diff --git a/README.md b/README.md index a22ec57e9..b18c1756b 100644 --- a/README.md +++ b/README.md @@ -299,6 +299,8 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h * [VM OS Disk Encryption](en/azure/virtualmachines/vm-os-disk-encryption.md) * Virtual Networks * [Multiple Subnets](en/azure/virtualnetworks/multiple-subnets.md) + * Virtual Machine Scale Set + * [VM Scale Set Approved Extensions](en/azure/virtualmachinescaleset/vmss-approved-extensions.md) * Google * CLB * [CLB CDN Enabled](en/google/clb/clb-cdn-enabled.md) diff --git a/en/azure/virtualmachinescaleset/vmss-approved-extensions.md b/en/azure/virtualmachinescaleset/vmss-approved-extensions.md new file mode 100644 index 000000000..f6c2fcec6 --- /dev/null +++ b/en/azure/virtualmachinescaleset/vmss-approved-extensions.md @@ -0,0 +1,25 @@ +[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com) + +# AZURE / Virtual Machine Scale Set / VM Scale Set Approved Extensions + +## Quick Info + +| | | +|-|-| +| **Plugin Title** | VM Scale Set Approved Extensions | +| **Cloud** | AZURE | +| **Category** | Virtual Machine Scale Set | +| **Description** | Ensures that approved Virtual Machine Scale Set extensions are installed | +| **More Info** | Extensions are small applications that provide post-deployment configuration and automation on Azure VMs. Extensions installed should be approved by the organization to meet the organizational security requirements. | +| **AZURE Link** | https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview | +| **Recommended Action** | Uninstall unapproved virtual machine scale set extensions. | + +## Detailed Remediation Steps + +1. Log in to the Microsoft Azure Management Console. +2. Select the "Search resources, services, and docs" option at the top and search for "Virtual Machine Scale Set".
+3. Select the "Scale Set" by clicking on the "Name" link to access the configuration changes.
+4. In the left navigation panel, click on the "Extensions + applications" under "Settings".
+5. Select the unapproved "Extension" by clicking on by clicking on its name under Extensions tab.
+6. On the extension details panel click "Uninstall" button to remove the extension from scale set.
+7. Repeat step 5-6 to remove all the unapproved extensions from virtual machine scale set. diff --git a/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step2.png b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step2.png new file mode 100644 index 000000000..569a54ec1 Binary files /dev/null and b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step2.png differ diff --git a/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step3.png b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step3.png new file mode 100644 index 000000000..2be7e7a1a Binary files /dev/null and b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step3.png differ diff --git a/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step4.png b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step4.png new file mode 100644 index 000000000..85db5f97c Binary files /dev/null and b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step4.png differ diff --git a/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step5.png b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step5.png new file mode 100644 index 000000000..84b9c6e03 Binary files /dev/null and b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step5.png differ diff --git a/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step6.png b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step6.png new file mode 100644 index 000000000..9995a599c Binary files /dev/null and b/resources/azure/virtualmachinescaleset/vmss-approved-extensions/step6.png differ