Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading policies...

Policy: Azure > CIS v3.0 > 09 - Application Services > 09.12 - Ensure that 'Remote debugging' is set to 'Off'

Configures auditing against a CIS Benchmark item.

Level: 1

Remote Debugging allows Azure App Service to be debugged in real-time directly on the Azure environment. When remote debugging is enabled, it opens a communication channel that could potentially be exploited by unauthorized users if not properly secured.

Disabling remote debugging on Azure App Service is primarily about enhancing security. Remote debugging opens a communication channel that can be exploited by attackers. By disabling it, you reduce the number of potential entry points for unauthorized access. If remote debugging is enabled without proper access controls, it can allow unauthorized users to connect to your application, potentially leading to data breaches or malicious code execution. During a remote debugging session, sensitive information might be exposed. Disabling remote debugging helps ensure that such data remains secure. This minimizes the use of remote access tools to reduce risk.

Targets

This policy targets the following resource types:

  • Azure > App Service > Web App

Primary Policy

This policy is used with the following primary policy:

  • Azure > CIS v3.0 > 09 - Application Services

Controls

Setting this policy configures this control:

  • Azure > CIS v3.0 > 09 - Application Services > 09.12 - Ensure that 'Remote debugging' is set to 'Off'

Policy Specification

Schema Type
string
Default
Per Azure > CIS v3.0 > 09 - Application Services
Valid Values [YAML]
  • Per Azure > CIS v3.0 > 09 - Application Services

  • Skip

  • Check: Benchmark

Category

  • CIS > Controls v7 > 09 Limitation and Control of Network Ports, Protocols, and Services > 9.02 Ensure Only Approved Ports, Protocols and Services Are Running

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/cis#/control/categories/v070902
    • Policy Type URI
    • tmod:@turbot/azure-cisv3-0#/policy/types/r0912
    • GraphQL
    • query policyType(id: "tmod:@turbot/azure-cisv3-0#/policy/types/r0912") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r0912'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r0912'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/r0912"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/r0912"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM