Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatic translation of checklists/eh_checklist.en.json #958

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Automatic translation of checklists/eh_checklist.en.json #958

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
831 changes: 588 additions & 243 deletions checklists-ext/fullwaf_checklist.en.json
View file
Open in desktop

Large diffs are not rendered by default.

642 changes: 321 additions & 321 deletions checklists/acr_checklist.en.json
View file
Open in desktop

Large diffs are not rendered by default.

213 changes: 166 additions & 47 deletions checklists/acr_checklist.es.json
View file
Open in desktop

Large diffs are not rendered by default.

199 changes: 159 additions & 40 deletions checklists/acr_checklist.ja.json
View file
Open in desktop

Large diffs are not rendered by default.

215 changes: 167 additions & 48 deletions checklists/acr_checklist.ko.json
View file
Open in desktop

Large diffs are not rendered by default.

215 changes: 167 additions & 48 deletions checklists/acr_checklist.pt.json
View file
Open in desktop

Large diffs are not rendered by default.

323 changes: 323 additions & 0 deletions checklists/acr_checklist.zh-Hant.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,323 @@
{
"categories": [
{
"name": "安全"
},
{
"name": "網路拓撲和連接"
},
{
"name": "運營管理"
},
{
"name": "平臺自動化"
},
{
"name": "安全"
},
{
"name": "分類帳"
},
{
"name": "伐木"
},
{
"name": "聯網"
},
{
"name": "數據發現和分類"
},
{
"name": "數據掩碼"
},
{
"name": "法典"
}
],
"items": [
{
"category": "安全",
"description": "禁用圖像匯出以防止數據洩露。請注意,這將阻止將映射導入到另一個 ACR 實例中。",
"guid": "ab91932c-9fc9-4d1b-a880-37f5e6bfcb9e",
"id": "A01.01",
"link": "https://learn.microsoft.com/azure/container-registry/data-loss-prevention",
"query": "resources | where type =~ 'Microsoft.ContainerRegistry/registries' | extend acrName = name, acrId = id | extend exportPolicyStatus = properties.policies.exportPolicy.status | extend compliant = iif(exportPolicyStatus =~ 'Disabled', true, false) | project acrName, acrId, exportPolicyStatus, compliant",
"service": "ACR",
"severity": "高",
"subcategory": "數據保護",
"text": "禁用 Azure Container Registry 映射導出",
"waf": "安全"
},
{
"category": "安全",
"description": "通過為 Azure Container Registry 啟用 Azure Policy 來啟用審核合規性可見性",
"guid": "d503547c-d447-4e82-9128-a7100f1cac6d",
"id": "A01.02",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-azure-policy",
"service": "ACR",
"severity": "高",
"subcategory": "數據保護",
"text": "為 Azure 容器註冊表啟用 Azure 策略",
"waf": "安全"
},
{
"category": "安全",
"description": "Azure Key Vault (AKV) 用於存儲簽名密鑰,該金鑰可通過表示法 AKV 外掛程式 (azure-kv) 來對容器映像和其他專案進行簽名和驗證。Azure 容器註冊表 (ACR) 允許您使用 az?or?oras? 附加這些簽名。CLI 命令。",
"guid": "d345293c-7639-4637-a551-c5c04e401955",
"id": "A01.03",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-tutorial-sign-build-push",
"service": "ACR",
"severity": "高",
"subcategory": "數據保護",
"text": "使用符號對容器進行簽名和驗證 (Notary v2)",
"waf": "安全"
},
{
"category": "安全",
"description": "Azure 容器註冊表會自動加密存儲的映像和其他專案。默認情況下,Azure 使用服務託管密鑰自動加密靜態註冊表內容。通過使用客戶管理的金鑰,您可以使用額外的加密層來補充預設加密。",
"graph": "resources | where type =~ 'Microsoft.ContainerRegistry/registries' | extend acrName = name, acrId = id | extend encryptionStatus = properties.encryption.status | extend compliant = iif(encryptionStatus == 'disabled', false, true) | project acrName, acrId, encryptionStatus, compliant",
"guid": "0bd05dc2-efd5-4d76-8d41-d2500cc47b49",
"id": "A01.04",
"link": "https://learn.microsoft.com/azure/container-registry/tutorial-customer-managed-keys",
"service": "ACR",
"severity": "中等",
"subcategory": "數據保護",
"text": "使用客戶管理的金鑰加密註冊表",
"waf": "安全"
},
{
"category": "安全",
"description": "使用託管標識保護來自用戶端應用程式的 ACRPull/Push RBAC 訪問",
"guid": "8f42d78e-79dc-47b3-9bd2-a1a27e7a8e90",
"id": "A02.01",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity",
"service": "ACR",
"severity": "高",
"subcategory": "身份和訪問控制",
"text": "使用託管標識而不是服務主體進行連接",
"waf": "安全"
},
{
"category": "安全",
"description": "默認情況下,本地管理員帳戶處於禁用狀態,不應啟用。請改用基於 Token 或 RBAC 的訪問方法",
"graph": "resources | where type =~ 'microsoft.containerregistry/registries' | extend localAdminDisabled = properties.adminUserEnabled // Adjust this property as needed | extend compliant = iif(localAdminDisabled == 'false', true, false) // Check if local admin is disabled | project compliant, name, id, tags | distinct id, compliant",
"guid": "be0e38ce-e297-411b-b363-caaab79b198d",
"id": "A02.02",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity",
"service": "ACR",
"severity": "高",
"subcategory": "身份和訪問控制",
"text": "禁用管理平面訪問的本地身份驗證",
"waf": "安全"
},
{
"category": "安全",
"description": "禁用管理員帳戶並將 RBAC 角色分配給 ACR 拉取/推送操作的主體",
"graph": "resources | where type =~ 'microsoft.containerregistry/registries' | extend localAdminDisabled = properties.adminUserEnabled // Adjust this property as needed | extend compliant = iif(localAdminDisabled == 'false', true, false) // Check if local admin is disabled | project compliant, name, id, tags | distinct id, compliant",
"guid": "387e5ced-126c-4d13-8af5-b20c6998a646",
"id": "A02.03",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-roles?tabs=azure-cli",
"service": "ACR",
"severity": "高",
"subcategory": "身份和訪問控制",
"text": "分配AcrPull和AcrPush RBAC角色,而不是授予身份主體管理訪問許可權",
"waf": "安全"
},
{
"category": "安全",
"description": "禁用匿名拉取/推送訪問",
"graph": "resources | where type =~ 'microsoft.containerregistry/registries' | extend compliant = iif(properties.anonymousPullEnabled == false, true, false) | project compliant, name, id, tags | distinct id, compliant",
"guid": "e338997e-41c7-47d7-acf6-a62a1194956d",
"id": "A02.04",
"link": "https://learn.microsoft.com/azure/container-registry/anonymous-pull-access#configure-anonymous-pull-access",
"service": "ACR",
"severity": "中等",
"subcategory": "身份和訪問控制",
"text": "禁用匿名拉取訪問許可權",
"waf": "安全"
},
{
"category": "安全",
"description": "令牌身份驗證不支援分配給 AAD 主體。任何可以訪問令牌的人都可以使用提供的任何令牌",
"guid": "698dc3a2-fd27-4b2e-8870-1a1252beedf6",
"id": "A02.05",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-authentication?tabs=azure-cli",
"service": "ACR",
"severity": "高",
"subcategory": "身份和訪問控制",
"text": "禁用存儲庫範圍的訪問令牌",
"waf": "安全"
},
{
"category": "安全",
"description": "將容器映像部署到受信任網路中專用終結點後面的 ACR",
"guid": "b3bec3d4-f343-47c1-936d-b55f27a71eee",
"id": "A02.06",
"service": "ACR",
"severity": "高",
"subcategory": "身份和訪問控制",
"text": "從受信任的環境部署映像",
"waf": "安全"
},
{
"category": "安全",
"description": "只有具有 ACR 受眾的令牌才能用於身份驗證。為 ACR 啟用條件存取策略時使用",
"guid": "3a041fd3-2947-498b-8288-b3c6a56ceb54",
"id": "A02.07",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-enable-conditional-access-policy",
"service": "ACR",
"severity": "中等",
"subcategory": "身份和訪問控制",
"text": "禁用 Azure ARM 受眾令牌進行身份驗證",
"waf": "安全"
},
{
"category": "安全",
"description": "設置一個診斷設置,將『repositoryEvents』和『LoginEvents』發送到Log Analytics作為記錄和監控的中心目標。這允許您監控 ACR 資源本身的控制平面活動。",
