Skip to content

jknightly/azureCIS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

79 Commits
remediation
remediation
 
 
Audit_PostGre_Server_parameters.ps1
Audit_PostGre_Server_parameters.ps1
 
 
Audit_sqlDB_audit_set_On.ps1
Audit_sqlDB_audit_set_On.ps1
 
 
Audit_webapp_TLs_version.ps1
Audit_webapp_TLs_version.ps1
 
 
Audit_webapp_netframework.ps1
Audit_webapp_netframework.ps1
 
 
Audit_webapps.ps1
Audit_webapps.ps1
 
 
MySQL_'Enforce SSL connection'.ps1
MySQL_'Enforce SSL connection'.ps1
 
 
README.md
README.md
 
 
asc_contact_settings.ps1
asc_contact_settings.ps1
 
 
asc_storage_https_recs_report.ps1
asc_storage_https_recs_report.ps1
 
 
asc_vm_sshrdp_recs_report.ps1
asc_vm_sshrdp_recs_report.ps1
 
 
audit-webapp_httpsonly.ps1
audit-webapp_httpsonly.ps1
 
 
audit_sqldb_allow_ingress.ps1
audit_sqldb_allow_ingress.ps1
 
 
check_network_watcher_enabled.ps1
check_network_watcher_enabled.ps1
 
 
check_sqlData_encryption_status.ps1
check_sqlData_encryption_status.ps1
 
 
check_storage_publicaccess.ps1
check_storage_publicaccess.ps1
 
 
diagnostics_for_keyvault.ps1
diagnostics_for_keyvault.ps1
 
 
logprofilesettings.ps1
logprofilesettings.ps1
 
 

Repository files navigation

Azure CIS

Powershell scripts to report and remediate on components from the CIS benchmarks for Azure. Scripts are intended to run in the Azure CloudShell using the AZ PowerShell module. Any outputs will be written to CloudDrive

As of 6/12/19 the AZ.security module is not yet native in CloudShell. Run "Import-module Az.Security" into your cloudshell before executing.

Scripts with names starting with "remediate" will make changes! Be sure to validate before executing. These are stored in the "Remediation" folder.

Information about CIS Benchmarks for Azure can be found here: https://azure.microsoft.com/en-us/resources/cis-microsoft-azure-foundations-security-benchmark/

To enforce benchmarks to new deployments use Azure Policy. See this repo for some great examples: https://github.com/mrajess/Azure-Policy-CIS

For information on making sure all VMs are protected by Azure Security Center, see here: https://techcommunity.microsoft.com/t5/Security-Identity/Identify-Azure-VMs-which-are-not-monitored-by-Security-Center/td-p/733672

About

Powershell scripts to report on components from the CIS benchmarks for Azure

Resources

Readme
Activity

Stars

17 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages