turbot/oci_insights

Query: vcn_security_list_ingress_ssh

Usage

powerpipe query oci_insights.query.vcn_security_list_ingress_ssh

Steampipe Tables

SQL

with non_compliant_rules as (
select
id,
count(*) as num_noncompliant_rules
from
oci_core_security_list,
jsonb_array_elements(ingress_security_rules) as r
where
r ->> 'direction' = 'INGRESS'
and r ->> 'sourceType' = 'CIDR_BLOCK'
and r ->> 'source' = '0.0.0.0/0'
and (
r ->> 'protocol' = 'all'
or (
(r -> 'tcpOptions' -> 'destinationPortRange' ->> 'min')::integer <= 22
and (r -> 'tcpOptions' -> 'destinationPortRange' ->> 'max')::integer >= 22
)
)
and lifecycle_state <> 'TERMINATED'
group by id
)
select
case when non_compliant_rules.id is null then 'Restricted' else 'Unrestricted' end as value,
'Ingress SSH' as label,
case when non_compliant_rules.id is null then 'ok' else 'alert' end as type
from
oci_core_security_list as sl
left join non_compliant_rules on non_compliant_rules.id = sl.id
where
sl.id = $1
and sl.lifecycle_state <> 'TERMINATED';

Dashboards

The query is used in the dashboards: