SSH Access Is Not Restricted
- Query id: dee21308-2a7a-49de-8ff7-c9b87e188575
- Query name: SSH Access Is Not Restricted
- Platform: GoogleDeploymentManager
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
Google Firewall should not allow SSH access (port 22) from the Internet (public CIDR block) to ensure the principle of least privileges
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
resources:
- name: firewall
type: compute.v1.firewall
properties:
name: my-firewall
sourceRanges:
- "0.0.0.0/0"
allowed:
- IPProtocol: icmp
ports:
- "80"
- "8080"
- "1000-2000"
- "22"
Positive test num. 2 - yaml file
resources:
- name: firewall
type: compute.v1.firewall
properties:
name: my-firewall
sourceRanges:
- "0.0.0.0/0"
allowed:
- IPProtocol: icmp
ports:
- "80"
- "8080"
- "1000-2000"
- "21-3390"
Positive test num. 3 - yaml file
resources:
- name: firewall
type: compute.v1.firewall
properties:
name: my-firewall
sourceRanges:
- "0.0.0.0/0"
allowed:
- IPProtocol: all