From 3715ba91b241d2df8c89535406ad54a0ede6a68b Mon Sep 17 00:00:00 2001 From: akozlovets098 Date: Tue, 12 Dec 2023 15:46:04 +0200 Subject: [PATCH] Add references to rules (tailscale_rules) --- rules/tailscale_rules/tailscale_https_disabled.yml | 1 + .../tailscale_machine_approval_requirements_disabled.yml | 1 + rules/tailscale_rules/tailscale_magicdns_disabled.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/rules/tailscale_rules/tailscale_https_disabled.yml b/rules/tailscale_rules/tailscale_https_disabled.yml index 15dd0a239..8f786c969 100644 --- a/rules/tailscale_rules/tailscale_https_disabled.yml +++ b/rules/tailscale_rules/tailscale_https_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Tailscale HTTPS Disabled" Enabled: true Filename: tailscale_https_disabled.py Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture. +Reference: https://tailscale.com/kb/1153/enabling-https/#disable-https Severity: High Tests: - ExpectedResult: true diff --git a/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml b/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml index 268e95db4..fe7a3e8a5 100644 --- a/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml +++ b/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Tailscale Machine Approval Requirements Disabled" Enabled: true Filename: tailscale_machine_approval_requirements_disabled.py Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture. +Reference: https://tailscale.com/kb/1099/device-approval/ Severity: High Tests: - ExpectedResult: true diff --git a/rules/tailscale_rules/tailscale_magicdns_disabled.yml b/rules/tailscale_rules/tailscale_magicdns_disabled.yml index 513da6419..c84f88818 100644 --- a/rules/tailscale_rules/tailscale_magicdns_disabled.yml +++ b/rules/tailscale_rules/tailscale_magicdns_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Tailscale Magic DNS Disabled" Enabled: true Filename: tailscale_magicdns_disabled.py Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture. +Reference: https://tailscale.com/kb/1081/magicdns/ Severity: High Tests: - ExpectedResult: true