Serial Ports Are Enabled For VM Instances
- Query id: c6fc6f29-dc04-46b6-99ba-683c01aff350
- Query name: Serial Ports Are Enabled For VM Instances
- Platform: Ansible
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
Google Compute Engine VM instances should not enable serial ports. When enabled, anyone can access your VM, if they know the username, project ID, SSH key, instance name and zone
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
- name: serial_enabled
google.cloud.gcp_compute_instance:
metadata:
serial-port-enable: yes
zone: us-central1-a
auth_kind: serviceaccount
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: serial_disabled
google.cloud.gcp_compute_instance:
metadata:
serial-port-enabled: no
zone: us-central1-a
auth_kind: serviceaccount
- name: serial_undefined
google.cloud.gcp_compute_instance:
metadata:
startup-script-url: gs:://graphite-playground/bootstrap.sh
cost-center: '12345'
zone: us-central1-a
auth_kind: serviceaccount