/
ASC_ChangeTrackingLinuxAgent_Arc_AINE.json
135 lines (135 loc) · 3.95 KB
/
ASC_ChangeTrackingLinuxAgent_Arc_AINE.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
{
"properties": {
"displayName": "[Preview]: ChangeTracking extension should be installed on your Linux Arc machine",
"description": "Install ChangeTracking Extension on Linux Arc machines to enable File Integrity Monitoring(FIM) in Azure Security Center. FIM examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack. The extension can be installed in virtual machines and locations supported by Azure Monitoring Agent.",
"policyType": "BuiltIn",
"mode": "Indexed",
"metadata": {
"version": "1.0.0-preview",
"category": "Security Center",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
]
},
"listOfApplicableLocations": {
"type": "Array",
"metadata": {
"displayName": "Applicable Locations",
"description": "The list of locations where the policy should be applied.",
"strongType": "location"
},
"allowedValues": [
"australiasoutheast",
"australiaeast",
"brazilsouth",
"canadacentral",
"centralindia",
"centralus",
"eastasia",
"eastus2euap",
"eastus",
"eastus2",
"francecentral",
"japaneast",
"koreacentral",
"northcentralus",
"northeurope",
"norwayeast",
"southcentralus",
"southeastasia",
"switzerlandnorth",
"uaenorth",
"uksouth",
"westcentralus",
"westeurope",
"westus",
"westus2"
],
"defaultValue": [
"australiasoutheast",
"australiaeast",
"brazilsouth",
"canadacentral",
"centralindia",
"centralus",
"eastasia",
"eastus2euap",
"eastus",
"eastus2",
"francecentral",
"japaneast",
"koreacentral",
"northcentralus",
"northeurope",
"norwayeast",
"southcentralus",
"southeastasia",
"switzerlandnorth",
"uaenorth",
"uksouth",
"westcentralus",
"westeurope",
"westus",
"westus2"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.HybridCompute/machines"
},
{
"field": "location",
"in": "[parameters('listOfApplicableLocations')]"
},
{
"field": "Microsoft.HybridCompute/imageOffer",
"like": "linux*"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.HybridCompute/machines/extensions",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.HybridCompute/machines/extensions/type",
"equals": "ChangeTracking-Linux"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/Publisher",
"equals": "Microsoft.Azure.ChangeTrackingAndInventory"
},
{
"field": "Microsoft.HybridCompute/machines/extensions/provisioningState",
"equals": "Succeeded"
}
]
}
}
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/fc47609f-4d9b-4aed-806b-446816cc63a3",
"name": "fc47609f-4d9b-4aed-806b-446816cc63a3"
}