Feb 19 2020 03:58 AM - edited Feb 19 2020 04:01 AM
I wanted to add a few extra controls in the /opt/microsoft/omsagent/plugin/oms_audits.xml.
For eg. I wanted to add some controls from CIS Benchmark
Kindly help me out please.
Also i changed the time interval in security_baseline.conf to 5minutes from 24 hours. However it keeps on reverting to 24 hours. Kindly advise, how the time interval can be changed:
<source>
type exec
tag oms.security_baseline
command sleep 60 && /opt/microsoft/omsagent/plugin/omsbaseline -d /opt/microsoft/omsagent/plugin/
format json
run_interval 24h
</source>
@Ben Kliger @Meital Taran- Gutman
Mar 04 2020 01:16 PM
@kmanish Currently, we do not support either of the scenarios to customize security baseline or to increase baseline assessment frequency. The default behavior for changes will be as below:
1. Any change to oms_audits.xml will result in omsbaseline rejecting the file as corrupted. The file will get reset withing 15 minutes by omsconfig.
2. The file 'security_baseline.conf' mentioned is managed by the nxOMSPlugin DSC module and will reset the file to “desired state” within 15 minutes.
Long term, Azure intents to support customization security baselines via In-Guest policy. We do not have a definitive timeline for it.