Project-wide SSH Keys Are Enabled In VM Instances
- Query id: 099b4411-d11e-4537-a0fc-146b19762a79
- Query name: Project-wide SSH Keys Are Enabled In VM Instances
- Platform: Ansible
- Severity: Medium
- Category: Secret Management
- URL: Github
Description¶
VM Instance should block project-wide SSH keys
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: ssh_keys_unblocked
google.cloud.gcp_compute_instance:
metadata:
block-project-ssh-keys: no
zone: us-central1-a
auth_kind: serviceaccount
- name: ssh_keys_missing
google.cloud.gcp_compute_instance:
metadata:
startup-script-url: gs:://graphite-playground/bootstrap.sh
cost-center: '12345'
zone: us-central1-a
auth_kind: serviceaccount
- name: no_metadata
google.cloud.gcp_compute_instance:
zone: us-central1-a
auth_kind: serviceaccount