OSLogin Is Disabled In VM Instance

  • Query id: 66dae697-507b-4aef-be18-eec5bd707f33
  • Query name: OSLogin Is Disabled In VM Instance
  • Platform: Ansible
  • Severity: Medium
  • Category: Insecure Configurations
  • URL: Github

Description

VM instance should have OSLogin enabled
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: oslogin-disabled
  google.cloud.gcp_compute_instance:
    metadata:
      enable-oslogin: no
    zone: us-central1-a
    auth_kind: serviceaccount

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: oslogin-enabled
  google.cloud.gcp_compute_instance:
    metadata:
      enable-oslogin: yes
    zone: us-central1-a
    auth_kind: serviceaccount
- name: oslogin-missing
  google.cloud.gcp_compute_instance:
    metadata:
      startup-script-url: gs:://graphite-playground/bootstrap.sh
      cost-center: '12345'
    zone: us-central1-a
    auth_kind: serviceaccount