OSLogin Is Disabled In VM Instance

• Query id: 66dae697-507b-4aef-be18-eec5bd707f33
• Query name: OSLogin Is Disabled In VM Instance
• Platform: Ansible
• Severity: Medium
• Category: Insecure Configurations
• CWE: 287
• URL: Github

Description

VM instance should have OSLogin enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: oslogin-disabled
  google.cloud.gcp_compute_instance:
    metadata:
      enable-oslogin: no
    zone: us-central1-a
    auth_kind: serviceaccount

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: oslogin-enabled
  google.cloud.gcp_compute_instance:
    metadata:
      enable-oslogin: yes
    zone: us-central1-a
    auth_kind: serviceaccount
- name: oslogin-missing
  google.cloud.gcp_compute_instance:
    metadata:
      startup-script-url: gs:://graphite-playground/bootstrap.sh
      cost-center: '12345'
    zone: us-central1-a
    auth_kind: serviceaccount