๐ก๏ธ Azure App Service Remote Debugging is not disabled๐ข
- Contextual name: ๐ก๏ธ Remote Debugging is not disabled๐ข
- ID:
/ce/ca/azure/app-service/disable-remote-debugging - Tags:
- ๐ข Policy with categories
- ๐ข Policy with type
- ๐ข Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Logicโ
- ๐ง prod.logic.yaml๐ข
Similar Policiesโ
- Cloud Conformity: Disable Remote Debugging
- Internal:
dec-x-bbfcf890
Similar Internal Rulesโ
| Rule | Policies | Flags |
|---|---|---|
| โ๏ธ dec-x-bbfcf890 | 1 |
Descriptionโ
Descriptionโ
Remote Debugging allows Azure App Service to be debugged in real-time directly on the Azure environment. When remote debugging is enabled, it opens a communication channel that could potentially be exploited by unauthorized users if not properly secured.
Rationaleโ
Disabling remote debugging on Azure App Service is primarily about enhancing security.
Remote debugging opens a communication channel that can be exploited by attackers. By disabling it, you reduce the number of potential entry points for unauthorized access.
If remote debugging is enabled without proper access controls, it can allow unauthorized users to connect to your application, potentially leading to data breaches or malicious code execution.
During a remote debugging session, sensitive information might be exposed. Disabling remote debugging helps ensure that such data remains secure. This minimizes the use of remote access tools to reduce risk.
Impactโ
You will not be able to connect to your application from a remote location to diagnose and fix issues in real-time. You will not be able to step through code, set breakpoints, or inspect variables and the call stack while the application is running on the server. Remote debugging is particularly useful for diagnosing issues that only occur in the production environment. Without it, you will need to rely on logs and other diagnostic tools.
... see more
Remediationโ
Remediationโ
From Azure Portalโ
- Login to Azure Portal using https://portal.azure.com.
- Go to
App Services.- Click on each App.
- Under
Settingsection, Click onConfiguration.- Under the
General settingstab, set theRemote debuggingoption toOff.From Azure CLIโ
To set remote debugging status to off, run the following command:
az webapp config set --resource-group <resource_group_name> --name <app_name> --remote-debugging-enabled falseFrom PowerShellโ
To set remote debugging status to off, run the following commandะ
Set-AzWebApp -ResourceGroupName <resource_group_name> -Name <app_name> -RemoteDebuggingEnabled $false
policy.yamlโ
Linked Framework Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS Azure v3.0.0 โ ๐ผ 9.12 Ensure that 'Remote debugging' is set to 'Off' (Automated) | 1 | no data | |||
| ๐ผ Cloudaware Framework โ ๐ผ Threat Protection | 29 | no data | |||
| ๐ผ NIST SP 800-53 Revision 4 โ ๐ผ SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES | 2 | 2 | no data | ||
| ๐ผ NIST SP 800-53 Revision 5 โ ๐ผ SI-7(12) Software, Firmware, and Information Integrity _ Integrity Verification | 19 | 21 | no data |