monkey365

0.98

rules/findings/azure/azure_cycle_cloud/azure-cycle-cloud-ssl-not-configured.json

                                {

    "args": [],

    "provider": "Azure",

    "serviceType": "Azure CycleCloud",

    "serviceName": "Azure CycleCloud",

    "displayName": "Ensure SSL is configured for CycleCloud",

    "description": "The use of SSL ensures that data in transit to and from the Azure CycleCloud server is encrypted.",

    "rationale": "Encryption of data in transit provides integrity and confidentiality to that data. If unencrypted data is intercepted in transit it is highly vulnerable to exposure and exploitation.",

    "impact": "If using self-signed certificates, users accessing CycleCloud will receive a warning that the SSL certificate is untrusted; they will need to accept the certificate to access the web console. Depending on your environment and use of CycleCloud, you may wish to procure a signed and trusted certificate from a Certificate Authority.",

    "remediation": {

        "text": "From SSH 1. Establish a secure shell session with the Azure CycleCloud server. 2. Navigate to the CycleCloud installation directory. 3. Use a text editor (e.g. Vim, Nano, Emacs) to open the cycle_server.properties file. 4. Edit the following properties to reflect true: webServerEnableHttps=true webServerRedirectHttp=true 5. Save and exit from the text editor. 6. Restart the CycleCloud service to enable the new property definitions: /opt/cycle_server/cycle_server restart",

        "code": {

            "powerShell": null,

            "iac": null,

            "terraform": null,

            "other": null

        }

    },

    "recommendation": null,

    "references": [

        "https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/sslconfiguration?view=cyclecloud-8",

        "https://learn.microsoft.com/en-us/azure/cyclecloud/concepts/security-bestpractices?view=cyclecloud-8"

    ],

    "compliance": [

        {

            "name": "CIS Microsoft Azure Foundations",

            "version": "2.0.0",

            "reference": "4.1",

            "profile": [

                "Level 1"

            ]

        }

    ],

    "level": "medium",

    "tags": [],

    "rule": {

        "path": "",

        "subPath": null,

        "selectCondition": {},

        "query": [

        ],

        "shouldExist": null,

        "returnObject": null,

        "removeIfNotExists": null

    },

    "output": {

        "html": {

            "data": {

                "properties": {},

                "expandObject": null

            },

            "table": "default",

            "decorate": [],

            "emphasis": [],

            "actions": {

                "objectData": {

                    "properties": [],

                    "expandObject": null,

                    "limit": null

                },

                "showGoToButton": "True",

                "showModalButton": "True",

                "directLink": null

            }

        },

        "text": {

            "data": {

                "properties": {},

                "expandObject": null

            },

            "status": {

                "keyName": null,

                "message": "Ensure SSL is configured for CycleCloud",

                "defaultMessage": null

            },

            "properties": {

                "resourceName": "name",

                "resourceId": "id",

                "resourceType": "type"

            },

            "onlyStatus": false

        }

    },

    "idSuffix": "azure_app_service_cycle_cloud_ssl_not_configured",

    "notes": [],

    "categories": [],

    "immutable_properties": [

        "name",

        "id"

    ],

    "id": "azure_cycle_001"

}