Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@dutt0
dutt0 committed Nov 20, 2024
1 parent ba35e23 commit 5c92672
Show file tree
Hide file tree
Showing 5 changed files with 8 additions and 7 deletions.
Binary file modified psmodules/Check-StorageAccountTLSversion.zip
View file
Binary file not shown.
4 changes: 2 additions & 2 deletions setup/modules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,14 +462,14 @@
}
]
},
{
{
"ModuleName": "Check-StorageAccountTLSversion",
"Control": "Guardrails7",
"ModuleType": "Builtin",
"Status": "Enabled",
"Required": "True",
"Profiles": [2, 3, 4, 5, 6],
"Script": "Verify-TLSForStorageAccount -ControlName $msgTable.CtrName7 -ItemName $msgTable.dataInTransit -MsgTable $msgTable -ReportTime $ReportTime -CBSSubscriptionName $vars.cbssubscriptionName -itsgcode $vars.itsgcode -CloudUsageProfiles $cloudUsageProfilesString -ModuleProfiles $ModuleProfilesString",
"Script": "Verify-TLSForStorageAccount -ControlName $msgTable.CtrName7 -ItemName $msgTable.storageAccTLS12 -MsgTable $msgTable -ReportTime $ReportTime -CBSSubscriptionName $vars.cbssubscriptionName -itsgcode $vars.itsgcode -CloudUsageProfiles $cloudUsageProfilesString -ModuleProfiles $ModuleProfilesString",
"variables": [
{
"Name": "cbssubscriptionName",
Expand Down
6 changes: 2 additions & 4 deletions src/GUARDRAIL 7 PROTECTION OF DATA-IN-TRANSIT/Audit/Check-StorageAccountTLSversion.psm1
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
function Check-TLSversion {
param (
[System.Object] $objList,
[string] $objType, #subscription or management Group
[string] $ControlName,
[string] $ItemName,
[string] $LogType,
Expand Down Expand Up @@ -70,13 +69,12 @@ function Verify-TLSForStorageAccount {
$Errorlist.Add("Failed to execute the 'Get-AzSubscription' command--verify your permissions and the installion of the Az.Resources module; returned error message: $_")
throw "Error: Failed to execute the 'Get-AzSubscription' command--verify your permissions and the installion of the Az.Resources module; returned error message: $_"
}
[string]$type = "subscription"

if ($EnableMultiCloudProfiles) {
$PSObjectList = Check-TLSversion -objList $objs -objType $type -itsgcode $itsgcode -ReportTime $ReportTime -ItemName $ItemName -LogType $LogType -msgTable $msgTable -ControlName $ControlName -CloudUsageProfiles $CloudUsageProfiles -ModuleProfiles $ModuleProfiles -EnableMultiCloudProfiles
$PSObjectList = Check-TLSversion -objList $objs -itsgcode $itsgcode -ReportTime $ReportTime -ItemName $ItemName -LogType $LogType -msgTable $msgTable -ControlName $ControlName -CloudUsageProfiles $CloudUsageProfiles -ModuleProfiles $ModuleProfiles -EnableMultiCloudProfiles
}
else {
$PSObjectList = Check-TLSversion -objList $objs -objType $type -itsgcode $itsgcode -ReportTime $ReportTime -ItemName $ItemName -LogType $LogType -msgTable $msgTable -ControlName $ControlName
$PSObjectList = Check-TLSversion -objList $objs -itsgcode $itsgcode -ReportTime $ReportTime -ItemName $ItemName -LogType $LogType -msgTable $msgTable -ControlName $ControlName
}

# Filter to keep only objects that have the 'subscriptionName' property
Expand Down
2 changes: 2 additions & 0 deletions src/GuardRails-Localization/GR-ComplianceChecks-Msgs.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,8 @@ allCertificatesValid = All certificates are valid and from approved Certificate
approvedCAFileFound = Approved Certificate Authority (CA) list file '{0}' found and processed
approvedCAFileNotFound = Approved Certificate Authority (CA) file '{0}' not found in container '{1}' of storage account '{2}'. Unable to verify certificate authorities
storageAccTLS12 = Storage Accounts TLS 1.2
# GuardRail #8
noNSG=No NSG is present.
subnetCompliant = Subnet is compliant.
Expand Down
3 changes: 2 additions & 1 deletion src/GuardRails-Localization/fr-CA/GR-ComplianceChecks-Msgs.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,6 @@ nonCompliantC2= Configurez la politique d'accès conditionnel pour empêcher les
nonCompliantC1C2 = Configurez les politiques d'accès conditionnel décrites dans les conseils de remédiation.
compliantC1C2 = Les deux politiques d'accès conditionnel ont été configurées.
# GuardRail #3
noCompliantPoliciesfound=Aucune stratégie conforme n'a été trouvée. Les politiques doivent avoir un emplacement unique et cet emplacement doit être réservé au Canada.
allPoliciesAreCompliant=Toutes les politiques sont conformes.
Expand Down Expand Up @@ -185,6 +184,8 @@ allCertificatesValid = Tous les certificats sont valides et provenant d'autorit
approvedCAFileFound = Approved Certificate Authority (CA) file '{0}' not found in container '{1}' of storage account '{2}'. Unable to verify certificate authorities.
approvedCAFileNotFound = Le fichier des Autorités de certification (AC) approuvées '{0}' n'a pas été trouvé dans le conteneur '{1}' du compte de stockage '{2}'. Incapable de vérifier les autorités de certification
storageAccTLS12 = Storage Accounts TLS 1.2
# GuardRail #8
noNSG=Aucun NSG n'est présent.
subnetCompliant = Le sous-réseau est conforme.
Expand Down

0 comments on commit 5c92672

Please sign in to comment.