Control: 6.2.4 Ensure no VPC security groups allow ingress from 0.0.0.0/0 to port 22
VPC security groups provide stateful filtering of ingress/egress network traffic to Virtual Servers. It is recommended that no security group allows unrestricted ingress access to port 22.
- Login to the IBM Cloud Portal.
- At the Menu icon, select VPC Infrastructure-->Security Groups.
- For each security group, perform the following: a. Select the security group name. b. Identify the Inbound rule to be removed. c. Using the Options icon, select Delete.
Run the control in your terminal:
steampipe check ibm_compliance.control.cis_v100_6_2_4
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share ibm_compliance.control.cis_v100_6_2_4
This control uses a named query:vpc_security_group_restrict_ingress_ssh_all