diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json deleted file mode 100644 index c9c60cb5b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3020ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3020ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0069", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json deleted file mode 100644 index c4366d2cf..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort7001ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort7001ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Cassandra (TCP:7001) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0072", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json deleted file mode 100644 index a4e80481f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort61621ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort61621ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0075", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json deleted file mode 100644 index 520df038a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort53ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort53ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "DNS (UDP:53) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0078", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json deleted file mode 100644 index fd2e0ecc0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort9000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort9000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0081", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json deleted file mode 100644 index 2c257c6e8..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": " Known internal web port (TCP:8000) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0084", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json deleted file mode 100644 index 9ff5dff4c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8080ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8080ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": " Known internal web port (TCP:8080) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0087", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json deleted file mode 100644 index 037a1c42c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort636ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort636ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "LDAP SSL (TCP:636) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0090", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json deleted file mode 100644 index cded28779..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0096", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json deleted file mode 100644 index 5545bfa3e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort135ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort135ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0099", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json deleted file mode 100644 index 3b9ba0a42..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1433ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1433ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0102", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json deleted file mode 100644 index 40540aaea..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0111", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json deleted file mode 100644 index fee095042..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0114", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json deleted file mode 100644 index ba2815a9b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort445ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort445ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0117", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json deleted file mode 100644 index 6dcdd70ab..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort27018ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort27018ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0120", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json deleted file mode 100644 index d00fea729..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3306ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3306ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "MySQL (TCP:3306) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0123", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json deleted file mode 100644 index 6fd409304..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0129", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json deleted file mode 100644 index 536dfb5a2..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0135", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json deleted file mode 100644 index 2c22f18cd..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0141", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json deleted file mode 100644 index ab85ebad2..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0147", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json deleted file mode 100644 index c3f671d6a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort110ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort110ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "POP3 (TCP:110) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0150", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json deleted file mode 100644 index 5bd4d79b9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0156", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json deleted file mode 100644 index 6bab13730..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0159", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json deleted file mode 100644 index af60b7cb6..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8140ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8140ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Puppet Master (TCP:8140) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0162", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json deleted file mode 100644 index 3b1d2ebef..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort25ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort25ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "SMTP (TCP:25) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0165", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json deleted file mode 100644 index e912b245b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort161ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort161ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "High", - "description": "SNMP (UDP:161) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0168", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json deleted file mode 100644 index d2f1be375..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2382ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2382ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0171", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json deleted file mode 100644 index f823a7856..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2383ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2383ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0174", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json deleted file mode 100644 index 0db5c12db..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4505ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4505ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0177", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json deleted file mode 100644 index 3afc7de90..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4506ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4506ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0180", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json deleted file mode 100644 index e199b4ced..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort23ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort23ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "Telnet (TCP:23) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0183", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json deleted file mode 100644 index ec0dd4394..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5500ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5500ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "VNC Listener (TCP:5500) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0186", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json deleted file mode 100644 index 4c6aa48d5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5900ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5900ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "High", - "description": "VNC Server (TCP:5900) is exposed to entire Public network", - "reference_id": "AC-AZ-IS-NS-H-0189", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json deleted file mode 100644 index e8f53d4b9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3020ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3020ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0071", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json deleted file mode 100644 index 585f46cb9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort7001ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort7001ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Cassandra (TCP:7001) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0074", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json deleted file mode 100644 index b5cf700a0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort61621ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort61621ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0077", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json deleted file mode 100644 index 529026fb4..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort53ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort53ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "DNS (UDP:53) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0080", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json deleted file mode 100644 index 68506c522..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort9000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort9000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0083", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json deleted file mode 100644 index d8c9bf7e7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": " Known internal web port (TCP:8000) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0086", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json deleted file mode 100644 index 9d2cbda7b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8080ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8080ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": " Known internal web port (TCP:8080) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0089", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json deleted file mode 100644 index 2a666376e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort636ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort636ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "LDAP SSL (TCP:636) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0092", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json deleted file mode 100644 index b87a58575..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0098", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json deleted file mode 100644 index c2a6b7192..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort135ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort135ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0101", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json deleted file mode 100644 index 91315e92a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1433ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1433ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0104", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json deleted file mode 100644 index 5997e42e4..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0113", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json deleted file mode 100644 index 7dd595a41..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0116", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json deleted file mode 100644 index 6dff8b4f0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort445ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort445ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0119", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json deleted file mode 100644 index 3d607fe9e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort27018ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort27018ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0122", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json deleted file mode 100644 index c2d7ffbcf..