Microsoft.Compute.sshPublicKeys.delete
Event Information
- The Microsoft.Compute.sshPublicKeys.delete event in Azure for AzureVirtualMachines indicates that a SSH public key has been deleted for a virtual machine in Azure.
- This event signifies that the SSH access to the virtual machine has been modified, specifically in terms of removing a public key from the authorized keys list.
- It is important to monitor this event as it can help track any changes made to the SSH access configuration of the virtual machine, ensuring the security and access control of the system.
Examples
-
Unauthorized access: If security is impacted with Microsoft.Compute.sshPublicKeys.delete in Azure for AzureVirtualMachines, it could potentially allow unauthorized individuals to delete SSH public keys associated with virtual machines. This could lead to unauthorized access to the virtual machines, compromising the confidentiality and integrity of the data stored on them.
-
Privilege escalation: Deleting SSH public keys can also result in privilege escalation attacks. If an attacker gains access to a user’s SSH public key and deletes it, they may be able to replace it with their own malicious key. This would allow them to gain unauthorized access to the virtual machine and potentially escalate their privileges, compromising the security of the entire system.
-
Compliance violations: Deleting SSH public keys without proper authorization and audit trails can lead to compliance violations. Many regulatory frameworks require organizations to maintain strict control over access to sensitive data. If SSH public keys are deleted without proper documentation and approval processes, it can result in non-compliance and potential legal consequences.
Remediation
Using Console
To remediate the issues for Azure Virtual Machines using the Azure console, you can follow these step-by-step instructions:
-
Enable Azure Security Center:
- Go to the Azure portal and search for “Security Center” in the search bar.
- Select “Security Center” from the results and click on it.
- In the Security Center dashboard, click on “Pricing & settings” in the left-hand menu.
- Choose the subscription and resource group where your Azure Virtual Machines are located.
- Click on “Apply to all resources” to enable Security Center for all resources in the selected subscription and resource group.
- Review the pricing tier options and select the appropriate tier for your needs.
- Click on “Save” to enable Security Center.
-
Implement Network Security Groups (NSGs):
- Go to the Azure portal and search for “Virtual Machines” in the search bar.
- Select “Virtual Machines” from the results and click on it.
- Choose the virtual machine that you want to secure with NSGs.
- In the virtual machine’s overview page, click on “Networking” in the left-hand menu.
- Under “Inbound port rules” and “Outbound port rules”, click on “Add inbound port rule” and “Add outbound port rule” respectively.
- Configure the necessary rules to allow only the required inbound and outbound traffic.
- Click on “Save” to apply the NSG rules to the virtual machine.
-
Implement Azure Backup:
- Go to the Azure portal and search for “Recovery Services vaults” in the search bar.
- Select “Recovery Services vaults” from the results and click on it.
- Click on “Add” to create a new Recovery Services vault.
- Provide the necessary details like subscription, resource group, and vault name.
- Choose the appropriate region for the vault.
- Click on “Review + create” and then “Create” to create the vault.
- Once the vault is created, go to the virtual machine that you want to backup.
- In the virtual machine’s overview page, click on “Backup” in the left-hand menu.
- Follow the instructions to configure the backup settings for the virtual machine.
- Click on “Enable backup” to start the backup process.
These steps will help you remediate the issues for Azure Virtual Machines using the Azure console.
Using CLI
To remediate the issues for Azure Virtual Machines using Azure CLI, you can follow these steps:
-
Enable Azure Security Center for Azure Virtual Machines:
- Use the Azure CLI command
az vm update --name <vm_name> --resource-group <resource_group_name> --set "properties.securityProfile.securityCenterEnabled=true"to enable Azure Security Center for a specific virtual machine.
- Use the Azure CLI command
-
Configure Network Security Groups (NSGs) for Azure Virtual Machines:
- Use the Azure CLI command
az network nsg rule create --name <rule_name> --nsg-name <nsg_name> --resource-group <resource_group_name> --priority <priority_number> --source-address-prefixes <source_address_prefix> --destination-port-ranges <destination_port_range> --access <access_type> --protocol <protocol>to create a new NSG rule for a specific NSG and virtual machine.
- Use the Azure CLI command
-
Implement Azure Backup for Azure Virtual Machines:
- Use the Azure CLI command
az backup protection enable-for-vm --vm <vm_name> --vault-name <vault_name> --resource-group <resource_group_name> --policy-name <policy_name>to enable Azure Backup protection for a specific virtual machine. Replace the placeholders with the appropriate values for your environment.
- Use the Azure CLI command
Please note that the actual commands may vary depending on your specific requirements and configurations. Make sure to replace the placeholders with the actual values relevant to your Azure environment.
Using Python
To remediate the issues for Azure Virtual Machines using Python, you can use the Azure SDK for Python. Here are three examples of how you can remediate specific issues:
-
Example 1: Enabling Azure Disk Encryption for Virtual Machines
- Install the required package:
pip install azure-mgmt-compute - Use the following Python script to enable Azure Disk Encryption for a specific virtual machine:
from azure.identity import DefaultAzureCredential from azure.mgmt.compute import ComputeManagementClient # Authenticate using default credentials credential = DefaultAzureCredential() # Provide your Azure subscription ID and resource group name subscription_id = 'your_subscription_id' resource_group_name = 'your_resource_group_name' vm_name = 'your_vm_name' # Create the ComputeManagementClient compute_client = ComputeManagementClient(credential, subscription_id) # Enable Azure Disk Encryption for the virtual machine compute_client.virtual_machines.begin_enable_disk_encryption(resource_group_name, vm_name) - Install the required package:
-
Example 2: Applying Network Security Group rules to Virtual Machines
- Install the required package:
pip install azure-mgmt-network - Use the following Python script to apply Network Security Group rules to a specific virtual machine:
from azure.identity import DefaultAzureCredential from azure.mgmt.network import NetworkManagementClient # Authenticate using default credentials credential = DefaultAzureCredential() # Provide your Azure subscription ID and resource group name subscription_id = 'your_subscription_id' resource_group_name = 'your_resource_group_name' vm_name = 'your_vm_name' # Create the NetworkManagementClient network_client = NetworkManagementClient(credential, subscription_id) # Apply Network Security Group rules to the virtual machine network_client.virtual_machine_network_interfaces.begin_update_tags(resource_group_name, vm_name, {}) - Install the required package:
-
Example 3: Configuring Azure Backup for Virtual Machines
- Install the required package:
pip install azure-mgmt-recoveryservices - Use the following Python script to configure Azure Backup for a specific virtual machine:
from azure.identity import DefaultAzureCredential from azure.mgmt.recoveryservices import RecoveryServicesClient # Authenticate using default credentials credential = DefaultAzureCredential() # Provide your Azure subscription ID and resource group name subscription_id = 'your_subscription_id' resource_group_name = 'your_resource_group_name' vm_name = 'your_vm_name' # Create the RecoveryServicesClient recovery_services_client = RecoveryServicesClient(credential, subscription_id) # Configure Azure Backup for the virtual machine recovery_services_client.backup_protected_items.begin_create_or_update(resource_group_name, vm_name, {}) - Install the required package:
Please note that you need to replace the placeholders (your_subscription_id, your_resource_group_name, your_vm_name) with the actual values specific to your Azure environment.