SQL Server Predictable Admin Account Name

• Query id: 663062e9-473d-4e87-99bc-6f3684b3df40
• Query name: SQL Server Predictable Admin Account Name
• Platform: Ansible
• Severity: Medium
• Category: Best Practices
• URL: Github

Description

Azure SQL Server's Admin account login must avoid using names like 'Admin', that are too predictable, which means the attribute 'admin_username' must be set to a name that is not easy to predict
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

#this is a problematic code where the query should report a result(s)
- name: Create (or update) SQL Server1
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name1
    location: westus
    admin_username: ""
    admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Server2
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name2
    location: westus
    admin_username:
    admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Server3
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name3
    location: westus
    admin_username: admin
    admin_password: Testpasswordxyz12!

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

#this code is a correct code for which the query should not find any result
- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!