MEDIUM
Source
CloudSploit
ID
file-service-all-access-acl

File Service All Access ACL

Ensures file shares do not allow full write, delete, or read ACL permissions

File shares can be configured to allow to read, write, or delete permissions from a share. This option should not be configured unless there is a strong business requirement.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. Select the “Search resources, services, and docs” option at the top and search for Storage account. Step

  3. Select the “Storage account” by clicking on the “Name” link to access the configuration changes. Step

  4. Click on the “Overveiw” in the selected “Storage account” and scroll down the right side of the settings and click on the “Files” option.Step

  5. Select the “File Share” by clicking on the “Name” link to access the configuration changes. Step

  6. In the selected “File Share”, click on the “Access Policy” and check the “Permissions” assosciated with the “File”. If the “File Shares” allow full write, delete, or read ACL permissions then the selected “File share” is not as per the standard configurations.Step

  7. Repeat steps number 2 - 6 to verify other “File Shares” in the Azure account.

  8. Navigate to the “Storage accounts”, select the “Storage account” and click on the “Name”, select the “Overview” options and select the “File Share” by clicking on the “Name” as a link to access the configurations.Step

  9. On the “File Share” configuration click on the “Access Policy” option and select the “Edit” option to make the changes.Step

  10. Uncheck the global read/write/detele policies under the “Permissions” and click on the “OK” button to make the changes.Step

  11. Repeat steps number 8 - 10 to ensures File Shares do not allow full write, delete, or read ACL permissions.