OSLogin Is Disabled In VM Instance
- Query id: 66dae697-507b-4aef-be18-eec5bd707f33
- Query name: OSLogin Is Disabled In VM Instance
- Platform: Ansible
- Severity: Medium
- Category: Insecure Configurations
- CWE: 287
- URL: Github
Description¶
VM instance should have OSLogin enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: oslogin-disabled
google.cloud.gcp_compute_instance:
metadata:
enable-oslogin: no
zone: us-central1-a
auth_kind: serviceaccount
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: oslogin-enabled
google.cloud.gcp_compute_instance:
metadata:
enable-oslogin: yes
zone: us-central1-a
auth_kind: serviceaccount
- name: oslogin-missing
google.cloud.gcp_compute_instance:
metadata:
startup-script-url: gs:://graphite-playground/bootstrap.sh
cost-center: '12345'
zone: us-central1-a
auth_kind: serviceaccount