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3306ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3306ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "MySQL (TCP:3306) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0125", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json deleted file mode 100644 index c6ec8b218..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0131", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json deleted file mode 100644 index 320561858..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0137", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json deleted file mode 100644 index 53de294ec..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0143", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json deleted file mode 100644 index c5a1b211a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0149", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json deleted file mode 100644 index 12556a11a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort110ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort110ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "POP3 (TCP:110) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0152", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json deleted file mode 100644 index b1fe997f3..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0158", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json deleted file mode 100644 index cf47348a5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0161", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json deleted file mode 100644 index ba761f28c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8140ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8140ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Puppet Master (TCP:8140) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0164", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json deleted file mode 100644 index fea1d1ee4..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort25ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort25ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "SMTP (TCP:25) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0167", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json deleted file mode 100644 index e8977bf07..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort161ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort161ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "Low", - "description": "SNMP (UDP:161) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0170", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json deleted file mode 100644 index 7711b1e42..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2382ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2382ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0173", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json deleted file mode 100644 index 696b7f208..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2383ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2383ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0176", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json deleted file mode 100644 index 4206ace8c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4505ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4505ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0179", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json deleted file mode 100644 index 27f4cbc34..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4506ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4506ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0182", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json deleted file mode 100644 index 452287c2f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort23ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort23ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "Telnet (TCP:23) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0185", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json deleted file mode 100644 index 20b854a93..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5500ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5500ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "VNC Listener (TCP:5500) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0188", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json deleted file mode 100644 index 3a1683a6e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5900ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5900ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "Low", - "description": "VNC Server (TCP:5900) is exposed to wide Private network", - "reference_id": "AC-AZ-IS-NS-L-0191", - "category": "Infrastructure Security", - "version": 2 -} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json new file mode 100755 index 000000000..ca382edde --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8140ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8140ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Puppet Master (TCP:8140) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.101", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json new file mode 100755 index 000000000..aa117b29b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort25ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort25ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SMTP (TCP:25) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.103", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json new file mode 100755 index 000000000..6842e82f7 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort161ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort161ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "SNMP (UDP:161) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.105", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json new file mode 100755 index 000000000..793d66293 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2382ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2382ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.107", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json new file mode 100755 index 000000000..35f2a563d --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2383ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2383ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.109", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json new file mode 100755 index 000000000..4796adee1 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4505ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4505ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.111", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json new file mode 100755 index 000000000..79674023d --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4506ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4506ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.113", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json new file mode 100755 index 000000000..dc11164a9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort23ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort23ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Telnet (TCP:23) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.115", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json new file mode 100755 index 000000000..5a2a0baeb --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5500ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5500ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "VNC Listener (TCP:5500) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.117", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json new file mode 100755 index 000000000..4ddc6e01b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5900ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5900ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "VNC Server (TCP:5900) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.119", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json new file mode 100755 index 000000000..53550e5cf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3020ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3020ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.174", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json new file mode 100755 index 000000000..385bfc50a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort7001ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort7001ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Cassandra (TCP:7001) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.176", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json new file mode 100755 index 000000000..782aa6090 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort61621ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort61621ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.178", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json new file mode 100755 index 000000000..e42f19f4f --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort53ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort53ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "DNS (UDP:53) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.180", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json new file mode 100755 index 000000000..40bd25130 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort9000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort9000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.182", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json new file mode 100755 index 000000000..0d5cb3bdb --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": " Known internal web port (TCP:8000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.184", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json new file mode 100755 index 000000000..a057b9814 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8080ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8080ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": " Known internal web port (TCP:8080) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.186", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json new file mode 100755 index 000000000..eb6fa04c0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort636ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort636ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "LDAP SSL (TCP:636) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.188", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json new file mode 100755 index 000000000..b45d74a95 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.190", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json new file mode 100755 index 000000000..6e05e582b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.192", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json new file mode 100755 index 000000000..848500fdf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort135ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort135ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.194", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json new file mode 100755 index 000000000..3b014bc2b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1433ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1433ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.196", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json new file mode 100755 index 000000000..de3960341 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.198", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json new file mode 100755 index 000000000..ed9d56a65 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.200", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json new file mode 100755 index 000000000..b1192691f --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.202", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json new file mode 100755 index 000000000..69b97ae34 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.204", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json new file mode 100755 index 000000000..c7f9de2d3 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort445ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort445ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.206", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json new file mode 100755 index 000000000..e6ee87569 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort27018ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort27018ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.208", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json