
"mode": "All",
"description": "All OS boot components (boot loader, kernel, kernel drivers) must be signed by trusted publishers. Defender for Cloud has identified untrusted OS boot components on one or more of your Linux machines. To protect your machines from potentially malicious components, add them to your allow list or remove the identified components.",
"metadata": {
"category": "Security Center",
"preview": true,
"version": "1.0.0-preview"
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
"like": "Linux*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/assessments",
"name": "ad50b498-f90c-451f-886f-d0a169cc5002",
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"in": [
"NotApplicable",
"Healthy"
]
}
}
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/13a6c84f-49a5-410a-b5df-5b880c3fe009",
"name": "13a6c84f-49a5-410a-b5df-5b880c3fe009"
}