Mods

turbot/ibm_compliance

GitHub
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Remediation
Usage
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: 6.2.4 Ensure no VPC security groups allow ingress from 0.0.0.0/0 to port 22

Description

VPC security groups provide stateful filtering of ingress/egress network traffic to Virtual Servers. It is recommended that no security group allows unrestricted ingress access to port 22.

Remediation

From Console

  1. Login to the IBM Cloud Portal.
  2. At the Menu icon, select VPC Infrastructure-->Security Groups.
  3. For each security group, perform the following: a. Select the security group name. b. Identify the Inbound rule to be removed. c. Using the Options icon, select Delete.

Usage

Run the control in your terminal:

steampipe check ibm_compliance.control.cis_v100_6_2_4

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share ibm_compliance.control.cis_v100_6_2_4

SQL

This control uses a named query:

vpc_security_group_restrict_ingress_ssh_all

Tags

category = Compliance
cis = true
cis_item_id = 6.2.4
cis_level = 1
cis_section_id = 6.2
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/VPC