new file mode 100755 index 000000000..f6ae3a4ab --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3306ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3306ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MySQL (TCP:3306) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.210", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json new file mode 100755 index 000000000..0ea55d32c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.212", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json new file mode 100755 index 000000000..ace8988a7 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.214", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json new file mode 100755 index 000000000..ae308d29d --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.216", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json new file mode 100755 index 000000000..d0f2e59f5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.218", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json new file mode 100755 index 000000000..2c0ac9cf5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.220", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json new file mode 100755 index 000000000..9230e4913 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.222", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json new file mode 100755 index 000000000..a24e406a1 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.224", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json new file mode 100755 index 000000000..d8984b5a0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.226", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json new file mode 100755 index 000000000..72307d557 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort110ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort110ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "POP3 (TCP:110) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.228", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json new file mode 100755 index 000000000..7221feedc --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.230", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json new file mode 100755 index 000000000..5412aa5da --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.232", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json new file mode 100755 index 000000000..d8dd2c6fb --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.234", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json new file mode 100755 index 000000000..aafa616b1 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8140ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8140ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Puppet Master (TCP:8140) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.236", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json new file mode 100755 index 000000000..4b8e854bf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort25ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort25ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SMTP (TCP:25) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.238", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json new file mode 100755 index 000000000..5f411b979 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort161ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort161ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "SNMP (UDP:161) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.240", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json new file mode 100755 index 000000000..bdf32c528 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2382ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2382ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.242", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json new file mode 100755 index 000000000..6b673da88 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2383ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2383ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.244", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json new file mode 100755 index 000000000..8b3e99bc3 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4505ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4505ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.246", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json new file mode 100755 index 000000000..1041a93a9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4506ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4506ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.248", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json new file mode 100755 index 000000000..4f37e4a51 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort23ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort23ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Telnet (TCP:23) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.250", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json new file mode 100755 index 000000000..d72f6d5b5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5500ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5500ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "VNC Listener (TCP:5500) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.252", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json new file mode 100755 index 000000000..eb7ca883c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5900ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5900ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "VNC Server (TCP:5900) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.254", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json new file mode 100755 index 000000000..ca22f0cb6 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3020ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3020ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.39", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json new file mode 100755 index 000000000..0ec87eb6a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort7001ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort7001ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Cassandra (TCP:7001) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.41", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json new file mode 100755 index 000000000..0e65ebe5b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort61621ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort61621ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.43", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json new file mode 100755 index 000000000..ea88aa608 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort53ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort53ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "DNS (UDP:53) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.45", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json new file mode 100755 index 000000000..072d6049d --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort9000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort9000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.47", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json new file mode 100755 index 000000000..c74846556 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": " Known internal web port (TCP:8000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.49", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json new file mode 100755 index 000000000..2fdd59149 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8080ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8080ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": " Known internal web port (TCP:8080) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.51", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json new file mode 100755 index 000000000..e1f72fc5e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort636ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort636ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "LDAP SSL (TCP:636) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.53", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json new file mode 100755 index 000000000..5ef88ba2c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.55", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json new file mode 100755 index 000000000..521d7dfdb --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.57", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json new file mode 100755 index 000000000..19a43a2cd --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort135ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort135ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.59", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json new file mode 100755 index 000000000..f45359b8e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1433ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1433ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.61", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json new file mode 100755 index 000000000..66f9105e2 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.63", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json new file mode 100755 index 000000000..5f223989a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.65", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json new file mode 100755 index 000000000..7b4670186 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.67", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json new file mode 100755 index 000000000..4e9faab0c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.69", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json new file mode 100755 index 000000000..a20dcb1d9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort445ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort445ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.71", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json new file mode 100755 index 000000000..382c9ab5b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort27018ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort27018ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.73", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json new file mode 100755 index 000000000..aa4cd9ed2 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3306ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3306ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MySQL (TCP:3306) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.75", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json new file mode 100755 index 000000000..86e8f9619 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.77", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json new file mode 100755 index 000000000..05a693650 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.79", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json new file mode 100755 index 000000000..013de4be0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.81", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json new file mode 100755 index 000000000..53dc0594d --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.83", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json new file mode 100755 index 000000000..8f3cc4c47 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.85", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json new file mode 100755 index 000000000..17edad2a4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.87", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json new file mode 100755 index 000000000..263018338 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.89", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json new file mode 100755 index 000000000..7441ba062 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.91", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json new file mode 100755 index 000000000..44f137e1e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort110ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort110ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "POP3 (TCP:110) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.93", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json new file mode 100755 index 000000000..193799d73 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.95", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json new file mode 100755 index 000000000..789824324 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.97", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json new file mode 100755 index 000000000..624b97308 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.99", + "category": "Infrastructure Security", + "version": 2 +} \ No newline at end of file