Pipeline: 9.11 Ensure that 'Remote debugging' is set to 'Off'
Description
Remote Debugging allows Azure App Service to be debugged in real-time directly on the Azure environment. When remote debugging is enabled, it opens a communication channel that could potentially be exploited by unauthorized users if not properly secured.
Disabling remote debugging on Azure App Service is primarily about enhancing security.
Remote debugging opens a communication channel that can be exploited by attackers. By disabling it, you reduce the number of potential entry points for unauthorized access.
If remote debugging is enabled without proper access controls, it can allow unauthorized users to connect to your application, potentially leading to data breaches or malicious code execution.
During a remote debugging session, sensitive information might be exposed. Disabling remote debugging helps ensure that such data remains secure. This minimizes the use of remote access tools to reduce risk.
Remediation
From Azure Portal
- Login to Azure Portal using https://portal.azure.com.
- Go to
App Services
. - Click on each App.
- Under
Setting
section, Click onConfiguration
. - Under the
General settings
tab, set theRemote debugging
option toOff
.
From Azure CLI
To set remote debugging status to off, run the following command
az webapp config set --resource-group <resource_group_name> --name <app_name> --remote-debugging-enabled false
From PowerShell
To set remote debugging status to off, run the following command
Set-AzWebApp -ResourceGroupName <resource_group_name> -Name <app_name> -RemoteDebuggingEnabled $false
Default Value
By default, remote debugging is set to off
.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run azure_cis.pipeline.cis_v300_9_12
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = azure_cis.pipeline.cis_v300_9_12 }
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.