skip: Merge pull request #16 from epam/feature/update_non-compatible_048_049_052_119_120_121_122_123_124_125_126_127_128_129_130_131_142

Feature/update non compatible 048 049 052 119 120 121 122 123 124 125 126 127 128 129 130 131 142

Author: anna-shcherbak

non-compatible-policies/ecc-azure-142-asb_vm_net_ports_restrict.yml

@@ -11,9 +11,22 @@ policies:
       Network Security Group with inbound rule that allows RDP traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '3389'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '3389'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '3389'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '3389'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'

non-compatible-policies/ecc-azure-048-cis_net_rdp.yml renamed to policies/ecc-azure-048-cis_net_rdp.yml

@@ -11,9 +11,22 @@ policies:
       Network Security Group with inbound rule that allows SSH traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '22'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '22'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '22'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '22'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'

non-compatible-policies/ecc-azure-049-cis_net_ssh.yml renamed to policies/ecc-azure-049-cis_net_ssh.yml

@@ -11,8 +11,20 @@ policies:
       Network Security Group with inbound rule that allows UDP traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ipProtocol: 'UDP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ipProtocol: 'UDP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ipProtocol: 'UDP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ipProtocol: 'UDP'
+          source: '0.0.0.0/0'
+

non-compatible-policies/ecc-azure-052-cis_net_udp.yml renamed to policies/ecc-azure-052-cis_net_udp.yml

@@ -11,9 +11,23 @@ policies:
       Network Security Group with inbound rule that allows all traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: all
-        access: 'Allow'
-        ports: '0-65535'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: all
+          access: 'Allow'
+          ports: '0-65535'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: all
+          access: 'Allow'
+          ports: '0-65535'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: all
+          access: 'Allow'
+          ports: '0-65535'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'
+

non-compatible-policies/ecc-azure-119-nsg_all.yml renamed to policies/ecc-azure-119-nsg_all.yml

@@ -11,9 +11,23 @@ policies:
       Network Security Group with inbound rule that allows DNS traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '53'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '53'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '53'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '53'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'
+

non-compatible-policies/ecc-azure-120-nsg_dns.yml renamed to policies/ecc-azure-120-nsg_dns.yml

@@ -11,9 +11,23 @@ policies:
       Network Security Group with inbound rule that allows FTP traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '21'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '21'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '21'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '21'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'
+

non-compatible-policies/ecc-azure-121-nsg_ftp.yml renamed to policies/ecc-azure-121-nsg_ftp.yml

@@ -11,9 +11,22 @@ policies:
       Network Security Group with inbound rule that allows HTTP traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '80'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '80'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '80'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '80'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'

non-compatible-policies/ecc-azure-122-cis_nsg_http.yml renamed to policies/ecc-azure-122-cis_nsg_http.yml

@@ -11,9 +11,22 @@ policies:
       Network Security Group with inbound rule that allows SMB traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '445'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '445'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '445'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '445'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'

non-compatible-policies/ecc-azure-123-nsg_microsoft_ds.yml renamed to policies/ecc-azure-123-nsg_microsoft_ds.yml

@@ -11,9 +11,22 @@ policies:
       Network Security Group with inbound rule that allows MySQL traffic from the Internet
     resource: azure.networksecuritygroup
     filters:
-      - type: ingress
-        match: any
-        access: 'Allow'
-        ports: '27017'
-        ipProtocol: 'TCP'
-        sourceAddress: ['*', 'Internet', '0.0.0.0/0']
+      - or:
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '27017'
+          ipProtocol: 'TCP'
+          source: '*'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '27017'
+          ipProtocol: 'TCP'
+          source: 'Internet'
+        - type: ingress
+          match: any
+          access: 'Allow'
+          ports: '27017'
+          ipProtocol: 'TCP'
+          source: '0.0.0.0/0'