Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine

MEDIUM

Description

VM extensions are found to be installed on Linux VM's Azure Linux Virtual Machine, this may compromise security by allowing access to unauthorized actors.

Remediation

In Azure Console -

Open the Azure Portal and go to Virtual Machines.
Choose the Virtual Machine you wish to edit.
Under Settings, select Extensions + applications.
Select the extension and choose Uninstall.

In Terraform -

In the azurerm_linux_virtual_machine resource, set allow_extension_operations to false.
Set provision_vm_agent to false.

References:
https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#allow_extension_operations

Policy Details

Rule Reference ID: AC_AZURE_0310

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_linux_virtual_machine

Resource Category: Compute

Resource Type: Virtual Machine

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics