Steampipe mods are now Powerpipe →

Plugins Docs Home

turbot/oci_compliance

blockstorage_block_volume_cmk_encryption_enabled blockstorage_boot_volume_cmk_encryption_enabled cloudguard_enabled core_default_security_list_allow_icmp_only core_instance_encryption_in_transit_enabled core_instance_legacy_metadata_service_endpoint_disabled core_network_security_group_restrict_ingress_rdp_all core_network_security_group_restrict_ingress_ssh_all core_security_list_restrict_ingress_rdp_all core_security_list_restrict_ingress_ssh_all core_subnet_flow_log_enabled events_rule_notification_cloud_guard_problems_detected events_rule_notification_iam_group_changes events_rule_notification_iam_policy_changes events_rule_notification_iam_user_changes events_rule_notification_identity_provider_changes events_rule_notification_idp_group_mapping_changes events_rule_notification_network_gateway_changes events_rule_notification_network_security_list_changes events_rule_notification_route_table_changes events_rule_notification_security_list_changes events_rule_notification_vcn_changes filestorage_filesystem_cmk_encryption_enabled identity_administrator_user_with_no_api_key identity_auth_token_age_90 identity_authentication_password_policy_strong_min_length_14 identity_default_tag identity_iam_administrators_no_update_tenancy_administrators_group_permission identity_only_administrators_group_with_manage_all_resources_permission_in_tenancy identity_tenancy_audit_log_retention_period_365_days identity_tenancy_with_one_active_compartment identity_user_api_key_age_90 identity_user_console_access_mfa_enabled identity_user_customer_secret_key_age_90 identity_user_db_credential_age_90 identity_user_valid_email kms_cmk_rotation_365 manual_control notification_topic_with_subscription objectstorage_bucket_cmk_encryption_enabled objectstorage_bucket_public_access_blocked objectstorage_bucket_versioning_enabled oracle_autonomous_database_not_publicly_accessible

Query: core_security_list_restrict_ingress_ssh_all

Usage

powerpipe query oci_compliance.query.core_security_list_restrict_ingress_ssh_all

Steampipe Tables

oci_core_security_list

oci_identity_compartment

Oracle Cloud Infrastructure plugin

SQL

with non_compliant_rules as (
  select
    id,
    count(*) as num_noncompliant_rules
  from
    oci_core_security_list,
    jsonb_array_elements(ingress_security_rules) as p
  where
    p ->> 'source' = '0.0.0.0/0'
    and (
      (
        p ->> 'protocol' = 'all'
        and (p -> 'tcpOptions' -> 'destinationPortRange' -> 'min') is null
      )
      or (
        p ->> 'protocol' = '6'
        and (p -> 'tcpOptions' -> 'destinationPortRange' ->> 'min') :: integer <= 22
        and (p -> 'tcpOptions' -> 'destinationPortRange' ->> 'max') :: integer >= 22
      )
    )
  group by
    id
)
select
  osl.id as resource,
  case
    when non_compliant_rules.id is null then 'ok'
    else 'alarm'
  end as status,
  case
    when non_compliant_rules.id is null then osl.display_name || ' ingress restricted for SSH from 0.0.0.0/0.'
    else osl.display_name || ' contains ' || non_compliant_rules.num_noncompliant_rules || ' ingress rule(s) allowing SSH from 0.0.0.0/0.'
  end as reason,
  osl.region as region,
  osl.tenant_name as tenant,
  coalesce(c.name, 'root') as compartment
from
  oci_core_security_list as osl
  left join non_compliant_rules on non_compliant_rules.id = osl.id
  left join oci_identity_compartment c on c.id = osl.compartment_id;

Controls

The query is being used by the following controls: