cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerabilities reported in AKS VMSS nodes

%3CLINGO-SUB%20id%3D%22lingo-sub-1512261%22%20slang%3D%22en-US%22%3EVulnerabilities%20reported%20in%20AKS%20VMSS%20nodes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1512261%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EWithin%20ASC%20and%20%22Vulnerabilities%20in%20security%20configuration%20on%20your%20machines%20should%20be%20remediated%22%20my%20AKS%20nodes%20are%20being%20reported%20as%20requiring%20remediation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20were%20to%20remediate%20these%20they'll%20just%20come%20back%20if%20I%20scale%20out%2Fin%20or%20upgrade%3F%20Also%2C%20as%20these%20are%20AKS%20nodes%2C%20shouldn't%20they%20be%20excluded%20or%20be%20patched%20already%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CTABLE%20width%3D%22547px%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%22405px%22%20height%3D%2230px%22%3E%3CP%3EName%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2270px%22%20height%3D%2230px%22%3E%3CP%3EState%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2271px%22%20height%3D%2230px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22405px%22%20height%3D%2230px%22%3E%3CP%3EDisable%20SMB%20V1%20with%20Samba%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2270px%22%20height%3D%2230px%22%3E%3CP%3ECritical%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2271px%22%20height%3D%2230px%22%3E%3CP%3EOpen%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22405px%22%20height%3D%2230px%22%3E%3CP%3ERun%20AuditD%20service%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2270px%22%20height%3D%2230px%22%3E%3CP%3ECritical%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2271px%22%20height%3D%2230px%22%3E%3CP%3EOpen%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%22405px%22%20height%3D%2257px%22%3E%3CP%3EIP%20forwarding%20should%20be%20disabled.%20(net.ipv4.ip_forward%20%3D%200)%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2270px%22%20height%3D%2257px%22%3E%3CP%3ECritical%3C%2FP%3E%3C%2FTD%3E%3CTD%20width%3D%2271px%22%20height%3D%2257px%22%3E%3CP%3EOpen%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20else%20experienced%20this%3F%20Or%20remediated%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1512261%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAKS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EASC%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVMSS%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1518277%22%20slang%3D%22en-US%22%3ERe%3A%20Vulnerabilities%20reported%20in%20AKS%20VMSS%20nodes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1518277%22%20slang%3D%22en-US%22%3E%3CP%3EAccording%20to%20Azure%20support%20this%20is%20by%20design%20and%20they%20don't%20have%20plans%20to%20change%20it%2C%20many%20other%20users%20have%20this%20issue%20too%2C%20apparently...%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20put%20it%20on%20Azure%20feedback%20if%20anyone%20wants%20to%20vote%20it%20up%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F347535-azure-security-center%2Fsuggestions%2F40878643-vm-scale-sets-managed-by-aks-should-not-require-re%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ffeedback.azure.com%2Fforums%2F347535-azure-security-center%2Fsuggestions%2F40878643-vm-scale-sets-managed-by-aks-should-not-require-re%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
ceejoyce
Occasional Contributor

‎Jul 09 2020 09:23 AM

‎Jul 09 2020 09:23 AM

Vulnerabilities reported in AKS VMSS nodes

Hi all,

Within ASC and "Vulnerabilities in security configuration on your machines should be remediated" my AKS nodes are being reported as requiring remediation.

 

If I were to remediate these they'll just come back if I scale out/in or upgrade? Also, as these are AKS nodes, shouldn't they be excluded or be patched already?

 

Name

State

 

Disable SMB V1 with Samba

Critical

Open

Run AuditD service

Critical

Open

IP forwarding should be disabled. (net.ipv4.ip_forward = 0)

Critical

Open

 

Anyone else experienced this? Or remediated?

Labels:
416 Views
0 Likes
1 Reply
Reply
1 Reply
ceejoyce

‎Jul 13 2020 01:39 AM

‎Jul 13 2020 01:39 AM

Re: Vulnerabilities reported in AKS VMSS nodes

According to Azure support this is by design and they don't have plans to change it, many other users have this issue too, apparently... 

 

I've put it on Azure feedback if anyone wants to vote it up https://feedback.azure.com/forums/347535-azure-security-center/suggestions/40878643-vm-scale-sets-ma...

0 Likes
Reply