Azure Introduction
Azure Pricing
Azure Threats
Ensure Storage Account container containing the logs is not publicly accessible
More Info:
Allowing public access to activity log content may aid an adversary in identifying weaknesses in the affected account’s use or configuration.
Risk Level
Low
Address
Security, Operational Maturity
Compliance Standards
CISAZURE, CBP, HITRUST
Triage and Remediation
Remediation
To remediate the misconfiguration in Azure, you can follow these steps:
-
Open the Azure portal and navigate to the storage account that contains the container with the logs.
-
Click on the “Containers” tab on the left-hand side of the screen.
-
Select the container that contains the logs.
-
Click on the “Access policy” tab on the top of the screen.
-
Under the “Public access level” section, select “Private (no anonymous access)“.
-
Click on the “Save” button at the top of the screen to save the changes.
-
Verify that the container is no longer publicly accessible by trying to access it from a different browser or device.
By following these steps, you have successfully remediated the misconfiguration and ensured that the storage account container containing the logs is no longer publicly accessible.
To remediate the issue of a publicly accessible Storage Account container containing logs in Azure, you can follow the steps below using Azure CLI:
-
Log in to your Azure account using the Azure CLI command
az login. -
Once you have successfully logged in, you can list all the storage accounts in your subscription using the command
az storage account list. -
Identify the storage account that contains the publicly accessible container and copy its
resource groupandname. -
Use the following command to update the access level of the container to private:
az storage container set-permission --account-name <storage_account_name> --account-key <storage_account_key> --name <container_name> --public-access offReplace
<storage_account_name>with the name of the storage account,<storage_account_key>with the account key of the storage account, and<container_name>with the name of the container that contains the logs. -
Verify that the access level of the container has been updated to private by running the command
az storage container show --account-name <storage_account_name> --account-key <storage_account_key> --name <container_name>.If the access level is set to
private, you have successfully remediated the issue.
By following these steps, you can remediate the issue of a publicly accessible Storage Account container containing logs in Azure using Azure CLI.
To remediate the misconfiguration in Azure using Python, you can follow these steps:
- Import the required modules:
from azure.storage.blob import BlobServiceClient, PublicAccess
from azure.core.exceptions import ResourceExistsError
- Connect to the Azure Storage Account using the connection string:
connection_string = "<your_connection_string>"
blob_service_client = BlobServiceClient.from_connection_string(connection_string)
- Get the container name that contains the logs:
container_name = "<your_container_name>"
container_client = blob_service_client.get_container_client(container_name)
- Set the PublicAccess level to ‘None’:
try:
container_client.set_access_policy(PublicAccess.NONE)
print("Public access has been removed from the container.")
except ResourceExistsError:
print("The container already has PublicAccess.NONE.")
- Verify that the PublicAccess level has been set to ‘None’:
container_properties = container_client.get_container_properties()
print("Public access level: ", container_properties.public_access)
This will ensure that the Storage Account container containing the logs is not publicly accessible.