"guid": "8a488cde-c486-42bc-9bd2-1be77f26e5e6",
"id": "A03.01",
"link": "https://learn.microsoft.com/azure/container-registry/monitor-service",
"service": "ACR",
"severity": "中等",
"subcategory": "日誌記錄和監控",
"text": "啟用診斷日誌記錄",
"waf": "安全"
},
{
"category": "安全",
"description": "服務支援通過使用服務級別 IP ACL 篩選規則(而不是 NSG 或 Azure 防火牆)或使用“禁用公用網络訪問”切換開關來禁用公用網络訪問",
"guid": "21d41d25-00b7-407a-b9ea-b40fd3290798",
"id": "A04.01",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-private-link",
"service": "ACR",
"severity": "中等",
"subcategory": "網路安全",
"text": "使用專用連結控制入站網路訪問",
"waf": "安全"
},
{
"category": "安全",
"description": "如果使用專用連結保護入站網路訪問,則禁用公用網路訪問",
"graph": "resources | where type =~ 'Microsoft.ContainerRegistry/registries' | where sku.name =~ 'Premium' // Check for Premium SKU | extend publicAccessEnabled = properties.publicNetworkAccess | extend defaultAction = tostring(properties.networkRuleSet.defaultAction) // Extract defaultAction | extend compliant = iif(publicAccessEnabled != 'Enabled' or defaultAction == 'Deny', true, false) | project name, id, publicAccessEnabled, defaultAction, compliant",
"guid": "cd289ced-6b17-4db8-8554-62f2aee4553a",
"id": "A04.02",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-access-selected-networks#disable-public-network-access",
"service": "ACR",
"severity": "中等",
"subcategory": "網路安全",
"text": "禁用公共網路訪問",
"waf": "安全"
},
{
"category": "安全",
"description": "只有 ACR Premium SKU 支援專用連結訪問",
"graph": "resources | where type =~ 'Microsoft.ContainerRegistry/registries' | extend skuName = sku.name // Extract the SKU name | extend compliant = iif(skuName == 'Premium', true, false) // Check if SKU is Premium | project name, id, skuName, compliant",
"guid": "fc833934-8b26-42d6-ac5f-512925498f6d",
"id": "A04.03",
"link": "https://learn.microsoft.com/azure/container-registry/container-registry-skus",
"service": "ACR",
"severity": "中等",
"subcategory": "網路安全",
"text": "使用支援專用連結的 Azure 容器註冊表 SKU(高級 SKU)",
"waf": "安全"
},
{
"category": "安全",
"description": "應使用適用於容器的 Azure Defender 或等效服務來掃描容器映像中的漏洞",
"guid": "bad37dac-43bc-46ce-8d7a-a9b24604489a",
"id": "A04.04",
"link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction",
"service": "ACR",
"severity": "低",
"subcategory": "網路安全",
"text": "啟用 Defender for Containers 以掃描 Azure 容器註冊表中的漏洞",
"waf": "安全"
},
{
"category": "安全",
"description": "部署根據 DevSecOps 實踐進行驗證和漏洞掃描的可信代碼。",
"guid": "4451e1a2-d345-4293-a763-9637a551c5c0",
"id": "A05.01",
"service": "ACR",
"severity": "中等",
"subcategory": "漏洞管理",
"text": "部署經過驗證的容器映像",
"waf": "安全"
},
{
"category": "安全",
"description": "使用最新版本的受支援平臺、程式設計語言、協定和框架。",
"guid": "4e401955-387e-45ce-b126-cd132af5b20c",
"id": "A05.02",
"service": "ACR",
"severity": "高",
"subcategory": "漏洞管理",
"text": "使用最新的平臺、語言、協定和框架",
"waf": "安全"
}
],
"metadata": {
"name": "Azure Container Registry Security Review",
"state": "Preview",
"timestamp": "October 23, 2024",
"waf": "security"
},
"severities": [
{
"name": "高"
},
{
"name": "中等"
},
{
"name": "低"
}
],
"status": [
{
"description": "尚未查看此檢查",
"name": "未驗證"
},
{
"description": "存在與此檢查關聯的操作項",
"name": "打開"
},
{
"description": "此檢查已經過驗證,沒有與之關聯的其他操作項",
"name": "實現"
},
{
"description": "不適用於當前設計",
"name": "不適用"
},
{
"description": "不需要",
"name": "不需要"
}
],
"waf": [
{
"name": "可靠性"
},
{
"name": "安全"
},
{
"name": "成本"
},
{
"name": "操作"
},
{
"name": "性能"
}
],
"yesno": [
{
"name": "是的"
},
{
"name": "不"
}
]
}
Loading
Loading